| |
| |||||||
Log-Analyse und Auswertung: Verändert Default-Search.net Facebook?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.04.2014, 22:49
| #1 |
 |  Verändert Default-Search.net Facebook? Hallo liebe Experten, seit gestern wurde nicht mehr meine Google-Startseite angezeigt, sondern Default-Search.net. Ich habe daher die Enfernung aus Mozilla Firefox wie in diesem Link von Euch beschrieben durchgeführt: http://www.trojaner-board.de/146735-...entfernen.html Mehr habe ich von dieser Anleitung noch nicht getan, da es ansonsten keine Probleme gab. Vorhin habe ich auf Facebook jedoch eine Benachrichtigung über einen Kommentar-Like bekommen, den ich gar nicht verfasst habe, das kam mir etwas seltsam vor. Kann der Default-Virus auch dafür verantwortlich sein? Die normalen Regeln vom Öffnen eines neuen Themas habe ich soeben bis 3.3 durchgeführt, da ich es irgendwie nicht schaffe, Antivir zu deaktivieren oder mein Netbook vom Internet zu trennen...sorry dafür! Hier sind die Log-Files FRST und Addition: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Sonja (administrator) on SONJAMOBIL on 08-04-2014 23:28:48
Running from C:\Users\Sonja\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\AsusService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
(ASUSTek) C:\Program Files\ASUS\LivCam\LivCam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
() C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Dropbox, Inc.) C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
() C:\Users\Sonja\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-27] (ASUSTeK Computer Inc.)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2009-11-17] ()
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [803304 2009-08-28] ()
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2010-01-07] (ASUS)
HKLM\...\Run: [EeeSplendidAgent] - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960 2009-12-30] ()
HKLM\...\Run: [LivCam] - C:\Program Files\ASUS\LivCam\LivCam.exe [284160 2009-11-20] (ASUSTek)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [Boingo Wi-Fi] - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-06-29] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe [740736 2012-08-03] (ASUS Cloud Corporation)
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [] - [X]
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {71a88601-916e-11df-b548-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {71a88635-916e-11df-b548-485b3952c3ae} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {75088a55-8ea8-11df-bc01-485b3952c3ae} - "E:\WD SmartWare.exe" autoplay=true
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=11471&tm=311&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Youtube MP3 Podcaster - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-03-20]
FF Extension: Garmin Communicator - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: anonymoX - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\client@anonymox.net.xpi [2013-10-04]
FF Extension: YouTube HD - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2013-10-04]
FF Extension: YesScript - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\yesscript@userstyles.org.xpi [2013-06-19]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-29]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-08-17] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
==================== Drivers (Whitelisted) ====================
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-14] (Avira GmbH)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-08 23:28 - 2014-04-08 23:29 - 00016525 _____ () C:\Users\Sonja\Desktop\FRST.txt
2014-04-08 23:28 - 2014-04-08 23:28 - 00000000 ____D () C:\FRST
2014-04-08 23:27 - 2014-04-08 23:27 - 01145856 _____ (Farbar) C:\Users\Sonja\Desktop\FRST.exe
2014-04-08 23:24 - 2014-04-08 23:25 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-04-08 23:24 - 2014-04-08 23:24 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-04-08 23:22 - 2014-04-08 23:22 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-04-08 23:16 - 2014-04-08 23:17 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 12:38 - 2014-04-08 12:38 - 00003158 _____ () C:\Users\Sonja\Desktop\Stories.lnk
2014-04-08 12:35 - 2014-04-08 12:35 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-04-08 12:35 - 2014-04-08 12:35 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-04-08 12:35 - 2014-04-08 12:35 - 00000000 ____D () C:\ProgramData\BitGuard
2014-04-08 09:44 - 2014-04-08 09:44 - 02278856 _____ () C:\Users\Sonja\Downloads\avira_pc_cleaner_de.exe
2014-04-06 12:25 - 2014-04-06 12:26 - 00000000 ____D () C:\Users\Sonja\Documents\Handy
2014-04-05 22:17 - 2014-04-05 22:17 - 00000000 ____D () C:\Users\Sonja\Documents\Asus WebStorage
2014-04-05 22:16 - 2014-04-05 22:16 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-04-01 18:07 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-04-01 18:07 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-04-01 18:07 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-01 18:07 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-04-01 18:07 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-03-30 20:11 - 2014-03-30 21:21 - 00014336 _____ () C:\Users\Sonja\Desktop\Barfplan.xls
2014-03-29 21:26 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-29 17:21 - 2014-03-29 17:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:46 - 2014-03-29 16:47 - 00000000 ____D () C:\Users\Sonja\Documents\Versicherung
2014-03-29 00:42 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-03-29 00:42 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-29 00:42 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-29 00:42 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-03-29 00:42 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-03-29 00:42 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-03-29 00:42 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-29 00:42 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-03-29 00:42 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-03-29 00:42 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-03-29 00:42 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-03-29 00:40 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-03-28 23:07 - 2014-04-05 22:08 - 00000000 ____D () C:\Program Files\Windows Phone
2014-03-28 23:04 - 2014-03-28 23:04 - 00000000 ____D () C:\ProgramData\Applications
2014-03-28 23:01 - 2014-03-28 23:01 - 06790816 _____ (Microsoft Corporation) C:\Users\Sonja\Downloads\WindowsPhone.exe
2014-03-20 19:32 - 2014-03-20 19:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-17 19:50 - 2014-03-17 19:50 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-03-17 19:50 - 2012-10-17 15:53 - 00019072 _____ (Nokia) C:\windows\system32\Drivers\pccsmcfd.sys
