|
Plagegeister aller Art und deren Bekämpfung: unbekanntes Symbol/Icon am Desktop aufgetauchtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.01.2015, 02:58 | #1 |
| unbekanntes Symbol/Icon am Desktop aufgetaucht Seit 2 Tagen gibts auf meinem Desktop ein unbekanntes Symbol Es taucht immer direkt über der Taskleiste am rechten Bildrand auf und reagiert weder auf Rechts- noch Doppelklick. Ich kann es lediglich verschieben wenn ich den Mauszeiger im weissen Halbkreis halte. Ich habe keine Software installiert noch war ich auf dubiosen Seiten unterwegs... und bin daher extrem verunsichert. Kennt dieses Symbol jemand? Ist das etwas übles oder hab ich irrtümlich irgendwas im Windows aktiviert? |
25.01.2015, 07:19 | #2 |
/// the machine /// TB-Ausbilder | unbekanntes Symbol/Icon am Desktop aufgetaucht hi,
__________________ist das Symbol abgeschnitten oder sieht das echt so aus? Bitte vielleicht nen Screenshot mit dem halben Desktop oder so. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
25.01.2015, 11:47 | #3 |
| unbekanntes Symbol/Icon am Desktop aufgetaucht Servus und danke für die rasche Antwort.
__________________Ja, das Symbol ist wirklich so abgeschnitten Anbei die beiden Files... Geändert von alfadelheid (25.01.2015 um 11:55 Uhr) |
25.01.2015, 12:43 | #4 |
/// the machine /// TB-Ausbilder | unbekanntes Symbol/Icon am Desktop aufgetaucht Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.01.2015, 14:24 | #5 |
| unbekanntes Symbol/Icon am Desktop aufgetaucht uupsi, tut mir leid frst.txt  FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01 Ran by User (administrator) on User-PC on 25-01-2015 11:33:49 Running from F:\ Loaded Profiles: User (Available profiles: User) Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files\ASUS\AXSP\1.01.02\atkexComSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CMCEI) F:\Newsbin\newsbinpro.exe (Opera Software) C:\Program Files\OperaNina\opera.exe (ALTAP) C:\Program Files\Altap Salamander\salamand.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6336216 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1911445591-1791779849-2412762909-1000\...\MountPoints2: {8f20f22a-012b-11e4-a597-806e6f6e6963} - E:\.\Bin\ASSETUP.exe Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8100.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8100.lnk -> C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1911445591-1791779849-2412762909-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1911445591-1791779849-2412762909-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: H:\Profile\FirefoxKenny FF Homepage: hxxp://www.timeanddate.com/weather/austria/vienna FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1911445591-1791779849-2412762909-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] () R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [586240 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-05-11] (Intel(R) Corporation) R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [129792 2013-07-08] (Intel Corporation) R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-25] (Electronic Arts) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S2 cvhsvc; No ImagePath S4 FoxitCloudUpdateService; No ImagePath ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 asahci32; C:\Windows\System32\DRIVERS\asahci32.sys [40344 2013-01-10] (Asmedia Technology) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [14720 2012-08-22] () R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d6232.sys [367880 2013-05-30] (Intel Corporation) R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [505192 2013-08-07] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25448 2013-08-07] (Intel Corporation) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-04-26] (Intel Corporation) R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [361968 2013-04-26] (Intel Corporation) R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793072 2013-04-26] (Intel Corporation) R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [85464 2013-09-03] (Intel Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation) S3 DUMeterDrv; \??