![]() |
|
Log-Analyse und Auswertung: Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC LeistungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung Hallo zusammen. Ich habe seit einiger Zeit bemerkt, dass mein Laptop wesentlich langsamer ist als sonst. Erst tat ich es als ein Internet Problem ab, da ich hauptsächlich surfe. Mir ist aber jetzt aufgefallen, dass im Taskmanager unter Prozessen mehrfach ein Prozess namens compatibilitycheck.exe vorkommt, den ich nicht kenne und welche auch nicht von mir als Benutzer gesteuert ist. Diese Prozesse lasten meinen PC sehr aus (meistens sind 2-3 [von bis zu ca 15] unter den Prozessen welchen den meisten Arbeitsspeicher benutzen) und selbst wenn ich neu starte und kein Programm öffne ist meine CPU-Auslastung bei mindestens 70% teilweise sogar höher. Sobald ich ein anderes Programm benutze liegt sie eigentlich immer bei 100%. Diese Prozesse lassen sich nicht von mir löschen. Desweiteren habe ich immer Pop-Ups, selbst dann wenn ich nichtmal einen Browser offen habe. Habe den PC letztens neu gestartet und da kam auch ohne das ich irgendwas aufhatte ein Pop-Up, der aber direkt wieder verschwand. Außerdem kommt im Hintergrund öfter auf einmal eine Stimme, welche sich als ein Ausschnitt aus verschiedenen Interviews, Berichten, etc. entpuppt, für 2-10 Sekunden läuft und wieder verschwindet. Auch dies passiert ohne Browser, aber naturlich auch mit. Nutzen kann man den PC so kaum, da er von fast allem überfordert ist. Ich habe die Schritte so befolgt wie sie in der Anleitung standen, nur habe ich keine Erfahrung in Foren und was das richtige Posten angeht, daher hoffe ich, dass das mit dem Posten der Logs wie gewollt klappt. Hier die Logs: Defogger disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:49 on 21/01/2015 (***** *****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015 Ran by ***** ***** (administrator) on DAVID on 21-01-2015 10:52:39 Running from C:\Users\***** *****\Desktop Loaded Profiles: ***** ***** (Available profiles: ***** *****) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe (Microsoft Corporation) C:\Windows\System32\vds.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Spotify Ltd) C:\Users\***** *****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\***** *****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [T-Home Dialerschutz-Software] => C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6814240 2009-02-13] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-13] (Realtek Semiconductor Corp.) HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe" HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [Spotify Web Helper] => C:\Users\***** *****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd) HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\***** *****\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {7b16325e-30b4-11e1-9eb1-00265eb087d7} - F:\Autorun.exe HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8052ec9d-f8b4-11df-8b29-00265eb087d7} - F:\LaunchU3.exe -a HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8d6e4b71-f4d4-11df-9935-806e6f6e6963} - E:\AutoRun.exe Startup: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rts.dsrlte.com?affID=na HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp URLSearchHook: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File SearchScopes: HKLM -> DefaultScope {772CA233-EF58-4C12-BD53-408EFC32E247} URL = SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> DefaultScope {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312329&CUI=UN39588198854758620&UM=2 SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312329&CUI=UN39588198854758620&UM=2 SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {241EC647-646E-4DDF-9263-2F5111F019F6} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {34AEBC21-74EA-4AF2-9473-630C7A0F5BB7} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {772CA233-EF58-4C12-BD53-408EFC32E247} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{58A12B80-1895-4C95-9F28-3D8660E0C185}: [NameServer] 223.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default FF Homepage: hxxp://www.google.de/ FF Keyword.URL: FF NetworkProxy: "autoconfig_url", "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gaXNZb3VUdWJlVmlkZW8odXJsKXsgcmV0dXJuIG5ldyBSZWdFeHAoIl4oPzpodHRwfGh0dHBzKTpcXC9cXC8oPzouKikoPzouZ29vZ2xldmlkZW8uY29tfC5jLnlvdXR1YmUuY29tKSg/Oi4qKVxcL3ZpZGVvcGxheWJhY2soPzouKikoPzpnY3I9dXN8XFwvZ2NyXFwvdXNcXC8pKD86LiopJCIsJ2knKS50ZXN0KHVybCk7fWZ1bmN0aW9uIGlzWW91VHViZVZpZGVvUGFnZSh1cmwsIGhvc3QsIHZpZHVybCkgeyByZXR1cm4gaG9zdC5pbmRleE9mKCd5b3V0dWJlLmNvbScpICE9IC0xICYmIHVybC5pbmRleE9mKHZpZHVybCkgIT0gLTE7fWZ1bmN0aW9uIEZpbmRQcm94eUZvclVSTCh1cmwsIGhvc3QpIHtpZihpc1lvdVR1YmVWaWRlbyh1cmwpICB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj0wQ0t3N2t1SWxWcyZpbmRleD0xNSZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj13UGJITmtLYnprNCZpbmRleD0xNiZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj04bF9CN1NMWjZ5MCZpbmRleD0xNyZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSl7IHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMTQuMTAwOjMxMzEnO31lbHNleyByZXR1cm4gJ0RJUkVDVCc7fX0=" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\***** *****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: electronicarts.com/GameFacePlugin -> C:\Users\***** *****\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF SearchPlugin: C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\searchplugins\dsrlte.xml FF Extension: Avira Browser Safety - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com [2015-01-20] FF Extension: Adblock Plus Pop-up Addon - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-09] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-09] FF Extension: MEGA - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\firefox@mega.co.nz.xpi [2014-12-23] FF Extension: ProxTube - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11] FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\info@convert2mp3.net.xpi [2014-06-22] FF Extension: NoScript - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-09] FF Extension: Flash Block - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-12-09] FF Extension: Adblock Plus - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-22] FF Extension: Adblock Edge - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-09] FF HKLM\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\***** *****\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com FF Extension: SeeSimilar - C:\Users\***** *****\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-19] FF HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\***** *****\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\***** *****\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10] CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\***** *****\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30] CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\***** *****\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S2 CouponarificService; C:\Program Files\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv.exe [161280 2014-11-19] () [File not signed] R2 DFSVC; C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-05-16] (Microsoft Corporation) [File not signed] R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 OO SSD Migration Kit; "C:\Program Files\OO Software\SSD Migration Kit\oosmkag.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG) R3 DFSYS; C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH) S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-08-12] (SAMSUNG ELECTRONICS CO., LTD.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 MpKsl70a16154; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58CD8086-3C8A-4E54-8294-DFE630690E61}\MpKsl70a16154.sys [39464 2015-01-21] (Microsoft Corporation) R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [36048 2014-11-19] (NetFilterSDK.com) R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH) R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-11-21] (Vimicro Corporation) R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw.sys [52928 2014-05-06] (StdLib) R1 {9d5747ee-0448-4681-8337-1555de75a3b6}w; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w.sys [52928 2014-04-29] (StdLib) S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Migrate OS to SSD 4.0\program\BioNTDrv.SYS [X] S1 netfilter2; system32\drivers\netfilter2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 10:52 - 2015-01-21 10:53 - 00019168 _____ () C:\Users\***** *****\Desktop\FRST.txt 2015-01-21 10:52 - 2015-01-21 10:53 - 00000000 ____D () C:\FRST 2015-01-21 10:51 - 2015-01-21 10:51 - 01118208 _____ (Farbar) C:\Users\***** *****\Desktop\FRST.exe 2015-01-21 10:49 - 2015-01-21 10:49 - 00000484 _____ () C:\Users\***** *****\Desktop\defogger_disable.log 2015-01-21 10:49 - 2015-01-21 10:49 - 00000000 _____ () C:\Users\***** *****\defogger_reenable 2015-01-21 10:47 - 2015-01-21 10:47 - 00050477 _____ () C:\Users\***** *****\Desktop\Defogger.exe 2015-01-21 10:23 - 2015-01-21 10:23 - 00000000 ____D () C:\Users\***** *****\AppData\Local\AviraSpeedup 2015-01-21 10:22 - 2015-01-21 10:22 - 00000056 _____ () C:\Windows\setupact.log 2015-01-21 10:22 - 2015-01-21 10:22 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-20 17:43 - 2015-01-20 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup 2015-01-20 17:35 - 2015-01-20 17:33 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-01-20 17:32 - 2015-01-20 17:32 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Avira 2015-01-20 17:31 - 2015-01-20 