2014-03-12 11:46 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-12 11:46 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-12 11:46 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 11:46 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 11:46 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 11:46 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 11:46 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-12 11:46 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-12 11:46 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-12 11:46 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-12 11:46 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 11:46 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 11:46 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 11:46 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 11:45 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 11:45 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 11:45 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 11:45 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 11:45 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 11:45 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 11:45 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-12 11:45 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 11:45 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 11:45 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 11:45 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 11:45 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 11:45 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
==================== One Month Modified Files and Folders =======
2014-04-08 23:29 - 2014-04-08 23:28 - 00016525 _____ () C:\Users\Sonja\Desktop\FRST.txt
2014-04-08 23:28 - 2014-04-08 23:28 - 00000000 ____D () C:\FRST
2014-04-08 23:27 - 2014-04-08 23:27 - 01145856 _____ (Farbar) C:\Users\Sonja\Desktop\FRST.exe
2014-04-08 23:25 - 2014-04-08 23:24 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-04-08 23:24 - 2014-04-08 23:24 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-04-08 23:24 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja
2014-04-08 23:22 - 2014-04-08 23:22 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-04-08 23:19 - 2013-07-27 11:33 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 23:17 - 2014-04-08 23:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 23:08 - 2010-06-30 09:30 - 01630948 _____ () C:\windows\WindowsUpdate.log
2014-04-08 23:03 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 23:03 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 22:59 - 2009-07-25 09:50 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-08 22:56 - 2012-04-24 22:10 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Dropbox
2014-04-08 22:55 - 2012-04-24 22:16 - 00000000 ___RD () C:\Users\Sonja\Dropbox
2014-04-08 22:52 - 2010-01-07 00:21 - 00348102 _____ () C:\windows\PFRO.log
2014-04-08 22:52 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-08 22:52 - 2009-07-14 06:39 - 00091092 _____ () C:\windows\setupact.log
2014-04-08 22:33 - 2014-01-02 20:44 - 00000000 ____D () C:\Program Files\Telltale Games
2014-04-08 12:38 - 2014-04-08 12:38 - 00003158 _____ () C:\Users\Sonja\Desktop\Stories.lnk
2014-04-08 12:35 - 2014-04-08 12:35 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-04-08 12:35 - 2014-04-08 12:35 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-04-08 12:35 - 2014-04-08 12:35 - 00000000 ____D () C:\ProgramData\BitGuard
2014-04-08 12:35 - 2014-01-02 20:45 - 00000000 ____D () C:\windows\system32\directx
2014-04-08 11:39 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-08 09:44 - 2014-04-08 09:44 - 02278856 _____ () C:\Users\Sonja\Downloads\avira_pc_cleaner_de.exe
2014-04-06 19:19 - 2013-07-27 11:33 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-04-06 19:19 - 2013-06-19 11:18 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-06 12:26 - 2014-04-06 12:25 - 00000000 ____D () C:\Users\Sonja\Documents\Handy
2014-04-05 22:17 - 2014-04-05 22:17 - 00000000 ____D () C:\Users\Sonja\Documents\Asus WebStorage
2014-04-05 22:16 - 2014-04-05 22:16 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-04-05 22:13 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\ASUS WebStorage
2014-04-05 22:08 - 2014-03-28 23:07 - 00000000 ____D () C:\Program Files\Windows Phone
2014-04-05 20:22 - 2014-01-26 14:36 - 00000000 ____D () C:\Users\Sonja\Desktop\Coral
2014-04-03 16:31 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-04-01 21:24 - 2012-04-30 21:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-01 21:23 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-03-30 21:21 - 2014-03-30 20:11 - 00014336 _____ () C:\Users\Sonja\Desktop\Barfplan.xls
2014-03-29 17:21 - 2014-03-29 17:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:47 - 2014-03-29 16:46 - 00000000 ____D () C:\Users\Sonja\Documents\Versicherung
2014-03-29 00:54 - 2009-07-26 03:27 - 00000000 ____D () C:\windows\system32\Drivers\de-DE
2014-03-28 23:04 - 2014-03-28 23:04 - 00000000 ____D () C:\ProgramData\Applications
2014-03-28 23:01 - 2014-03-28 23:01 - 06790816 _____ (Microsoft Corporation) C:\Users\Sonja\Downloads\WindowsPhone.exe
2014-03-22 11:19 - 2011-08-11 18:07 - 00017408 _____ () C:\Users\Sonja\Desktop\Monatliche Fixausgaben.xls
2014-03-21 17:30 - 2012-01-24 22:41 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Nokia
2014-03-20 19:34 - 2014-03-20 19:32 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-19 14:12 - 2010-06-29 17:25 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Thunderbird
2014-03-19 11:18 - 2013-08-05 16:14 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 23:31 - 2010-06-29 22:22 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Skype
2014-03-18 23:19 - 2010-06-29 18:13 - 87350280 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 19:55 - 2011-03-30 12:56 - 00000000 ____D () C:\ProgramData\Nokia
2014-03-17 19:50 - 2014-03-17 19:50 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-03-17 19:50 - 2010-01-06 23:42 - 00095710 _____ () C:\windows\DPINST.LOG
2014-03-17 19:49 - 2010-12-12 10:37 - 00000000 ____D () C:\Program Files\Nokia
2014-03-16 21:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-03-14 19:00 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Adobe
2014-03-13 21:03 - 2009-07-14 06:33 - 00377248 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-13 21:01 - 2010-07-21 13:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-11 22:03 - 2012-03-23 13:01 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\0edstlro.va1.exe
C:\Users\Sonja\AppData\Local\Temp\avgnt.exe
C:\Users\Sonja\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Sonja\AppData\Local\Temp\Delta.exe
C:\Users\Sonja\AppData\Local\Temp\DeltaTB.exe
C:\Users\Sonja\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Sonja\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Sonja\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Sonja\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Sonja\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Sonja\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-05 20:40
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Sonja at 2014-04-08 23:33:20
Running from C:\Users\Sonja\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 1.1.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ASUS VIBE (HKLM\...\ASUS VIBE) (Version: 1.0.173 - Ecareme, Inc.)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 3.0.143.296 - ASUS Cloud Corporation)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.03.06 - ASUSTeK Computer Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Boingo Wi-Fi (HKLM\...\{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3608 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3608 - CyberLink Corp.) Hidden
doPDF 7.1 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Eee Docking 3.6.0 (HKLM\...\Eee Docking_is1) (Version: 3.6.0 - ASUSTek Computer Inc.)