\C:\Program Files\DU Meter\DUMETR32.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 11:33 - 2015-01-25 11:33 - 00000000 ____D () C:\FRST 2015-01-11 13:18 - 2015-01-11 13:21 - 00000000 ____D () C:\Users\User\dwhelper 2015-01-08 15:08 - 2015-01-08 15:08 - 00007619 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2015-01-07 12:43 - 2015-01-07 12:44 - 00001336 _____ () C:\Users\User\Desktop\Sims 3.lnk 2015-01-07 12:41 - 2015-01-07 12:41 - 00000771 _____ () C:\Users\Public\Desktop\Sims 3 Launcher.lnk 2015-01-04 16:01 - 2015-01-04 16:01 - 00002489 _____ () C:\Users\Public\Desktop\TSR Workshop.lnk 2015-01-04 16:01 - 2015-01-04 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Workshop 2015-01-04 16:01 - 2015-01-04 16:01 - 00000000 ____D () C:\ProgramData\Caphyon 2015-01-04 14:37 - 2015-01-07 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 11:19 - 2014-07-04 10:04 - 00000000 ____D () C:\Users\User\AppData\Local\Newsbin 2015-01-25 10:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-01-25 10:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-01-25 09:06 - 2014-07-13 11:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft 2015-01-25 08:49 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-25 08:49 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-25 08:47 - 2014-07-01 16:02 - 01748998 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-25 08:41 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-25 08:41 - 2009-07-14 05:39 - 00097685 _____ () C:\Windows\setupact.log 2015-01-25 03:41 - 2014-07-01 17:44 - 00011196 _____ () C:\Windows\PFRO.log 2015-01-25 03:40 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-25 03:40 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\DVD Maker 2015-01-25 03:40 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-01-25 03:40 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-25 03:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\spool 2015-01-25 03:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-01-25 02:59 - 2014-08-03 00:34 - 00000000 ____D () C:\ProgramData\TEMP 2015-01-20 00:50 - 2014-08-10 05:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\SoftGrid Client 2015-01-17 16:52 - 2014-07-04 10:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-17 01:56 - 2014-07-01 17:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-13 05:03 - 2014-07-05 04:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter 2015-01-11 13:18 - 2014-07-01 15:40 - 00000000 ____D () C:\Users\User 2015-01-11 08:21 - 2014-09-09 11:12 - 00000000 ____D () C:\ProgramData\Origin 2015-01-11 08:21 - 2014-09-09 11:11 - 00000000 ____D () C:\Program Files\Origin 2015-01-08 17:03 - 2014-07-01 16:00 - 01957703 _____ () C:\Windows\WindowsUpdate.log 2015-01-07 03:45 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-04 16:01 - 2014-10-26 23:54 - 00000000 ____D () C:\Users\User\AppData\Local\Ibibi_HB 2015-01-04 14:39 - 2014-09-04 04:31 - 00000000 ____D () C:\Users\User\Documents\Electronic Arts ==================== Files in the root of some directories ======= 2014-07-05 05:00 - 2014-07-05 05:00 - 0000024 ___SH () C:\Users\User\AppData\Roaming\1D959CA221C7573.sys 2014-07-05 05:00 - 2014-07-05 05:00 - 0000024 ___SH () C:\Users\User\AppData\Roaming\System5908ConfigCollection.dat 2014-07-04 09:57 - 2014-07-04 09:57 - 0000600 _____ () C:\Users\User\AppData\Roaming\winscp.rnd 2014-08-01 14:02 - 2014-08-05 11:30 - 0007168 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-08 15:08 - 2015-01-08 15:08 - 0007619 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2014-07-05 04:21 - 2014-07-05 04:21 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-07-01 17:46 - 2014-07-01 17:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\AskSLib.dll C:\Users\User\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\User\AppData\Local\Temp\installerdll2699831.dll C:\Users\User\AppData\Local\Temp\tempmessage.bfg C:\Users\User\AppData\Local\Temp\UninstallEADM.dll C:\Users\User\AppData\Local\Temp\_is425C.