Feuerzeichen | 04.08.2014 18:56 | Default-Search bleibt auch nach Neustart als Startseite Hallo liebes Trojaner-Team,
nur durch Zufall bin ich beim Cookies löschen in den Internetoptionen darauf aufmerksam geworden, dass statt meiner normalen Mozilla-Startseite dort irgendetwas mit Default-Search stand...habe dann gleich mal den Malwarebytesscanner durchlaufen lassen und dabei kam auch ein Fund heraus.
Hier kommen das Malwarebytesfile sowie alle von euch geforderten Log-Files: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 04.08.2014
Suchlauf-Zeit: 17:51:29
Logdatei: malwarebytes-log.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.08.04.05
Rootkit Datenbank: v2014.08.01.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Sonja
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 289047
Verstrichene Zeit: 39 Min, 18 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 1
PUP.Optional.SystemK.A, HKLM\SOFTWARE\SystemK, , [6ffb9130e497eb4b4296e2ef12f0b050],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by Sonja (administrator) on SONJAMOBIL on 04-08-2014 19:00:01
Running from C:\Users\Sonja\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\AsusService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTek) C:\Program Files\ASUS\LivCam\LivCam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\Run: [] => [X]
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {71a88601-916e-11df-b548-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {71a88635-916e-11df-b548-485b3952c3ae} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000\...\MountPoints2: {75088a55-8ea8-11df-bc01-485b3952c3ae} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2402262172-657694341-2311227042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2402262172-657694341-2311227042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X]
HKU\S-1-5-21-2402262172-657694341-2311227042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {71a88601-916e-11df-b548-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {71a88635-916e-11df-b548-485b3952c3ae} - E:\AutoRun.exe
HKU\S-1-5-21-2402262172-657694341-2311227042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {75088a55-8ea8-11df-bc01-485b3952c3ae} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk
ShortcutTarget: Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\ASUS\ASUS WebStorage\3.0.143.296\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\ASUS\ASUS WebStorage\3.0.143.296\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files\ASUS\ASUS WebStorage\3.0.143.296\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\abs@avira.com [2014-08-04]
FF Extension: Youtube MP3 Podcaster - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-06-17]
FF Extension: Garmin Communicator - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: WOT - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-14]
FF Extension: anonymoX - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\client@anonymox.net.xpi [2013-10-04]
FF Extension: YouTube HD - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2013-10-04]
FF Extension: NoScript - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-14]
FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-08-17] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 MBAMSwissArmy; C:\windows\System32\drivers\MBAMSwissArmy.sys [110296 2014-08-04] (Malwarebytes Corporation)
R3 PSI; C:\windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-14] (Avira GmbH)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 19:00 - 2014-08-04 19:01 - 00015456 _____ () C:\Users\Sonja\Desktop\FRST.txt
2014-08-04 18:59 - 2014-08-04 19:00 - 00000000 ____D () C:\FRST
2014-08-04 18:58 - 2014-08-04 18:58 - 01084928 _____ (Farbar) C:\Users\Sonja\Desktop\FRST.exe
2014-08-04 18:54 - 2014-08-04 18:55 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log
2014-08-04 18:54 - 2014-08-04 18:54 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-08-04 18:53 - 2014-08-04 18:53 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe
2014-08-04 17:28 - 2014-08-04 17:28 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieUserList
2014-08-04 17:28 - 2014-08-04 17:28 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieSiteList
2014-08-04 14:01 - 2014-08-04 17:27 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Opera Software
2014-08-04 14:01 - 2014-08-04 17:27 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Opera Software
2014-08-04 14:00 - 2014-08-04 17:27 - 00000000 ____D () C:\Program Files\Opera
2014-08-04 13:56 - 2014-08-04 13:56 - 00873568 _____ (Opera Software) C:\Users\Sonja\Downloads\Opera_NI_stable.exe
2014-07-31 21:44 - 2014-07-31 21:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-20 11:09 - 2014-07-20 11:07 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-20 11:08 - 2014-07-20 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 11:08 - 2014-07-20 11:07 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-20 11:08 - 2014-07-20 11:07 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-20 11:08 - 2014-07-20 11:07 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-07-09 22:21 - 2014-07-09 22:21 - 05018624 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2014-07-09 21:58 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 21:58 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 21:58 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 21:58 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 21:58 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 21:58 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 21:58 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 21:58 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 21:58 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 21:58 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 21:58 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 21:58 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 21:58 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 21:58 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 21:58 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 21:58 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 21:58 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 21:58 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 21:58 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 21:58 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 21:58 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 21:58 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 21:58 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 21:58 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 21:58 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 21:57 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 21:57 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 21:57 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 21:57 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 21:57 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 21:57 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 21:57 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 21:56 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 21:56 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 21:56 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 21:56 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 21:56 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 21:56 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 21:56 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 21:56 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 21:56 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 21:55 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 19:01 - 2014-08-04 19:00 - 00015456 _____ () C:\Users\Sonja\Desktop\FRST.txt