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0008 - ASUS)
EeeSplendid (Version: 5.1.2.0008 - ASUS) Hidden
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Garmin Communicator Plugin (HKLM\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.15 - AsusTek Computer)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.390 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LivCam (HKLM\...\{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}) (Version: 1.0.9.1 - ASUS)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.19 - Asus)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.302.06.03.545 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.1 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5948 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.10 - AsusTek Computer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD SmartWare (HKLM\...\{DD7A785B-45C9-4DDB-A726-0889F7A9C006}) (Version: 1.1.0.2 - Western Digital)
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version: - )
==================== Restore Points =========================
25-03-2014 16:45:20 Windows Update
28-03-2014 21:05:34 Installed Windows Phone app for desktop
28-03-2014 22:40:58 Windows Update
29-03-2014 20:42:52 Windows Update
01-04-2014 16:05:44 Windows Update
04-04-2014 16:46:01 Windows Update
05-04-2014 20:06:44 Installed Windows Phone app for desktop
08-04-2014 08:15:52 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {44FCB3D5-BB80-447C-8BAC-E75EF616DA3E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {617CE225-6D8D-4A13-AF40-640C33F4AC81} - System32\Tasks\{8AA74DD1-779F-42D7-8D60-71E93F876F2C} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-18] (Skype Technologies S.A.)
Task: {BCBD4218-25C7-4D3E-97E7-1BC5581A7239} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06] (Adobe Systems Incorporated)
Task: {D905D69B-9F58-4BE7-8F3E-506D826C0425} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2402262172-657694341-2311227042-1000
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-02-14 21:45 - 2013-02-14 21:35 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-01-06 23:47 - 2009-08-19 03:35 - 00219136 _____ () C:\Windows\System32\AsusService.exe
2011-05-21 23:19 - 2003-05-19 21:16 - 00120320 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-07 00:30 - 2009-12-30 01:28 - 00104960 _____ () C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
2009-09-16 00:30 - 2009-09-16 00:30 - 00376832 _____ () C:\Program Files\ASUS\LivCam\SMIUtility.dll
2009-08-28 01:38 - 2009-08-28 01:38 - 00803304 _____ () C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
2009-08-28 01:45 - 2009-08-28 01:45 - 00120808 _____ () C:\Program Files\Asus\LiveUpdate\ClientSocket.dll
2009-08-28 02:29 - 2009-08-28 02:29 - 00182240 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2009-08-28 02:22 - 2009-08-28 02:22 - 00161768 _____ () C:\Program Files\Asus\LiveUpdate\Enumeration.dll
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-10-02 21:29 - 2013-10-02 21:29 - 08507232 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02354016 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 01014624 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00364384 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02480992 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 01346912 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00206176 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 02653024 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00033120 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00035680 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00207200 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 11166560 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 21:30 - 2013-10-02 21:30 - 00276832 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2013-04-15 14:26 - 2013-04-15 14:26 - 00391600 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 14:26 - 2013-04-15 14:26 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2013-10-02 21:28 - 2013-10-02 21:28 - 00438624 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00446304 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00520544 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 21:29 - 2013-10-02 21:29 - 00720736 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 21:28 - 2013-10-02 21:28 - 00606560 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 21:30 - 2013-10-02 21:30 - 00093024 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Sonja\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-29 17:21 - 2014-03-29 17:21 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-20 19:32 - 2014-03-20 19:33 - 03018864 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-03-20 19:32 - 2014-03-20 19:33 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-20 19:32 - 2014-03-20 19:33 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-08 23:22 - 2014-04-08 23:22 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\Users\Sonja\Desktop\IMG_6574.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Sonja\Desktop\IMG_6659.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Sonja\Desktop\IMG_6708.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Sonja\Desktop\IMG_7548.JPG:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/08/2014 10:52:49 PM) (Source: WDSmartWareBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/08/2014 09:56:44 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10b4
Startzeit: 01cf52fc5fac9780
Endzeit: 5298
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: 0fa585a9-bef3-11e3-b92b-485b3952c3ae
Error: (04/07/2014 09:11:39 PM) (Source: WDSmartWareBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/07/2014 08:15:00 PM) (Source: WDSmartWareBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/06/2014 10:57:30 AM) (Source: WDSmartWareBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/05/2014 10:05:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NokiaSuite.exe, Version: 3.8.48.0, Zeitstempel: 0x524c5779
Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.7.4.0, Zeitstempel: 0x4f0bf2cc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005cd3c
ID des fehlerhaften Prozesses: 0xe64
Startzeit der fehlerhaften Anwendung: 0xNokiaSuite.exe0
Pfad der fehlerhaften Anwendung: NokiaSuite.exe1
Pfad des fehlerhaften Moduls: NokiaSuite.exe2
Berichtskennung: NokiaSuite.exe3
Error: (04/01/2014 09:24:39 PM) (Source: WDSmartWareBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/01/2014 06:00:20 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00184729
ID des fehlerhaften Prozesses: 0x10cc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (04/01/2014 04:39:47 PM) (Source: Application Hang) (User: )
Description: Programm EXCEL.EXE, Version 11.0.8404.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 121c
Startzeit: 01cf4db7b279d269
Endzeit: 3516
Anwendungspfad: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
Berichts-ID: 42bf47ff-b9ab-11e3-b9ae-485b3952c3ae
Error: (03/31/2014 04:14:57 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 790
Startzeit: 01cf4cdefe622299