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-25 10:45 ==================== End Of Log ============================ --- --- --- --- --- --- Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01 Ran by User at 2015-01-25 11:34:01 Running from F:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) ACDSee Photo Manager 2009 (HKLM\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.113 - ACD Systems International) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.3 (HKLM\...\{6F86810F-BE5B-4FB1-BA5A-EFD8F65F5EE4}) (Version: 5.3.1 - Adobe Systems Incorporated) Altap Salamander 2.53 (HKLM\...\Altap Salamander 2.53) (Version: 2.53 - ALTAP) Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon) AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AndreaMosaic 3.34.0 (HKLM\...\AndreaMosaic) (Version: - ) Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology) ASUS Product Register Program (HKLM\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.) calibre (HKLM\...\{3FBA72CD-A3EB-42A2-89DF-DF2366BEA779}) (Version: 2.10.0 - Kovid Goyal) COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.) Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts) Die Sims™ 3 Design-Garten-Accessoires (HKLM\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts) Die Sims™ 3 Inselparadies (HKLM\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts) Die Sims™ 3 Into the Future (HKLM\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts) Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts) Die Sims™ 3 Showtime (HKLM\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) Die Sims™ 3 Supernatural (HKLM\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) Die Sims™ 3 Traumkarrieren (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts) Die Sims™ 3 Traumsuite-Accessoires (HKLM\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts) DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink) Family Tree Maker 2010 (DE) (HKLM\...\Family Tree Maker 2010 (DE)) (Version: 19.0.360 - Ancestry.com) Family Tree Maker 2010 (DE) (Version: 19.0.360 - Ancestry.com) Hidden Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation) HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{778511E7-621D-4CEE-AF1E-93432132C706}) (Version: 28.0.1321.0 - Hewlett-Packard Co.) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) jv16 PowerTools 2014 (HKLM\...\jv16 PowerTools 2014) (Version: - Macecraft Software) K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - ) Luminance HDR 2.3.1 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version: - Luminance HDR Dev Team) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7128.5001 - Microsoft Corporation) Microsoft Picture It! Foto Premium 10 (HKLM\...\PictureItPrem_v10) (Version: 10.0.0715 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM\...\{B26E3B0D-C2FA-4370-B068-7C476766F029}) (Version: 08.04.0702 - Microsoft Corporation) Microsoft WSE 3.0 (HKLM\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 35.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 35.0 (x86 en-GB)) (Version: 35.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla) Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.51 - DJI Interprises, LLC) Opera 12.17 (HKU\S-1-5-21-1911445591-1791779849-2412762909-1000\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Origin (HKLM\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.) RawTherapee 3.0.1 (HKLM\...\RawTherapee 3.0.1) (Version: 3.0.1.0 - RT Team) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) Setup-Start von Microsoft Works 2005 (HKLM\...\Works2005Setup) (Version: - ) Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.) Sid Meier's Civilization: Beyond Earth (HKLM\...\Steam App 65980) (Version: - Firaxis Games) Sigil 0.7.4 (HKLM\...\Sigil_is1) (Version: - John Schember) SimCity 2000 Special Edition (HKLM\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) SimCity™ (HKLM\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts) SlimDX Runtime .NET 2.0 (January 2012) (HKLM\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group) Sonic Radar (HKLM\...\{4AD04041-F286-4690-8555-38F175F0B50C}) (Version: 1.0.801 - ASUSTeKcomputer.Inc) Steam (HKLM\...