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-20 17:30 - 2015-01-20 17:43 - 00000000 ____D () C:\Program Files\Avira 2015-01-20 17:30 - 2015-01-20 17:32 - 00000000 ____D () C:\ProgramData\Avira 2015-01-20 17:30 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-01-20 17:30 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-01-20 17:30 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-01-20 17:30 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2015-01-17 12:12 - 2015-01-17 12:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-14 12:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 12:05 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 12:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 12:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 12:05 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 12:05 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-13 10:41 - 2015-01-21 10:54 - 00000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat 2015-01-11 17:59 - 2015-01-11 17:59 - 00000641 _____ () C:\Users\***** *****\Desktop\Bilder.lnk 2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-08 13:32 - 2015-01-20 17:40 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-08 13:30 - 2015-01-21 10:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-08 13:30 - 2015-01-21 10:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2014-12-25 15:49 - 2014-12-25 15:49 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\EurekaLab s.a.s 2014-12-23 21:17 - 2014-12-23 21:17 - 00000320 _____ () C:\Users\***** *****\Desktop\Magic The Gathering Online .appref-ms 2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast 2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Wizards of the Coast 2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\ProgramData\Gibraltar 2014-12-23 21:14 - 2014-12-30 22:43 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Deployment ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 10:54 - 2014-05-21 13:54 - 00001332 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-7.job 2015-01-21 10:49 - 2010-11-20 19:58 - 00000000 ____D () C:\Users\***** ***** 2015-01-21 10:30 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-21 10:30 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-21 10:28 - 2013-11-04 19:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-21 10:26 - 2010-11-20 19:55 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-21 10:26 - 2010-11-20 19:36 - 01772187 _____ () C:\Windows\WindowsUpdate.log 2015-01-21 10:23 - 2014-02-08 20:30 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\newnext.me 2015-01-21 10:23 - 2012-07-07 22:42 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Dropbox 2015-01-21 10:22 - 2014-05-21 13:54 - 00002220 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.job 2015-01-21 10:22 - 2014-05-21 13:54 - 00001484 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.job 2015-01-21 10:22 - 2014-05-21 13:54 - 00001392 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-1.job 2015-01-21 10:22 - 2014-05-21 13:54 - 00001378 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.job 2015-01-21 10:22 - 2014-05-21 13:53 - 00003454 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.job 2015-01-21 10:22 - 2014-05-21 13:53 - 00001400 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-6.job 2015-01-21 10:22 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-21 10:22 - 2009-07-14 05:33 - 00496744 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-20 22:05 - 2014-05-21 13:50 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Security System 2 2015-01-20 19:04 - 2011-01-01 20:36 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\vlc 2015-01-20 17:52 - 2010-11-20 20:57 - 00155032 _____ () C:\Users\***** *****\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-20 17:44 - 2014-12-01 23:09 - 00000000 ____D () C:\Program Files\Couponarific 2015-01-20 17:38 - 2014-05-21 13:50 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\BupSystem 2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\WD 2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Program Files\Common Files\Memeo 2015-01-19 22:16 - 2011-07-31 12:54 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-01-19 21:30 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Spotify 2015-01-19 19:25 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Spotify 2015-01-17 16:27 - 2014-06-22 13:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-15 14:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-01-15 12:28 - 2012-03-30 13:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-15 12:28 - 2011-05-20 05:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-14 13:14 - 2013-08-15 15:42 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 13:10 - 2010-11-20 21:57 