Endzeit: 15966
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: abe84760-b8de-11e3-b9ae-485b3952c3ae
System errors:
=============
Error: (04/08/2014 10:56:38 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (04/08/2014 10:54:03 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (04/08/2014 11:54:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Systemk Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/08/2014 09:29:24 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
Error: (04/07/2014 09:16:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (04/07/2014 09:13:48 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (04/07/2014 08:19:45 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (04/07/2014 08:17:06 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (04/07/2014 08:03:32 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (04/07/2014 03:48:12 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Microsoft Office Sessions:
=========================
Error: (04/08/2014 10:52:49 PM) (Source: WDSmartWareBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/08/2014 09:56:44 AM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.518610b401cf52fc5fac97805298C:\Program Files\Mozilla Firefox\firefox.exe0fa585a9-bef3-11e3-b92b-485b3952c3ae
Error: (04/07/2014 09:11:39 PM) (Source: WDSmartWareBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/07/2014 08:15:00 PM) (Source: WDSmartWareBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/06/2014 10:57:30 AM) (Source: WDSmartWareBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/05/2014 10:05:43 PM) (Source: Application Error)(User: )
Description: NokiaSuite.exe3.8.48.0524c5779QtCore4.dll4.7.4.04f0bf2ccc00000050005cd3ce6401cf4de05167695aC:\Program Files\Nokia\Nokia Suite\NokiaSuite.exeC:\Program Files\Nokia\Nokia Suite\QtCore4.dllaa470416-bcfd-11e3-b809-485b3952c3ae
Error: (04/01/2014 09:24:39 PM) (Source: WDSmartWareBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (04/01/2014 06:00:20 PM) (Source: Application Error)(User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472910cc01cf4db79020e649C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dllb9749f76-b9b6-11e3-b9ae-485b3952c3ae
Error: (04/01/2014 04:39:47 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE11.0.8404.0121c01cf4db7b279d2693516C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE42bf47ff-b9ab-11e3-b9ae-485b3952c3ae
Error: (03/31/2014 04:14:57 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.518679001cf4cdefe62229915966C:\Program Files\Mozilla Firefox\firefox.exeabe84760-b8de-11e3-b9ae-485b3952c3ae
==================== Memory info ===========================
Percentage of memory in use: 71%
Total physical RAM: 1014.18 MB
Available physical RAM: 288.47 MB
Total Pagefile: 2086.18 MB
Available Pagefile: 548.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:47.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:109.09 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E6086D7A)
Partition: GPT Partition Type.
==================== End Of Log ============================
Lg Sonja |
|
09.04.2014, 05:57
| #2 |
| /// the machine /// TB-Ausbilder    | Verändert Default-Search.net Facebook? hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
09.04.2014, 17:29
| #3 |
| | Verändert Default-Search.net Facebook? Hi,
__________________vielen Dank schonmal, habe aber gleich beim ersten Schritt ein ziemlich banales Problem. Ich kann das Suchlaufprotokoll nicht exportieren - ich komme auf dem Mini-Netbook einfach nicht unten an die Schaltfläche ran -.- Kann das Fenster auch nicht kleiner schieben. Gibts da nen Trick? Lg Sonja Hier sind die anderen Files: ADW: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 09/04/2014 um 17:57:54
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzername : Sonja - SONJAMOBIL
# Gestartet von : C:\Users\Sonja\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\dvdvideosoftiehelpers
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\prefs.js ]
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "{30f77069-470c-4a8e-a784-0b08fd773692}");
*************************
AdwCleaner[R0].txt - [4656 octets] - [09/04/2014 17:54:51]
AdwCleaner[S0].txt - [4496 octets] - [09/04/2014 17:57:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4556 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by Sonja on 09.04.2014 at 18:12:17,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Sonja\AppData\Roaming\mozilla\firefox\profiles\rc0cfbue.default\minidumps [423 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.04.2014 at 18:19:36,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Sonja (administrator) on SONJAMOBIL on 09-04-2014 18:23:46
Running from C:\Users\Sonja\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\AsusService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
(ASUSTek) C:\Program Files\ASUS\LivCam\LivCam.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
() C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-27] (ASUSTeK Computer Inc.)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2009-11-17] ()
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [803304 2009-08-28] ()
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2010-01-07] (ASUS)
HKLM\...\Run: [EeeSplendidAgent] - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960 2009-12-30] ()
HKLM\...\Run: [LivCam] - C:\Program Files\ASUS\LivCam\LivCam.exe [284160 2009-11-20] (ASUSTek)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [Boingo Wi-Fi] - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-06-29] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe [740736 2012-08-03] (ASUS Cloud Corporation)
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [] - [X]
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {71a88601-916e-11df-b548-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {71a88635-916e-11df-b548-485b3952c3ae} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {75088a55-8ea8-11df-bc01-485b3952c3ae} - "E:\WD SmartWare.exe" autoplay=true
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=11471&tm=311&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Youtube MP3 Podcaster - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-03-20]
FF Extension: Garmin Communicator - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: anonymoX - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\client@anonymox.net.xpi [2013-10-04]
FF Extension: YouTube HD - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2013-10-04]
FF Extension: YesScript - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\yesscript@userstyles.org.xpi [2013-06-19]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-29]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
S4 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-08-17] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
==================== Drivers (Whitelisted) ====================
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-14] (Avira GmbH)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-09 18:23 - 2014-04-09 18:23 - 00015412 _____ () C:\Users\Sonja\Desktop\FRST.txt