\Steam) (Version: - Valve Corporation) The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) The Sims™ 4 (HKLM\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.) TSR Workshop (HKLM\...\{33100EE2-5EDF-4AB1-BF08-D767E3AED642}) (Version: 2.0.86 - The Sims Resource) Unity Web Player (HKU\S-1-5-21-1911445591-1791779849-2412762909-1000\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS) VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden VueScan x32 (HKLM\...\VueScan x32) (Version: - ) Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Works Update (Version: 8.0.0.0000 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000_Classes\CLSID\{30991014-C94F-11D1-BE8B-0060971F5386}\InprocServer32 -> C:\Program Files\Altap Salamander\plugins\eroiica\PFltWmf.dll (Parallax69 Software Int'l) CustomCLSID: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000_Classes\CLSID\{30992102-C94F-11D1-BE8B-0060971F5386}\InprocServer32 -> C:\Program Files\Altap Salamander\plugins\eroiica\erfBmp.dll (Parallax69 Software International s.r.o.) CustomCLSID: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000_Classes\CLSID\{3099210D-C94F-11D1-BE8B-0060971F5386}\InprocServer32 -> C:\Program Files\Altap Salamander\plugins\eroiica\erfDsi.dll (Parallax69 Software International s.r.o.) CustomCLSID: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000_Classes\CLSID\{30992117-C94F-11D1-BE8B-0060971F5386}\InprocServer32 -> C:\Program Files\Altap Salamander\plugins\eroiica\erfJpg.dll (Parallax69 Software International s.r.o.) CustomCLSID: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000_Classes\CLSID\{30992121-C94F-11D1-BE8B-0060971F5386}\InprocServer32 -> C:\Program Files\Altap Salamander\plugins\eroiica\erfPng.dll (Parallax69 Software International s.r.o.) CustomCLSID: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000_Classes\CLSID\{30992143-C94F-11D1-BE8B-0060971F5386}\InprocServer32 -> C:\Program Files\Altap Salamander\plugins\eroiica\erfGif.dll (Parallax69 Software International s.r.o.) CustomCLSID: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000_Classes\CLSID\{C78B613F-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\plugins\salamext.dll (ALTAP) CustomCLSID: HKU\S-1-5-21-1911445591-1791779849-2412762909-1000_Classes\CLSID\{DB450008-9764-11D6-819E-005056C00008}\localserver32 -> C:\Program Files\DU Meter\DUMeterSvc.exe No File ==================== Restore Points ========================= 07-01-2015 12:31:24 Installiert TheSims3EP6 07-01-2015 12:40:21 Installiert TheSims3EP11 14-01-2015 17:36:41 Geplanter Prüfpunkt 17-01-2015 01:56:50 Installiert TheSims3EP10 24-01-2015 15:18:30 Windows Modules Installer 25-01-2015 03:40:25 Windows Modules Installer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {7FC335E1-66B7-4E5B-B073-E669A8444B40} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.) Task: {BE8CFC72-E89B-4A2F-BC92-2E878B254573} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO) Task: {C04D62CE-0864-4735-AA9A-E9744486CE6D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {F28E619C-AD27-4948-B7FA-897C78043ED3} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO) Task: {FB778540-B779-46FA-979A-2EC4B74642DB} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============= 2014-07-01 17:40 - 2013-05-07 08:45 - 00936728 _____ () C:\Program Files\ASUS\AXSP\1.01.02\atkexComSvc.exe 2014-07-01 17:40 - 2015-01-25 08:41 - 00033280 _____ () C:\Program Files\ASUS\AXSP\1.01.02\PEbiosinterface32.dll 2014-07-01 17:40 - 2013-05-07 08:45 - 00104448 _____ () C:\Program Files\ASUS\AXSP\1.01.02\ATKEX.dll 2014-07-01 17:45 - 2013-06-17 13:20 - 00188696 _____ () C:\Windows\system32\AcpiServiceVnA.dll 2014-07-01 17:46 - 2013-07-11 04:06 - 00447120 _____ () C:\Windows\system32\audioLibVc.dll 2014-07-04 10:14 - 2015-01-17 16:52 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-07-01 17:45 - 2013-09-03 15:52 - 01242584 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-12-02 15:08 - 2013-12-02 15:08 - 00290304 _____ () F:\Newsbin\Par2Repair.dll 2014-12-12 01:52 - 2014-12-12 01:52 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:2216A431 AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:395F6776 