SystemkService.exe und andere gefunden
Hallo liebes Team,
mein Computer ist seit einiger Zeit extrem langsam. Malewarebytes hat diverse Maleware gefunden. Kann mir jemand helfen?
Vielen Dank schonmal! Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:53 on 08/06/2014 (Julia)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by Julia (administrator) on JULIA-PC on 08-06-2014 08:54:53
Running from C:\Users\Julia\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(BUP) C:\Users\Julia\AppData\Roaming\BupSystem\bup.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(APN LLC.) C:\Users\Julia\AppData\Local\VNT\vntldr.exe
(Western Digital) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Dropbox, Inc.) C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
() C:\Users\Julia\Downloads\Defogger.exe
(Farbar) C:\Users\Julia\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM\...\Run: [VNT] => C:\Program Files\VNT\vntldr.exe [195536 2014-02-13] (APN LLC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-3894828983-1079238010-610003492-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-3894828983-1079238010-610003492-1001\...\MountPoints2: {1802ab2f-d537-11e0-8c2b-e02a822156fe} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3894828983-1079238010-610003492-1001\...\MountPoints2: {643105d7-aec8-11e1-90c0-e02a822156fe} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3894828983-1079238010-610003492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-3894828983-1079238010-610003492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1802ab2f-d537-11e0-8c2b-e02a822156fe} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3894828983-1079238010-610003492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {643105d7-aec8-11e1-90c0-e02a822156fe} - E:\.\Setup.exe AUTORUN=1
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12791&tm=361&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEE774FD13168CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - (No Name) - {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12791&tm=361&src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12791&tm=361&src=ds&p={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628
FF SearchEngineOrder.1: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12791&tm=361&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12791&tm=361&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxy Security - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\Extensions\sys@foxysecurity.com [2014-05-28]
FF Extension: Settings Manager - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0} [2014-05-28]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2014-02-21]
FF Extension: Adblock Plus - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-13]
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12791&tm=361&src=hmp"
CHR StartupUrls: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12791&tm=361&src=hmp"
CHR DefaultSearchProvider: default-search.net
CHR DefaultSearchURL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12791&tm=361&src=ds&p={searchTerms}
CHR Extension: (Skype Click to Call) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-22]
CHR Extension: (No Name) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljimjhojfmofiknegekaamldkbbaccbh [2012-09-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2014-02-21]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Julia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-04]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 bupService; C:\Users\Julia\AppData\Roaming\BupSystem\bup.exe [642048 2014-04-14] (BUP)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-08 08:54 - 2014-06-08 08:54 - 01063424 _____ (Farbar) C:\Users\Julia\Downloads\FRST(1).exe
2014-06-08 08:53 - 2014-06-08 08:54 - 00000472 _____ () C:\Users\Julia\Downloads\defogger_disable.log
2014-06-08 08:53 - 2014-06-08 08:53 - 00000000 _____ () C:\Users\Julia\defogger_reenable
2014-06-08 08:51 - 2014-06-08 08:51 - 00050477 _____ () C:\Users\Julia\Downloads\Defogger.exe
2014-06-07 21:38 - 2014-06-07 21:38 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Apple Computer
2014-06-07 19:08 - 2014-06-08 08:44 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 19:08 - 2014-06-07 19:08 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 19:08 - 2014-06-07 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-07 19:08 - 2014-06-07 19:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-07 19:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-07 19:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-07 19:08 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-07 19:07 - 2014-06-07 19:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julia\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 15:39 - 2014-06-03 15:39 - 00120164 _____ () C:\Users\Julia\Documents\Plakat für erstes Treffen.odt