2014-04-09 18:19 - 2014-04-09 18:19 - 00000753 _____ () C:\Users\Sonja\Desktop\JRT.txt
2014-04-09 18:12 - 2014-04-09 18:12 - 00000000 ____D () C:\windows\ERUNT
2014-04-09 18:11 - 2014-04-09 18:11 - 01016261 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2014-04-09 17:54 - 2014-04-09 17:57 - 00000000 ____D () C:\AdwCleaner
2014-04-09 17:53 - 2014-04-09 17:53 - 01426178 _____ () C:\Users\Sonja\Desktop\adwcleaner.exe
2014-04-09 10:29 - 2014-04-09 18:07 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 10:28 - 2014-04-09 10:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-09 10:28 - 2014-04-09 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 10:28 - 2014-04-09 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-04-09 10:28 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-09 10:28 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-09 10:28 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-09 10:24 - 2014-04-09 10:29 - 00000000 ____D () C:\Users\Sonja\Desktop\erledigt
2014-04-08 23:28 - 2014-04-09 18:23 - 00000000 ____D () C:\FRST
2014-04-08 23:27 - 2014-04-08 23:27 - 01145856 _____ (Farbar) C:\Users\Sonja\Desktop\FRST.exe
2014-04-08 23:24 - 2014-04-08 23:25 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-04-08 23:24 - 2014-04-08 23:24 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-04-08 23:22 - 2014-04-08 23:22 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-04-08 23:16 - 2014-04-08 23:17 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 12:38 - 2014-04-08 12:38 - 00003158 _____ () C:\Users\Sonja\Desktop\Stories.lnk
2014-04-08 09:44 - 2014-04-08 09:44 - 02278856 _____ () C:\Users\Sonja\Downloads\avira_pc_cleaner_de.exe
2014-04-06 12:25 - 2014-04-06 12:26 - 00000000 ____D () C:\Users\Sonja\Documents\Handy
2014-04-05 22:17 - 2014-04-05 22:17 - 00000000 ____D () C:\Users\Sonja\Documents\Asus WebStorage
2014-04-05 22:16 - 2014-04-05 22:16 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-04-01 18:07 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-04-01 18:07 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-04-01 18:07 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-01 18:07 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-04-01 18:07 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-03-30 20:11 - 2014-03-30 21:21 - 00014336 _____ () C:\Users\Sonja\Desktop\Barfplan.xls
2014-03-29 21:26 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-29 17:21 - 2014-03-29 17:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:46 - 2014-03-29 16:47 - 00000000 ____D () C:\Users\Sonja\Documents\Versicherung
2014-03-29 00:42 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-03-29 00:42 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-29 00:42 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-29 00:42 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-03-29 00:42 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-03-29 00:42 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-03-29 00:42 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-29 00:42 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-03-29 00:42 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-03-29 00:42 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-03-29 00:42 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-03-29 00:40 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-03-28 23:07 - 2014-04-05 22:08 - 00000000 ____D () C:\Program Files\Windows Phone
2014-03-28 23:04 - 2014-03-28 23:04 - 00000000 ____D () C:\ProgramData\Applications
2014-03-28 23:01 - 2014-03-28 23:01 - 06790816 _____ (Microsoft Corporation) C:\Users\Sonja\Downloads\WindowsPhone.exe
2014-03-20 19:32 - 2014-03-20 19:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-17 19:50 - 2014-03-17 19:50 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-03-17 19:50 - 2012-10-17 15:53 - 00019072 _____ (Nokia) C:\windows\system32\Drivers\pccsmcfd.sys
2014-03-12 11:46 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-12 11:46 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-12 11:46 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 11:46 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 11:46 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 11:46 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 11:46 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-12 11:46 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-12 11:46 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-12 11:46 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-12 11:46 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 11:46 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 11:46 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 11:46 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 11:45 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 11:45 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 11:45 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 11:45 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 11:45 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 11:45 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 11:45 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-12 11:45 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 11:45 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 11:45 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 11:45 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 11:45 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 11:45 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
==================== One Month Modified Files and Folders =======
2014-04-09 18:24 - 2014-04-09 18:23 - 00015412 _____ () C:\Users\Sonja\Desktop\FRST.txt
2014-04-09 18:23 - 2014-04-08 23:28 - 00000000 ____D () C:\FRST
2014-04-09 18:19 - 2014-04-09 18:19 - 00000753 _____ () C:\Users\Sonja\Desktop\JRT.txt
2014-04-09 18:19 - 2013-07-27 11:33 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 18:12 - 2014-04-09 18:12 - 00000000 ____D () C:\windows\ERUNT
2014-04-09 18:12 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 18:12 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 18:11 - 2014-04-09 18:11 - 01016261 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2014-04-09 18:07 - 2014-04-09 10:29 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 18:02 - 2012-04-24 22:10 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Dropbox
2014-04-09 18:00 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-09 18:00 - 2009-07-14 06:39 - 00091260 _____ () C:\windows\setupact.log
2014-04-09 17:59 - 2010-06-30 09:30 - 01763215 _____ () C:\windows\WindowsUpdate.log
2014-04-09 17:57 - 2014-04-09 17:54 - 00000000 ____D () C:\AdwCleaner
2014-04-09 17:53 - 2014-04-09 17:53 - 01426178 _____ () C:\Users\Sonja\Desktop\adwcleaner.exe
2014-04-09 15:20 - 2012-04-24 22:16 - 00000000 ___RD () C:\Users\Sonja\Dropbox
2014-04-09 12:46 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-04-09 11:43 - 2010-01-07 00:21 - 00348842 _____ () C:\windows\PFRO.log
2014-04-09 11:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Speech