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-12 18:25 - 2010-12-11 19:19 - 00000000 ____D () C:\Program Files\Magic Workstation 2015-01-12 18:24 - 2010-11-20 21:27 - 00000000 ____D () C:\Program Files\CyberLink 2015-01-12 18:24 - 2010-11-20 20:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-12 18:18 - 2010-11-20 21:26 - 00000000 ____D () C:\ProgramData\CyberLink 2015-01-12 18:10 - 2010-12-03 22:03 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\CyberLink 2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Google 2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Program Files\Google 2015-01-09 10:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-31 12:13 - 2010-11-20 20:24 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-25 14:42 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-23 21:14 - 2011-01-27 20:43 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Apps\2.0 ==================== Files in the root of some directories ======= 2011-08-31 16:21 - 2011-09-04 19:09 - 0000000 ____H () C:\Users\***** *****\AppData\Roaming\windrvconfig.txt 2011-11-19 20:02 - 2011-11-26 16:50 - 0010240 _____ () C:\Users\***** *****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-21 14:01 - 2014-05-21 14:01 - 0301496 _____ (VuuPC Limited) C:\Users\***** *****\AppData\Local\nsr324A.tmp 2011-07-21 23:24 - 2011-07-21 23:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2011-08-26 21:06 - 2011-08-27 13:32 - 0007246 _____ () C:\ProgramData\hpzinstall.log 2015-01-13 10:41 - 2015-01-21 10:54 - 0000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat Files to move or delete: ==================== C:\ProgramData\Y4Ki2D2g0.dat C:\Users\***** *****\MTGOinstall.exe Some content of TEMP: ==================== C:\Users\***** *****\AppData\Local\Temp\avgnt.exe C:\Users\***** *****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxgeqzy.dll C:\Users\***** *****\AppData\Local\Temp\ose00000.exe C:\Users\***** *****\AppData\Local\Temp\_isC6DA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-16 21:02 ==================== End Of Log ============================ Und der FRST addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015 Ran by ***** ***** at 2015-01-21 10:54:49 Running from C:\Users\***** *****\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) 32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Avira System Speedup 1.5 (HKLM\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.3 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung) Free Video to iPhone Converter version 3.2.12 (HKLM\...\Free Video to iPhone Converter_is1) (Version: - DVDVideoSoft Limited.) Free YouTube Download version 3.1.37.918 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.) iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Magic The Gathering Online (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\35c9d60442fbb010) (Version: 3.4.83.467 - Wizards of the Coast) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5791 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.8 - Samsung) Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD) Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden Spotify (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) T-Home Dialerschutz-Software (HKLM\...\{E8C5BD56-F5D8-41D3-8A71-273468FE256A}) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WD Discovery Software (HKLM\...\{324F388E-4F28-42D6-ADD1-9AB27D249523}) (Version: 1.70 - Western Digital) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\***** *****\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{CBD32ACD-3033-5DC4-AF3E-A32955785032}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 15-01-2015 15:34:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 18-01-2015 13:12:32 Windows Update 20-01-2015 17:43:26 Avira System Speedup 1.5 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2014-05-21 13:44 - 00004422 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 capitalimonline.com 127.0.0.1 www.verifi-infonet.com 127.0.0.1 www.forsil-srl.com 127.0.0.1 trustedppiclaims.co.uk 127.0.0.1 ftp.signara.org 127.0.0.1 buy-fifa-ultimateteam-coins.com 127.0.0.1 pay.pal-schutz.com 127.0.0.1 swqk3xftx38.h149.pp39dk.com 127.0.0.1 robertoleal.es 127.0.0.1 verifi-infonet.com 127.0.0.1 ssl.paypal.secure.your.billing.information.mytrickworld.com 127.0.0.1 lastminute-ibiza.net 127.0.0.1 myaccount.aol.com.onlineaccounts.upgrade.online.billing.account.update.alcaldiadearaure.gob.ve 127.0.0.1 www.rhnp.org 127.0.0.1 173.214.178.24 127.0.0.1 bit.ly 127.0.0.1 www.axisengneering.com 127.0.0.1 www.positive-eft.com 127.0.0.1 hw0vrcfmu0fpd.com 127.0.0.1 www.art3c.com.tw 127.0.0.1 www.kielkoppfest.harzwinter.net 127.0.0.1 www.battle.net-account.asxp.cn.com 127.0.0.1 mgstrategiesstudio.com 127.0.0.1 www.paypal.com.p2jdb5zb17llxg1i.0243cn71m8gjun1.com 