2014-05-31 13:44 - 2014-06-08 00:15 - 00000000 ____D () C:\Users\Julia\Documents\Wohnung Dieffenbachstraße
2014-05-28 17:58 - 2014-06-07 21:02 - 00000000 ____D () C:\Program Files\Settings Manager
2014-05-28 17:58 - 2014-05-28 17:58 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\BupSystem
2014-05-28 17:57 - 2014-05-28 17:58 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Security Systems
2014-05-28 17:57 - 2014-05-28 17:57 - 00000000 __SHD () C:\Users\Julia\AppData\Local\EmieUserList
2014-05-28 17:57 - 2014-05-28 17:57 - 00000000 __SHD () C:\Users\Julia\AppData\Local\EmieSiteList
2014-05-28 17:55 - 2014-05-28 17:56 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-28 17:55 - 2014-05-28 17:55 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-05-28 17:55 - 2014-05-28 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-28 17:55 - 2014-05-28 17:55 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 17:53 - 2014-05-28 17:53 - 00000000 ____D () C:\Users\Julia\AppData\Local\Apple
2014-05-28 17:53 - 2014-05-28 17:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-28 17:52 - 2014-05-28 17:52 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-05-28 17:52 - 2014-05-28 17:52 - 00000000 ____D () C:\ProgramData\Apple
2014-05-28 17:52 - 2014-05-28 17:52 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-05-28 17:51 - 2014-05-28 17:52 - 41945432 _____ (Apple Inc.) C:\Users\Julia\Desktop\QuickTimeInstaller_multilingue.exe
2014-05-27 14:09 - 2014-05-28 17:02 - 00000000 ____D () C:\Users\Julia\Documents\Material Lücke-Kurse
2014-05-21 13:22 - 2014-05-22 12:13 - 00000000 ____D () C:\Users\Julia\Documents\CSM Projekt
2014-05-19 10:30 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-05-19 10:30 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-05-19 10:30 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-05-19 10:30 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-05-19 10:30 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-05-19 10:30 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-05-19 10:30 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-05-19 10:30 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-05-19 10:30 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-05-16 13:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 13:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 13:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 07:28 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 07:28 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 07:27 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:27 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:27 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:27 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 07:27 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:27 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:27 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:27 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:27 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 07:27 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:27 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:27 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 07:27 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 10:00 - 2014-05-13 10:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-06-08 08:55 - 2013-11-18 11:46 - 00000000 ____D () C:\FRST
2014-06-08 08:55 - 2011-08-31 20:18 - 00000000 ____D () C:\Users\Julia\AppData\Local\Temp
2014-06-08 08:54 - 2014-06-08 08:54 - 01063424 _____ (Farbar) C:\Users\Julia\Downloads\FRST(1).exe
2014-06-08 08:54 - 2014-06-08 08:53 - 00000472 _____ () C:\Users\Julia\Downloads\defogger_disable.log
2014-06-08 08:54 - 2013-11-18 11:47 - 00016006 _____ () C:\Users\Julia\Downloads\FRST.txt
2014-06-08 08:53 - 2014-06-08 08:53 - 00000000 _____ () C:\Users\Julia\defogger_reenable
2014-06-08 08:53 - 2011-08-31 20:18 - 00000000 ____D () C:\Users\Julia
2014-06-08 08:52 - 2009-07-14 06:34 - 00015824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 08:52 - 2009-07-14 06:34 - 00015824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 08:51 - 2014-06-08 08:51 - 00050477 _____ () C:\Users\Julia\Downloads\Defogger.exe
2014-06-08 08:44 - 2014-06-07 19:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 08:41 - 2012-10-16 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 08:41 - 2011-09-05 13:51 - 00000000 ___RD () C:\Users\Julia\Dropbox
2014-06-08 08:41 - 2011-09-05 13:49 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Dropbox
2014-06-08 08:40 - 2014-04-04 11:33 - 00000000 ___RD () C:\Users\Julia\Google Drive
2014-06-08 08:40 - 2014-04-02 10:17 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\DropboxMaster