2014-08-04 19:00 - 2014-08-04 18:59 - 00000000 ____D () C:\FRST
2014-08-04 18:58 - 2014-08-04 18:58 - 01084928 _____ (Farbar) C:\Users\Sonja\Desktop\FRST.exe
2014-08-04 18:55 - 2014-08-04 18:54 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log
2014-08-04 18:54 - 2014-08-04 18:54 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-08-04 18:54 - 2010-06-29 16:49 - 00000000 ____D () C:\Users\Sonja
2014-08-04 18:53 - 2014-08-04 18:53 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe
2014-08-04 18:19 - 2013-07-27 11:33 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-04 18:14 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 18:14 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 17:58 - 2010-06-30 09:30 - 01215890 _____ () C:\windows\WindowsUpdate.log
2014-08-04 17:50 - 2014-04-09 10:29 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:49 - 2014-04-13 17:03 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:49 - 2014-04-13 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:49 - 2014-04-13 17:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 17:40 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-04 17:40 - 2009-07-14 06:39 - 00093220 _____ () C:\windows\setupact.log
2014-08-04 17:28 - 2014-08-04 17:28 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieUserList
2014-08-04 17:28 - 2014-08-04 17:28 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieSiteList
2014-08-04 17:27 - 2014-08-04 14:01 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Opera Software
2014-08-04 17:27 - 2014-08-04 14:01 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Opera Software
2014-08-04 17:27 - 2014-08-04 14:00 - 00000000 ____D () C:\Program Files\Opera
2014-08-04 14:26 - 2014-06-13 15:00 - 00005683 _____ () C:\windows\SecuniaPackage.log
2014-08-04 14:21 - 2012-04-30 21:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-04 14:21 - 2010-01-07 00:21 - 00358886 _____ () C:\windows\PFRO.log
2014-08-04 13:56 - 2014-08-04 13:56 - 00873568 _____ (Opera Software) C:\Users\Sonja\Downloads\Opera_NI_stable.exe
2014-07-31 21:45 - 2014-07-31 21:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-25 17:14 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-25 17:13 - 2010-07-21 13:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 21:16 - 2010-07-21 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 19:43 - 2013-05-02 11:14 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-23 10:52 - 2010-06-29 17:25 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-07-20 11:08 - 2014-07-20 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 11:07 - 2014-07-20 11:09 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-20 11:07 - 2014-07-20 11:08 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-20 11:07 - 2014-07-20 11:08 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-20 11:07 - 2014-07-20 11:08 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-07-20 11:07 - 2010-06-29 17:36 - 00000000 ____D () C:\Program Files\Java
2014-07-15 21:04 - 2009-07-25 09:50 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-15 20:56 - 2009-07-14 06:33 - 00377248 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-12 17:59 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-07-12 17:05 - 2013-08-05 16:14 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 22:51 - 2010-06-29 18:13 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 22:27 - 2013-07-27 11:33 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 22:27 - 2013-06-19 11:18 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 22:21 - 2014-07-09 22:21 - 05018624 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\avgnt.exe
C:\Users\Sonja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpul8crp.dll
C:\Users\Sonja\AppData\Local\Temp\install_flashplayer13x32_mssa_aaa_aih.exe
C:\Users\Sonja\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-18 15:12
==================== End Of Log ============================ Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by Sonja at 2014-08-04 19:02:02
Running from C:\Users\Sonja\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 1.1.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\{3FC9A6DE-C105-4576-8F63-656FFB1BF8EB}) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ASUS VIBE (HKLM\...\ASUS VIBE) (Version: 1.0.173 - Ecareme, Inc.)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 3.0.143.296 - ASUS Cloud Corporation)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.03.06 - ASUSTeK Computer Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Boingo Wi-Fi (HKLM\...\{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3608 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3608 - CyberLink Corp.) Hidden
doPDF 7.1 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Eee Docking 3.6.0 (HKLM\...\Eee Docking_is1) (Version: 3.6.0 - ASUSTek Computer Inc.)
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0008 - ASUS)
EeeSplendid (Version: 5.1.2.0008 - ASUS) Hidden
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Garmin Communicator Plugin (HKLM\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.15 - AsusTek Computer)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LivCam (HKLM\...\{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}) (Version: 1.0.9.1 - ASUS)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.19 - Asus)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.302.06.03.545 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.1 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5948 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.10 - AsusTek Computer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{DD7A785B-45C9-4DDB-A726-0889F7A9C006}) (Version: 1.1.0.2 - Western Digital)
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Phone app for desktop (HKLM\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2402262172-657694341-2311227042-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402262172-657694341-2311227042-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2402262172-657694341-2311227042-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2402262172-657694341-2311227042-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2402262172-657694341-2311227042-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2402262172-657694341-2311227042-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402262172-657694341-2311227042-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402262172-657694341-2311227042-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2402262172-657694341-2311227042-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-07-2014 17:19:02 Windows Update
18-07-2014 09:16:12 Windows Update
22-07-2014 17:33:05 Windows Update
24-07-2014 19:12:24 Windows Update
29-07-2014 19:38:34 Windows Update
04-08-2014 11:44:56 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {44FCB3D5-BB80-447C-8BAC-E75EF616DA3E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {617CE225-6D8D-4A13-AF40-640C33F4AC81} - System32\Tasks\{8AA74DD1-779F-42D7-8D60-71E93F876F2C} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-18] (Skype Technologies S.A.)