AlternateDataStreams: C:\ProgramData\TEMP:49B217F7 AlternateDataStreams: C:\ProgramData\TEMP:4B70A9FA AlternateDataStreams: C:\ProgramData\TEMP:7BD9473D AlternateDataStreams: C:\ProgramData\TEMP:A479BCC9 AlternateDataStreams: C:\ProgramData\TEMP:AA60673F AlternateDataStreams: C:\ProgramData\TEMP:BAC2F271 AlternateDataStreams: C:\ProgramData\TEMP:D8134D8F AlternateDataStreams: C:\ProgramData\TEMP:DA9A88B3 AlternateDataStreams: C:\ProgramData\TEMP:E70FD81B AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Core.exe => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent MSCONFIG\startupreg: CVHSVC.EXE => "C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" MSCONFIG\startupreg: FCUpdateService.exe => C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe MSCONFIG\startupreg: IcarosThumbnailProvider.dll => C:\Program Files\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll MSCONFIG\startupreg: msoshext.dll => C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll MSCONFIG\startupreg: MSOXMLMF.DLL => C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL MSCONFIG\startupreg: WinMail.exe => "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE MSCONFIG\startupreg: wmpnetwk.exe => "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-1911445591-1791779849-2412762909-500 - Administrator - Disabled) Gast (S-1-5-21-1911445591-1791779849-2412762909-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1911445591-1791779849-2412762909-1002 - Limited - Enabled) User (S-1-5-21-1911445591-1791779849-2412762909-1000 - Administrator - Enabled) => C:\Users\User ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/25/2015 10:45:10 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/19/2015 06:07:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TS3W.exe, Version: 0.2.0.209, Zeitstempel: 0x52d872da Name des fehlerhaften Moduls: TS3W.exe, Version: 0.2.0.209, Zeitstempel: 0x52d872da Ausnahmecode: 0xc0000005 Fehleroffset: 0x000714d7 ID des fehlerhaften Prozesses: 0x10f0 Startzeit der fehlerhaften Anwendung: 0xTS3W.exe0 Pfad der fehlerhaften Anwendung: TS3W.exe1 Pfad des fehlerhaften Moduls: TS3W.exe2 Berichtskennung: TS3W.exe3 Error: (01/17/2015 10:08:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm mpc-hc.exe, Version 1.7.1.247 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e34 Startzeit: 01d03299b8226084 Endzeit: 13 Anwendungspfad: C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe Berichts-ID: 076a9427-9e8d-11e4-afe3-e03f49ae5055 Error: (01/17/2015 05:55:22 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/14/2015 05:29:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/13/2015 05:23:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x13c4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/12/2015 05:14:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/12/2015 03:56:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 34.0.5.5443 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15b0 Startzeit: 01d02e75cb098674 Endzeit: 32 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: 3ce78136-9a6b-11e4-9c5c-e03f49ae5055 Error: (01/12/2015 03:56:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x17dc Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/12/2015 03:40:53 PM) (Source: DUMeterSvc) (EventID: 0) (User: ) Description: Cannot create process as user (Zugriff verweigert) System errors: ============= Error: (01/25/2015 08:42:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (01/25/2015 08:42:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (01/25/2015 03:43:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (01/25/2015 03:43:15 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (01/25/2015 03:41:46 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (01/25/2015 03:41:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (01/25/2015 02:08:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (01/25/2015 02:06:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (01/25/2015 02:06:05 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (01/24/2015 07:30:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Microsoft