2014-06-08 08:39 - 2011-09-02 11:56 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-08 08:38 - 2011-09-03 03:19 - 00297412 _____ () C:\Windows\PFRO.log
2014-06-08 08:38 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 08:38 - 2009-07-14 06:39 - 00081239 _____ () C:\Windows\setupact.log
2014-06-08 00:16 - 2011-08-31 20:11 - 01738126 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 00:15 - 2014-05-31 13:44 - 00000000 ____D () C:\Users\Julia\Documents\Wohnung Dieffenbachstraße
2014-06-07 23:59 - 2011-09-02 11:56 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 21:40 - 2011-09-05 13:51 - 00001017 _____ () C:\Users\Julia\Desktop\Dropbox.lnk
2014-06-07 21:40 - 2011-09-05 13:50 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-07 21:38 - 2014-06-07 21:38 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Apple Computer
2014-06-07 21:02 - 2014-05-28 17:58 - 00000000 ____D () C:\Program Files\Settings Manager
2014-06-07 21:02 - 2012-09-04 15:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-07 21:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Cursors
2014-06-07 19:08 - 2014-06-07 19:08 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 19:08 - 2014-06-07 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-07 19:08 - 2014-06-07 19:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-07 19:08 - 2013-11-17 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 19:07 - 2014-06-07 19:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julia\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 10:40 - 2011-09-09 13:34 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-06-04 09:33 - 2014-03-09 21:04 - 00000000 ____D () C:\supergeil
2014-06-03 15:39 - 2014-06-03 15:39 - 00120164 _____ () C:\Users\Julia\Documents\Plakat für erstes Treffen.odt
2014-05-29 01:04 - 2011-12-01 23:55 - 00034816 ___SH () C:\Users\Julia\Thumbs.db
2014-05-28 17:58 - 2014-05-28 17:58 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\BupSystem
2014-05-28 17:58 - 2014-05-28 17:57 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Security Systems
2014-05-28 17:57 - 2014-05-28 17:57 - 00000000 __SHD () C:\Users\Julia\AppData\Local\EmieUserList
2014-05-28 17:57 - 2014-05-28 17:57 - 00000000 __SHD () C:\Users\Julia\AppData\Local\EmieSiteList
2014-05-28 17:56 - 2014-05-28 17:55 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-28 17:55 - 2014-05-28 17:55 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-05-28 17:55 - 2014-05-28 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-28 17:55 - 2014-05-28 17:55 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 17:53 - 2014-05-28 17:53 - 00000000 ____D () C:\Users\Julia\AppData\Local\Apple
2014-05-28 17:53 - 2014-05-28 17:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-28 17:52 - 2014-05-28 17:52 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-05-28 17:52 - 2014-05-28 17:52 - 00000000 ____D () C:\ProgramData\Apple
2014-05-28 17:52 - 2014-05-28 17:52 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-05-28 17:52 - 2014-05-28 17:51 - 41945432 _____ (Apple Inc.) C:\Users\Julia\Desktop\QuickTimeInstaller_multilingue.exe
2014-05-28 17:51 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-28 17:02 - 2014-05-27 14:09 - 00000000 ____D () C:\Users\Julia\Documents\Material Lücke-Kurse
2014-05-28 17:02 - 2014-03-10 12:27 - 00000000 ____D () C:\Users\Julia\Documents\Magdalena
2014-05-25 13:24 - 2011-09-02 11:57 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 13:23 - 2014-04-30 22:30 - 00000000 ____D () C:\Users\Julia\Documents\Antrag starkgemacht
2014-05-25 13:23 - 2014-04-20 11:15 - 00000000 ____D () C:\Users\Julia\Documents\Filmprojekt Arianna Forever
2014-05-22 12:13 - 2014-05-21 13:22 - 00000000 ____D () C:\Users\Julia\Documents\CSM Projekt
2014-05-20 12:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-20 10:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-20 10:20 - 2014-01-07 00:22 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-20 10:20 - 2014-01-07 00:22 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-19 14:59 - 2011-09-02 11:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-19 11:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-19 11:00 - 2014-05-07 08:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 14:10 - 2013-07-15 10:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 14:06 - 2011-11-22 11:16 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 07:39 - 2012-10-16 16:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 07:39 - 2011-09-01 01:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 10:00 - 2014-05-13 10:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 07:26 - 2014-06-07 19:08 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-07 19:08 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-07 19:08 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 09:06 - 2014-05-15 07:28 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-15 07:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Julia\AppData\Local\Temp\AskSLib.dll