2014-04-09 10:29 - 2014-04-09 10:24 - 00000000 ____D () C:\Users\Sonja\Desktop\erledigt
2014-04-09 10:28 - 2014-04-09 10:28 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-09 10:28 - 2014-04-09 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 10:28 - 2014-04-09 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-04-08 23:27 - 2014-04-08 23:27 - 01145856 _____ (Farbar) C:\Users\Sonja\Desktop\FRST.exe
2014-04-08 23:25 - 2014-04-08 23:24 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-04-08 23:24 - 2014-04-08 23:24 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-04-08 23:24 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja
2014-04-08 23:22 - 2014-04-08 23:22 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-04-08 23:17 - 2014-04-08 23:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 22:59 - 2009-07-25 09:50 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-08 22:33 - 2014-01-02 20:44 - 00000000 ____D () C:\Program Files\Telltale Games
2014-04-08 12:38 - 2014-04-08 12:38 - 00003158 _____ () C:\Users\Sonja\Desktop\Stories.lnk
2014-04-08 12:35 - 2014-01-02 20:45 - 00000000 ____D () C:\windows\system32\directx
2014-04-08 11:39 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-08 09:44 - 2014-04-08 09:44 - 02278856 _____ () C:\Users\Sonja\Downloads\avira_pc_cleaner_de.exe
2014-04-06 19:19 - 2013-07-27 11:33 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-04-06 19:19 - 2013-06-19 11:18 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-06 12:26 - 2014-04-06 12:25 - 00000000 ____D () C:\Users\Sonja\Documents\Handy
2014-04-05 22:17 - 2014-04-05 22:17 - 00000000 ____D () C:\Users\Sonja\Documents\Asus WebStorage
2014-04-05 22:16 - 2014-04-05 22:16 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-04-05 22:13 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\ASUS WebStorage
2014-04-05 22:08 - 2014-03-28 23:07 - 00000000 ____D () C:\Program Files\Windows Phone
2014-04-05 20:22 - 2014-01-26 14:36 - 00000000 ____D () C:\Users\Sonja\Desktop\Coral
2014-04-03 16:31 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-04-03 09:51 - 2014-04-09 10:28 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-09 10:28 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-09 10:28 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-01 21:24 - 2012-04-30 21:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-01 21:23 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-03-30 21:21 - 2014-03-30 20:11 - 00014336 _____ () C:\Users\Sonja\Desktop\Barfplan.xls
2014-03-29 17:21 - 2014-03-29 17:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:47 - 2014-03-29 16:46 - 00000000 ____D () C:\Users\Sonja\Documents\Versicherung
2014-03-29 00:54 - 2009-07-26 03:27 - 00000000 ____D () C:\windows\system32\Drivers\de-DE
2014-03-28 23:04 - 2014-03-28 23:04 - 00000000 ____D () C:\ProgramData\Applications
2014-03-28 23:01 - 2014-03-28 23:01 - 06790816 _____ (Microsoft Corporation) C:\Users\Sonja\Downloads\WindowsPhone.exe
2014-03-22 11:19 - 2011-08-11 18:07 - 00017408 _____ () C:\Users\Sonja\Desktop\Monatliche Fixausgaben.xls
2014-03-21 17:30 - 2012-01-24 22:41 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Nokia
2014-03-20 19:34 - 2014-03-20 19:32 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-19 14:12 - 2010-06-29 17:25 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Thunderbird
2014-03-19 11:18 - 2013-08-05 16:14 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 23:31 - 2010-06-29 22:22 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Skype
2014-03-18 23:19 - 2010-06-29 18:13 - 87350280 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 19:55 - 2011-03-30 12:56 - 00000000 ____D () C:\ProgramData\Nokia
2014-03-17 19:50 - 2014-03-17 19:50 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-03-17 19:50 - 2010-01-06 23:42 - 00095710 _____ () C:\windows\DPINST.LOG
2014-03-17 19:49 - 2010-12-12 10:37 - 00000000 ____D () C:\Program Files\Nokia
2014-03-14 19:00 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Adobe
2014-03-13 21:03 - 2009-07-14 06:33 - 00377248 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-13 21:01 - 2010-07-21 13:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-11 22:03 - 2012-03-23 13:01 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\0edstlro.va1.exe
C:\Users\Sonja\AppData\Local\Temp\avgnt.exe
C:\Users\Sonja\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Sonja\AppData\Local\Temp\Delta.exe
C:\Users\Sonja\AppData\Local\Temp\DeltaTB.exe
C:\Users\Sonja\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Sonja\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Sonja\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Sonja\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Sonja\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 11:34
==================== End Of Log ============================
--- --- --- --- --- --- LG Sonja |
|
10.04.2014, 12:43
| #4 |
| /// the machine /// TB-Ausbilder | Verändert Default-Search.net Facebook? Das Log brauch ich nicht unbedingt  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.04.2014, 21:45
| #5 |
| | Verändert Default-Search.net Facebook? Super! Beim Suchlauf wurde nichts gefunden Das Eset-File: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4d58df024249d74aa7f558bd6c9afbec
# engine=17835
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-10 08:09:47
# local_time=2014-04-10 10:09:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 12494 167831892 5226 0
# compatibility_mode=5893 16776573 100 94 124549 148791778 0 0
# scanned=123992
# found=0
# cleaned=0
# scan_time=10474
Code:
ATTFilter Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 39
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader XI
Mozilla Firefox (28.0)
Mozilla Thunderbird (24.4.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Sonja (administrator) on SONJAMOBIL on 10-04-2014 22:37:44
Running from C:\Users\Sonja\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\AsusService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
(ASUSTek) C:\Program Files\ASUS\LivCam\LivCam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-27] (ASUSTeK Computer Inc.)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2009-11-17] ()
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [803304 2009-08-28] ()
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2010-01-07] (ASUS)
HKLM\...\Run: [EeeSplendidAgent] - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960 2009-12-30] ()
HKLM\...\Run: [LivCam] - C:\Program Files\ASUS\LivCam\LivCam.exe [284160 2009-11-20] (ASUSTek)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [Boingo Wi-Fi] - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-06-29] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe [740736 2012-08-03] (ASUS Cloud Corporation)
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [] - [X]
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {71a88601-916e-11df-b548-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {71a88635-916e-11df-b548-485b3952c3ae} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {75088a55-8ea8-11df-bc01-485b3952c3ae} - "E:\WD SmartWare.exe" autoplay=true