Task: {BCBD4218-25C7-4D3E-97E7-1BC5581A7239} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {D905D69B-9F58-4BE7-8F3E-506D826C0425} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2402262172-657694341-2311227042-1000
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-01-06 23:47 - 2009-08-19 03:35 - 00219136 _____ () C:\Windows\System32\AsusService.exe
2011-05-21 23:19 - 2003-05-19 21:16 - 00120320 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-07 00:30 - 2009-12-30 01:28 - 00104960 _____ () C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
2009-09-16 00:30 - 2009-09-16 00:30 - 00376832 _____ () C:\Program Files\ASUS\LivCam\SMIUtility.dll
2009-08-28 01:38 - 2009-08-28 01:38 - 00803304 _____ () C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
2009-08-28 01:45 - 2009-08-28 01:45 - 00120808 _____ () C:\Program Files\Asus\LiveUpdate\ClientSocket.dll
2009-08-28 02:29 - 2009-08-28 02:29 - 00182240 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2009-08-28 02:22 - 2009-08-28 02:22 - 00161768 _____ () C:\Program Files\Asus\LiveUpdate\Enumeration.dll
2014-07-31 21:44 - 2014-07-31 21:45 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/04/2014 05:40:35 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (08/04/2014 02:22:10 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (08/04/2014 01:50:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x13f8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/28/2014 08:13:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x14e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/28/2014 08:13:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 30.0.0.5269 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1478
Startzeit: 01cfaa87a864fcf8
Endzeit: 4743
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: b4623e6f-1682-11e4-b83d-485b3952c3ae
Error: (07/25/2014 06:53:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 30.0.0.5269 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b3c
Startzeit: 01cfa81b57d302fb
Endzeit: 2435
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: 168978cc-141c-11e4-b83d-485b3952c3ae
Error: (07/25/2014 05:14:16 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (07/20/2014 10:52:23 AM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (07/16/2014 05:51:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 30.0.0.5269 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 154c
Startzeit: 01cfa10af272da1a
Endzeit: 593
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
Error: (07/15/2014 08:56:10 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
System errors:
=============
Error: (08/04/2014 05:41:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (08/04/2014 05:22:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (08/04/2014 02:30:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.
Error: (08/04/2014 02:22:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/28/2014 06:53:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (07/25/2014 06:52:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.179.1033.0)
Error: (07/25/2014 05:19:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Defender" wurde nicht richtig gestartet.
Error: (07/25/2014 05:15:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/24/2014 07:41:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (07/22/2014 07:04:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
Microsoft Office Sessions:
=========================
Error: (08/04/2014 05:40:35 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (08/04/2014 02:22:10 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (08/04/2014 01:50:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b13f801cfafda264371d2C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll83e18b41-1bcd-11e4-b83d-485b3952c3ae
Error: (07/28/2014 08:13:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b14e801cfaa8e03f8395bC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dlldd7c5be3-1682-11e4-b83d-485b3952c3ae
Error: (07/28/2014 08:13:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe30.0.0.5269147801cfaa87a864fcf84743C:\Program Files\Mozilla Firefox\firefox.exeb4623e6f-1682-11e4-b83d-485b3952c3ae
Error: (07/25/2014 06:53:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe30.0.0.5269b3c01cfa81b57d302fb2435C:\Program Files\Mozilla Firefox\firefox.exe168978cc-141c-11e4-b83d-485b3952c3ae
Error: (07/25/2014 05:14:16 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (07/20/2014 10:52:23 AM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (07/16/2014 05:51:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe30.0.0.5269154c01cfa10af272da1a593C:\Program Files\Mozilla Firefox\firefox.exe
Error: (07/15/2014 08:56:10 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
==================== Memory info ===========================
Percentage of memory in use: 84%
Total physical RAM: 1014.18 MB
Available physical RAM: 154.44 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 780.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.08 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:61.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:109.09 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E6086D7A)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=123 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=18 MB) - (Type=EF)
==================== End Of Log ============================ Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-04 19:40:24
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\ugtiruow.sys
---- System - GMER 2.1 ----
SSDT 899F25AE ZwCreateSection
SSDT 899F25B8 ZwRequestWaitReplyPort
SSDT 899F25B3 ZwSetContextThread
SSDT 899F25BD ZwSetSecurityObject
SSDT 899F25C2 ZwSystemDebugControl
SSDT 899F254F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81C5AA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C94212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81C9B58C 4 Bytes [AE, 25, 9F, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81C9B8E8 4 Bytes [B8, 25, 9F, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81C9B92C 4 Bytes [B3, 25, 9F, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81C9B9A8 4 Bytes [BD, 25, 9F, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81C9B9FC 4 Bytes [C2, 25, 9F, 89]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d1ad91
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d1ad91 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
---- EOF - GMER 2.1 ---- Vielen vielen Dank schonmal für eure Hilfe!
Liebe Grüße
Sonja |