127.0.0.1 paypal.com.update.account.toughbook.cl 127.0.0.1 www.lappen-123.no 127.0.0.1 www.paypal-update.visitasgratis.info 127.0.0.1 stromarket.ru 127.0.0.1 www.ocevap.com There are 63 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {019E612F-B8F3-415B-8EAD-4AC47C01275C} - System32\Tasks\{E00C48C4-87C3-49CA-B00D-268CB9C644A1} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Datel\Action Replay Code Manager\ActionReplayCodeManager.exe" Task: {10332AD8-1A6D-48A3-8E38-E346CACF7EE3} - \7842eb70 No Task File <==== ATTENTION Task: {11530222-9822-4EAA-BFB9-5925E06C72A3} - \d88be1c No Task File <==== ATTENTION Task: {1328961F-FE69-4320-8EF1-1269ED486E7E} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-6 => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-novainstaller.exe <==== ATTENTION Task: {1A01F8A6-86EA-4569-BA32-608D06521C06} - \ceb89d40 No Task File <==== ATTENTION Task: {1CC0017D-A4BA-4373-BC62-1C80719E4D4A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {22C6D372-FC50-4519-B5C5-A2B56F42B3C2} - \7a3ef47c No Task File <==== ATTENTION Task: {2F4D318B-F369-4C98-B304-F5A8E18C93A2} - \ace63bf0 No Task File <==== ATTENTION Task: {323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001} - \b0e63a68 No Task File <==== ATTENTION Task: {34C690D4-20C4-4ABC-8BA0-AF2364492543} - \becf0200 No Task File <==== ATTENTION Task: {42F4DE03-5E7C-445A-9867-C04F63F31EE6} - \ad3af7c8 No Task File <==== ATTENTION Task: {4913859C-17B0-4960-BE76-779215D91849} - \4c86bc0c No Task File <==== ATTENTION Task: {4B6023C5-EDD2-4C66-831F-48FFEE52CACE} - \b1538c78 No Task File <==== ATTENTION Task: {4FACD718-1A45-4290-A96F-0B663F59C4C4} - System32\Tasks\45026eb0 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4076733968.exe <==== ATTENTION Task: {53CECBCA-C046-4232-8759-2BAA40B79C4B} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.exe <==== ATTENTION Task: {56CDA0D3-78A0-421E-ABB9-418C91501505} - \df070e80 No Task File <==== ATTENTION Task: {5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56} - \b6f52770 No Task File <==== ATTENTION Task: {5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D} - \16d25320 No Task File <==== ATTENTION Task: {6B115181-745C-4D10-A3DB-F3D04CB0490A} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.exe <==== ATTENTION Task: {71D6D7F1-71D0-43DB-A988-CF9201EA9BC8} - \575739e8 No Task File <==== ATTENTION Task: {72CD3727-88FB-405C-94BB-23E4FE3FE617} - \ddd72840 No Task File <==== ATTENTION Task: {7A4DF1FF-FD15-4061-A24A-F4F6148ADED8} - \a2002928 No Task File <==== ATTENTION Task: {7AA01F0B-5604-4EF7-B09F-63AEB007B3A2} - \54da9420 No Task File <==== ATTENTION Task: {7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5} - System32\Tasks\f5f36f24 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4059328268.exe <==== ATTENTION Task: {88BAC989-1324-4B59-9C75-54BE7B9646F6} - \9ea26a9c No Task File <==== ATTENTION Task: {8A16775E-A772-4A3D-8F7E-45627DF4CB08} - \c039b47c No Task File <==== ATTENTION Task: {8B268604-D0B2-477C-BE61-BA0AEB68A949} - System32\Tasks\{26F5BD3E-F422-4FAA-9FD1-D56CAAF3AD57} => pcalua.exe -a "C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe" Task: {8F8B76FF-C32A-489C-8559-E479D0EDAE09} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.exe <==== ATTENTION Task: {92DA3894-AF54-4C1A-ABC4-E562DE68330D} - \da240da0 No Task File <==== ATTENTION Task: {A03FF811-E18E-48D3-8B7E-A45553F7B140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated) Task: {A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B} - System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => pcalua.exe -a "C:\Users\***** *****\Desktop\setup.exe" -d "C:\Users\***** *****\Desktop" Task: {A8243FDB-E6E0-4DA9-A7D4-F2704FF53571} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-7 => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-nova.exe <==== ATTENTION Task: {A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931} - \e8bd60 No Task File <==== ATTENTION Task: {B2FF72F8-2491-489D-9EB0-C60DEAC65581} - \da4afbb0 No Task File <==== ATTENTION Task: {BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B} - System32\Tasks\e8d3af80 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3906187136.exe <==== ATTENTION Task: {BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB} - \6bdc3698 No Task File <==== ATTENTION Task: {C90047E2-DAF4-4EF1-8628-13D8DBD4DCCA} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG) Task: {CA5E6FDD-DEE3-472B-A779-DC221523F209} - System32\Tasks\{A36728D1-C91B-49A3-8728-BABA5743CED5} => pcalua.exe -a "D:\Sonstiges\European Code Manager PC software\Setup.exe" -d "D:\Sonstiges\European Code Manager PC software" Task: {D3F11C58-6191-4441-B9CD-A3DD00302089} - System32\Tasks\{44221F18-D3DE-4777-9286-F3A22E0BBC24} => C:\Program Files\Skype\\Phone\Skype.exe Task: {D62FF945-FED7-4B79-98E9-7D1E6254F800} - \889d9f2c No Task File <==== ATTENTION Task: {D942E5D6-9803-4E79-80BD-6A7E5740D353} - \11015950 No Task File <==== ATTENTION Task: {DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D} - System32\Tasks\f409e070 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3021004544.exe <==== ATTENTION Task: {E14534E0-FB7A-41FA-86E1-CA8FD695F3E7} - System32\Tasks\ff3efb40 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup2275163168.exe <==== ATTENTION Task: {EA27474F-86DD-43D8-A893-780467D1161C} - System32\Tasks\{2BF3C3A4-A032-46D5-8E6C-20C23974797E} => c:\program files\opera\opera.exe [2014-04-27] (Opera Software) Task: {EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738} - \13d83880 No Task File <==== ATTENTION Task: {EF8B3455-FBD6-4ACF-A646-6BE89587B4F8} - \517999a8 No Task File <==== ATTENTION Task: {EF961023-A4AB-4ACC-BC3D-B1DB17149720} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-05-15] (Samsung Electronics Co., Ltd.) Task: {F41A82C7-C7BF-44D8-A7D7-8345F924F450} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-1 => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-codedownloader.exe <==== ATTENTION Task: {F514247D-FC72-4E10-99A0-DBBE91B7BE72} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2008-12-03] () Task: {FDCB7367-5FAC-4BB6-98CF-D8136710CCA7} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-1.job => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.exe <==== ATTENTION Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.exe <==== ATTENTION Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.exe <==== ATTENTION Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.exe <==== ATTENTION Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-6.job => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-novainstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-7.job => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-nova.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2012-08-19 21:09 - 2010-06-17 20:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll 2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-01-08 13:30 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe 2010-11-21 02:20 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2010-11-21 02:01 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-21 10:23 - 2015-01-21 10:23 - 00043008 _____ () c:\Users\***** *****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxgeqzy.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-01-08 13:30 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe 2015-01-08 13:31 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll 2015-01-08 13:31 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll 2015-01-08 13:31 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll 2015-01-08 13:31 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll 2015-01-17 12:12 - 2015-01-17 12:13 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2015-01-15 12:28 - 2015-01-15 12:28 - 16844464 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2508884068-3804397540-1067786986-500 - Administrator - Disabled) ***** ***** (S-1-5-21-2508884068-3804397540-1067786986-1000 - Administrator - Enabled) => C:\Users\***** ***** Gast (S-1-5-21-2508884068-3804397540-1067786986-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2508884068-3804397540-1067786986-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/20/2015 03:49:05 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/20/2015 02:24:07 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/20/2015 08:51:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Ausnahmecode: 0x80000003 Fehleroffset: 0x0022ecf0 ID des fehlerhaften Prozesses: 0xfbc Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (01/20/2015 08:51:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x588 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (01/20/2015 08:18:02 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/19/2015 11:33:28 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/19/2015 11:25:14 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/19/2015 11:24:36 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/19/2015 09:32:40 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/19/2015 05:45:50 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" System errors: ============= Error: (01/21/2015 10:23:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: netfilter2 Error: (01/21/2015 10:22:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "OO SSD Migration Kit" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/21/2015 10:22:38 AM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (01/21/2015 10:22:38 AM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (01/20/2015 06:24:40 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error: (01/20/2015 06:07:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht. Error: (01/20/2015 06:07:39 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error: (01/20/2015 05:39:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: netfilter2 Error: (01/20/2015 05:39:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "OO SSD Migration Kit" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/20/2015 05:39:35 PM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-01-20 18:10:24.050 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-14 12:05:07.496 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-13 21:48:54.378 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-13 20:44:39.