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=11471&tm=311&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Youtube MP3 Podcaster - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-03-20]
FF Extension: Garmin Communicator - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: anonymoX - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\client@anonymox.net.xpi [2013-10-04]
FF Extension: YouTube HD - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2013-10-04]
FF Extension: YesScript - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\yesscript@userstyles.org.xpi [2013-06-19]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-29]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
S4 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-08-17] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
==================== Drivers (Whitelisted) ====================
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-14] (Avira GmbH)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-10 22:37 - 2014-04-10 22:37 - 00015088 _____ () C:\Users\Sonja\Desktop\FRST.txt
2014-04-10 22:31 - 2014-04-10 22:31 - 00987448 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe
2014-04-10 22:15 - 2014-04-10 22:15 - 00000000 ____D () C:\windows\LastGood
2014-04-09 18:12 - 2014-04-09 18:12 - 00000000 ____D () C:\windows\ERUNT
2014-04-09 17:54 - 2014-04-09 17:57 - 00000000 ____D () C:\AdwCleaner
2014-04-09 10:29 - 2014-04-09 18:07 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 10:28 - 2014-04-09 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 10:28 - 2014-04-09 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-04-09 10:28 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-09 10:28 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-09 10:28 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-09 10:24 - 2014-04-10 22:32 - 00000000 ____D () C:\Users\Sonja\Desktop\erledigt
2014-04-08 23:28 - 2014-04-10 22:37 - 00000000 ____D () C:\FRST
2014-04-08 23:27 - 2014-04-08 23:27 - 01145856 _____ (Farbar) C:\Users\Sonja\Desktop\FRST.exe
2014-04-08 23:24 - 2014-04-08 23:25 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-04-08 23:24 - 2014-04-08 23:24 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-04-08 23:22 - 2014-04-08 23:22 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-04-08 23:16 - 2014-04-08 23:17 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 12:38 - 2014-04-08 12:38 - 00003158 _____ () C:\Users\Sonja\Desktop\Stories.lnk
2014-04-08 09:44 - 2014-04-08 09:44 - 02278856 _____ () C:\Users\Sonja\Downloads\avira_pc_cleaner_de.exe
2014-04-06 12:25 - 2014-04-06 12:26 - 00000000 ____D () C:\Users\Sonja\Documents\Handy
2014-04-05 22:17 - 2014-04-05 22:17 - 00000000 ____D () C:\Users\Sonja\Documents\Asus WebStorage
2014-04-05 22:16 - 2014-04-05 22:16 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-04-01 18:07 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-04-01 18:07 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-04-01 18:07 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-01 18:07 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-04-01 18:07 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-03-30 20:11 - 2014-03-30 21:21 - 00014336 _____ () C:\Users\Sonja\Desktop\Barfplan.xls
2014-03-29 21:26 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-29 17:21 - 2014-03-29 17:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:46 - 2014-03-29 16:47 - 00000000 ____D () C:\Users\Sonja\Documents\Versicherung
2014-03-29 00:42 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-03-29 00:42 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-29 00:42 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-29 00:42 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-03-29 00:42 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-03-29 00:42 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-03-29 00:42 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-29 00:42 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-03-29 00:42 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-03-29 00:42 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-03-29 00:42 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-03-29 00:40 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-03-28 23:07 - 2014-04-05 22:08 - 00000000 ____D () C:\Program Files\Windows Phone
2014-03-28 23:04 - 2014-03-28 23:04 - 00000000 ____D () C:\ProgramData\Applications
2014-03-28 23:01 - 2014-03-28 23:01 - 06790816 _____ (Microsoft Corporation) C:\Users\Sonja\Downloads\WindowsPhone.exe
2014-03-20 19:32 - 2014-03-20 19:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-17 19:50 - 2014-03-17 19:50 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-03-17 19:50 - 2012-10-17 15:53 - 00019072 _____ (Nokia) C:\windows\system32\Drivers\pccsmcfd.sys
2014-03-12 11:46 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-12 11:46 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-12 11:46 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 11:46 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 11:46 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 11:46 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 11:46 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-12 11:46 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-12 11:46 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-12 11:46 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-12 11:46 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 11:46 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 11:46 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 11:46 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 11:45 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 11:45 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 11:45 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 11:45 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 11:45 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 11:45 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 11:45 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-12 11:45 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 11:45 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 11:45 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 11:45 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 11:45 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 11:45 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
==================== One Month Modified Files and Folders =======
2014-04-10 22:39 - 2014-04-10 22:37 - 00015088 _____ () C:\Users\Sonja\Desktop\FRST.txt
2014-04-10 22:37 - 2014-04-08 23:28 - 00000000 ____D () C:\FRST
2014-04-10 22:32 - 2014-04-09 10:24 - 00000000 ____D () C:\Users\Sonja\Desktop\erledigt
2014-04-10 22:31 - 2014-04-10 22:31 - 00987448 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe
2014-04-10 22:22 - 2010-06-30 09:30 - 01899787 _____ () C:\windows\WindowsUpdate.log