Office Sessions: ========================= Error: (01/25/2015 10:45:10 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8100\DriverStore\Pipeline\amd64\hpinkins5B12.exe Error: (01/19/2015 06:07:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: TS3W.exe0.2.0.20952d872daTS3W.exe0.2.0.20952d872dac0000005000714d710f001d0339dd7f2115dJ:\Sims3\Base\Game\Bin\TS3W.exeJ:\Sims3\Base\Game\Bin\TS3W.exe1ff8db39-9f99-11e4-8998-e03f49ae5055 Error: (01/17/2015 10:08:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: mpc-hc.exe1.7.1.247e3401d03299b822608413C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe076a9427-9e8d-11e4-afe3-e03f49ae5055 Error: (01/17/2015 05:55:22 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8100\DriverStore\Pipeline\amd64\hpinkins5B12.exe Error: (01/14/2015 05:29:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8100\DriverStore\Pipeline\amd64\hpinkins5B12.exe Error: (01/13/2015 05:23:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d664800000030000142513c401d02f4ab97a4d82C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll80506778-9b40-11e4-9a21-e03f49ae5055 Error: (01/12/2015 05:14:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8100\DriverStore\Pipeline\amd64\hpinkins5B12.exe Error: (01/12/2015 03:56:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe34.0.5.544315b001d02e75cb09867432C:\Program Files\Mozilla Firefox\firefox.exe3ce78136-9a6b-11e4-9c5c-e03f49ae5055 Error: (01/12/2015 03:56:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d664800000030000142517dc01d02e75e63c4af1C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll3e7ef001-9a6b-11e4-9c5c-e03f49ae5055 Error: (01/12/2015 03:40:53 PM) (Source: DUMeterSvc) (EventID: 0) (User: ) Description: Cannot create process as user (Zugriff verweigert) ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz Percentage of memory in use: 41% Total physical RAM: 3537.55 MB Available physical RAM: 2062.89 MB Total Pagefile: 7073.38 MB Available Pagefile: 5354.18 MB Total Virtual: 2047.88 MB Available Virtual: 1875.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:422.21 GB) NTFS Drive f: (DL) (Fixed) (Total:931.51 GB) (Free:603.87 GB) NTFS Drive g: (Fotos) (Fixed) (Total:976.56 GB) (Free:912.77 GB) NTFS Drive h: (Daten) (Fixed) (Total:390.62 GB) (Free:248.78 GB) NTFS Drive i: (EBooks) (Fixed) (Total:195.31 GB) (Free:165.9 GB) NTFS Drive j: (Spiele) (Fixed) (Total:485.5 GB) (Free:438.77 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: A31A5467) Partition 1: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=485.5 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 93FD93FD) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E133E1F4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
25.01.2015, 16:08 | #6 |
/// the machine /// TB-Ausbilder | unbekanntes Symbol/Icon am Desktop aufgetaucht Logs sehen gut aus. Gewusst wie: Durchführen eines sauberen Neustarts in Windows Bitte einen Clean Boot machen. Wenn das Problem dann weg ist, einzeln wieder Dienste aktivieren, dazwischen immer einen Reboot machen. Solange bis Du weißt welcher Dienst die Probleme macht. Diesen dann hier benennen.
__________________ --> unbekanntes Symbol/Icon am Desktop aufgetaucht |
26.01.2015, 07:10 | #7 |
| unbekanntes Symbol/Icon am Desktop aufgetaucht Seltsam.... dieses icon scheint von Comodo zu kommen; wenn ich die Firewall abschalte ist es auch weg; sobald ich Comodo wieder aktiviere poppt es nach einiger Zeit wieder auf. Danke für die viele Mühe, ohne diese aufwendige Prozedur hätt ich den Urheber wohl nicht gefunden. Ich werd mich jetzt bei Comodo erkundigen, was dieses Ding sein soll. |
26.01.2015, 11:54 | #8 |
/// the machine /// TB-Ausbilder | unbekanntes Symbol/Icon am Desktop aufgetaucht Ja ist von Comodo, weiß ich jetzt mittlerweile auch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu unbekanntes Symbol/Icon am Desktop aufgetaucht |
aktiviert, aufgetaucht, desktop, direkt, dubiose, extrem, installier, installiert, mauszeiger, reagiert, rechte, rechten, seite, seiten, software, tagen, taskleiste, taucht, unbekanntes, verschieben, weisse, windows |