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-13 20:12:56.550 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-13 20:01:59.492 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 17:27:42.457 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-09 10:11:24.501 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-07 13:47:45.441 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-05 14:23:55.627 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz Percentage of memory in use: 85% Total physical RAM: 3036.61 MB Available physical RAM: 451.7 MB Total Pagefile: 6069.46 MB Available Pagefile: 2482.76 MB Total Virtual: 2047.88 MB Available Virtual: 1892.15 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:142.09 GB) (Free:46.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Volume) (Fixed) (Total:96.38 GB) (Free:10.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 91AC48D6) Partition 1: (Active) - (Size=142.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=96.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-01-21 11:13:58 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SanDisk_ rev.X231 238,47GB Running: Gmer-19357.exe; Driver: C:\Users\DAVIDE~1\AppData\Local\Temp\pxldapod.sys ---- System - GMER 2.1 ---- SSDT 8EBEEAE6 ZwCreateSection SSDT 8EBEEAF0 ZwRequestWaitReplyPort SSDT 8EBEEAEB ZwSetContextThread SSDT 8EBEEAF5 ZwSetSecurityObject SSDT 8EBEEAFA ZwSystemDebugControl SSDT 8EBEEA87 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRequestWaitReplyPort + 14B9 83075A15 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83095662 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8309CC04 4 Bytes JMP B5DB8EBE .text ntoskrnl.exe!KeRemoveQueueEx + 185F 8309CFA4 4 Bytes [EB, EA, BE, 8E] .text ntoskrnl.exe!KeRemoveQueueEx + 18DB 8309D020 4 Bytes JMP A57B8EBE .text ntoskrnl.exe!KeRemoveQueueEx + 192F 8309D074 4 Bytes [FA, EA, BE, 8E] .text ntoskrnl.exe!KeRemoveQueueEx + 1937 8309D07C 4 Bytes [87, EA, BE, 8E] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x99810000, 0x2D5378, 0xE8000020] ---- Devices - GMER 2.1 ---- Device \Driver\DFInjDrv \Device\DFInjDrv DFInjDrv32.sys Device \Driver\BTHUSB \Device\00000078 bthport.sys Device \Driver\BTHUSB \Device\0000007a bthport.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eb087d7 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eb087d7@204208300125 0x6C 0x8B 0x35 0x0F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eb087d7 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eb087d7@204208300125 0x6C 0x8B 0x35 0x0F ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSMK01.00.00.01PRO 9E60C89BEF73DE1A9B461DAA54F4C473B0E5D69592F026DB212D770A859D141B24C989AEF57D7D71D7BBE9B5D49F83144F3A31C114A5E2F7AC5D9719881869EDCAA3782B5A14FB92F83DDF678842AD86C2B5A95BFB9F657DCDD92F2F2A949699C27E85E4455E861AC810CCEC81C69ED38BF2908E6531DB835FB1AF96AE69BC61DF80636143564C19B28D47AC33ED38FBD11F7BBBCC7DF614DF87514C3DBF7BFC186189DC45CC0214C9A226BD784B5FEE5D7EC3F716FDEB2F72130C82E116FB990AEB33441F62DD84C1CF84698F467B149C65060B867EF6C75E201F9D8A3D66D57481DE3A89901DD6F32CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79335452DA3813582173E45B3B30BAACFBD408B789F6BBEDA54EEA85030A76E9FDFA070A4167A667BB88E1F56BEBA85A5F4D5D7979975062C52912A8070C528E3B31C32F366B3601AAB459D8A1FD5FD8D58BEF615EA9A37021B5F7190D4071676ED0625F811084000552E1DD6FD2B24C0F9AB826B1E0382BA1D6920E173EA7135B31FBEA4C72D9AE87CCD713C7AC7A4C611D72B2D0439896D682226D8C74CFA368BB6F582884004E91A3583C05259267C3481FA67DAD4FAF6FC326D437A1C6A121705E61088BC49 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@8EF953EE 2024 ---- EOF - GMER 2.1 ---- Gruß David P.S.: In den Logs habe ich, falls Vor- und Nachname zusammen vorkamen beides durch '***** *****' ersetzt. |
Themen zu Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung |
antivir, antivirus, avira, bonjour, browser, compatibilitycheck.exe, converter, dvdvideosoft ltd., excel, failed, firefox, flash player, home, homepage, object, problem, programm, realtek, scan, security, sekunden, svchost.exe, system, taskmanager, teredo, updates, vista, windows |