2014-04-10 22:21 - 2013-07-27 11:33 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 22:15 - 2014-04-10 22:15 - 00000000 ____D () C:\windows\LastGood
2014-04-10 19:10 - 2009-07-25 09:50 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-10 18:45 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 18:45 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 18:41 - 2012-04-24 22:16 - 00000000 ___RD () C:\Users\Sonja\Dropbox
2014-04-10 18:40 - 2012-04-24 22:10 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Dropbox
2014-04-09 20:06 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-09 20:06 - 2009-07-14 06:39 - 00091372 _____ () C:\windows\setupact.log
2014-04-09 18:12 - 2014-04-09 18:12 - 00000000 ____D () C:\windows\ERUNT
2014-04-09 18:07 - 2014-04-09 10:29 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 17:57 - 2014-04-09 17:54 - 00000000 ____D () C:\AdwCleaner
2014-04-09 12:46 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-04-09 11:43 - 2010-01-07 00:21 - 00348842 _____ () C:\windows\PFRO.log
2014-04-09 11:43 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Speech
2014-04-09 10:28 - 2014-04-09 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 10:28 - 2014-04-09 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-04-08 23:27 - 2014-04-08 23:27 - 01145856 _____ (Farbar) C:\Users\Sonja\Desktop\FRST.exe
2014-04-08 23:25 - 2014-04-08 23:24 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-04-08 23:24 - 2014-04-08 23:24 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-04-08 23:24 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja
2014-04-08 23:22 - 2014-04-08 23:22 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-04-08 23:17 - 2014-04-08 23:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 22:33 - 2014-01-02 20:44 - 00000000 ____D () C:\Program Files\Telltale Games
2014-04-08 12:38 - 2014-04-08 12:38 - 00003158 _____ () C:\Users\Sonja\Desktop\Stories.lnk
2014-04-08 12:35 - 2014-01-02 20:45 - 00000000 ____D () C:\windows\system32\directx
2014-04-08 11:39 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-08 09:44 - 2014-04-08 09:44 - 02278856 _____ () C:\Users\Sonja\Downloads\avira_pc_cleaner_de.exe
2014-04-06 19:19 - 2013-07-27 11:33 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-04-06 19:19 - 2013-06-19 11:18 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-06 12:26 - 2014-04-06 12:25 - 00000000 ____D () C:\Users\Sonja\Documents\Handy
2014-04-05 22:17 - 2014-04-05 22:17 - 00000000 ____D () C:\Users\Sonja\Documents\Asus WebStorage
2014-04-05 22:16 - 2014-04-05 22:16 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-04-05 22:13 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\ASUS WebStorage
2014-04-05 22:08 - 2014-03-28 23:07 - 00000000 ____D () C:\Program Files\Windows Phone
2014-04-05 20:22 - 2014-01-26 14:36 - 00000000 ____D () C:\Users\Sonja\Desktop\Coral
2014-04-03 16:31 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-04-03 09:51 - 2014-04-09 10:28 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-09 10:28 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-09 10:28 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-01 21:24 - 2012-04-30 21:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-01 21:23 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-03-30 21:21 - 2014-03-30 20:11 - 00014336 _____ () C:\Users\Sonja\Desktop\Barfplan.xls
2014-03-29 17:21 - 2014-03-29 17:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:47 - 2014-03-29 16:46 - 00000000 ____D () C:\Users\Sonja\Documents\Versicherung
2014-03-29 00:54 - 2009-07-26 03:27 - 00000000 ____D () C:\windows\system32\Drivers\de-DE
2014-03-28 23:04 - 2014-03-28 23:04 - 00000000 ____D () C:\ProgramData\Applications
2014-03-28 23:01 - 2014-03-28 23:01 - 06790816 _____ (Microsoft Corporation) C:\Users\Sonja\Downloads\WindowsPhone.exe
2014-03-22 11:19 - 2011-08-11 18:07 - 00017408 _____ () C:\Users\Sonja\Desktop\Monatliche Fixausgaben.xls
2014-03-21 17:30 - 2012-01-24 22:41 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Nokia
2014-03-20 19:34 - 2014-03-20 19:32 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-19 14:12 - 2010-06-29 17:25 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Thunderbird
2014-03-19 11:18 - 2013-08-05 16:14 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 23:31 - 2010-06-29 22:22 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Skype
2014-03-18 23:19 - 2010-06-29 18:13 - 87350280 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 19:55 - 2011-03-30 12:56 - 00000000 ____D () C:\ProgramData\Nokia
2014-03-17 19:50 - 2014-03-17 19:50 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2014-03-17 19:50 - 2010-01-06 23:42 - 00095710 _____ () C:\windows\DPINST.LOG
2014-03-17 19:49 - 2010-12-12 10:37 - 00000000 ____D () C:\Program Files\Nokia
2014-03-14 19:00 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Adobe
2014-03-13 21:03 - 2009-07-14 06:33 - 00377248 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-13 21:01 - 2010-07-21 13:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-11 22:03 - 2012-03-23 13:01 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\0edstlro.va1.exe
C:\Users\Sonja\AppData\Local\Temp\avgnt.exe
C:\Users\Sonja\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Sonja\AppData\Local\Temp\Delta.exe
C:\Users\Sonja\AppData\Local\Temp\DeltaTB.exe
C:\Users\Sonja\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Sonja\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Sonja\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Sonja\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Sonja\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 11:34
==================== End Of Log ============================
--- --- --- Kann man daraus noch irgendwas Schlechtes erkennen?  Soll ich die ganzen Programme wieder deinstallieren?Vielen vielen Dank  Lg Sonja |
|
13.04.2014, 13:46
| #6 |
| /// the machine /// TB-Ausbilder | Verändert Default-Search.net Facebook? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Verändert Default-Search.net Facebook? |
|
13.04.2014, 17:42
| #7 |
| | Verändert Default-Search.net Facebook? Hier das Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Sonja at 2014-04-13 16:54:11 Run:1
Running from C:\Users\Sonja\Desktop\erledigt
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
*****************
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
==== End of Fixlog ====
Ansonsten ist alles geklärt und hat toll geklappt. Ich werde demnächst gern etwas spenden und euch auf jeden Fall weiter empfehlen Vielen Dank und lieben Gruß Sonja |
|
14.04.2014, 14:57
| #8 |
| /// the machine /// TB-Ausbilder | Verändert Default-Search.net Facebook? Instalier die einfach direkt im Browser, Addon Seite aufmachen, Addon suchen, dann installieren. Die geladenen XPI kannste dann löschen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Verändert Default-Search.net Facebook? |
| antivir, antivirus, avira, converter, device driver, downloader, eeepc, error, firefox, flash player, homepage, installation, internet, mozilla, mp3, object, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, windows |
Linear-Darstellung