C:\Users\Julia\AppData\Local\Temp\avgnt.exe
C:\Users\Julia\AppData\Local\Temp\contentDATs.exe
C:\Users\Julia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbxcvi3.dll
C:\Users\Julia\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\Julia\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe
C:\Users\Julia\AppData\Local\Temp\installhelper.dll
C:\Users\Julia\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Julia\AppData\Local\Temp\OSU.exe
C:\Users\Julia\AppData\Local\Temp\Quarantine.exe
C:\Users\Julia\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Julia\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Julia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Julia\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Julia\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Julia\AppData\Local\Temp\tbFree.dll
C:\Users\Julia\AppData\Local\Temp\Uninstaller.exe
C:\Users\Julia\AppData\Local\Temp\UninstallerFre.dll
C:\Users\Julia\AppData\Local\Temp\UninstallerSpa.dll
C:\Users\Julia\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Julia\AppData\Local\Temp\WTGXMLUtil.dll
C:\Users\Julia\AppData\Local\Temp\WZCPlugin_VISTA.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-31 12:15
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by Julia at 2014-06-08 09:10:23
Running from C:\Users\Julia\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Auslogics BoostSpeed (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.4 - Auslogics Software Pty Ltd)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0A03}) (Version: 12.10.3.4488 - APN, LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Foxy Security (HKLM\...\Foxy Security) (Version: - )
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HyperCam 3 (HKLM\...\HyperCam 3) (Version: 3.2.1107.8 - Solveig Multimedia)
MAGIX Screenshare (HKLM\...\{D6A5B908-426D-4F00-B7DE-D59DFD51E0E8}) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - )
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)
Winamp (HKLM\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
==================== Restore Points =========================
16-05-2014 11:34:29 Windows Update
20-05-2014 08:19:23 Windows Update
23-05-2014 09:34:03 Windows Update
28-05-2014 15:53:53 Installed QuickTime 7
31-05-2014 09:49:26 Windows Update
04-06-2014 07:39:01 Windows Update
07-06-2014 12:15:15 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {13EB81E2-D97C-4EF7-ADED-49F3C88B0D14} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {22F6BF28-0632-4A77-9584-46EADBA0A7B9} - System32\Tasks\{78A70313-A149-4F2B-AB79-CC878127273C} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [2014-05-20] (Avira Operations GmbH & Co. KG)
Task: {663A8E1D-4269-4D88-8734-ADEA645FED56} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {70E7B75D-0DB5-446B-A9D4-A6FE6F483318} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-02] (Google Inc.)
Task: {8514144A-E251-4CB6-A786-1F0B42AD6127} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-02] (Google Inc.)
Task: {F429E222-DC51-4DDE-9CE1-76C34D5246D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-05-28 17:58 - 2014-05-28 17:58 - 00374272 _____ () C:\Users\Julia\AppData\Roaming\BupSystem\sub\default.dll
2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-07-29 15:24 - 2009-07-29 15:24 - 00504293 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2014-06-08 08:40 - 2014-06-08 08:40 - 00043008 _____ () c:\users\julia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbxcvi3.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Julia\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 16:19 - 2011-09-02 10:04 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-06-08 08:39 - 2014-06-08 08:39 - 00098816 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32api.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00110080 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\pywintypes27.dll
2014-06-08 08:39 - 2014-06-08 08:39 - 00364544 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\pythoncom27.dll
2014-06-08 08:39 - 2014-06-08 08:39 - 00045568 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\_socket.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 01159680 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\_ssl.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00320512 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32com.shell.shell.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00713216 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\_hashlib.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 01175040 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\wx._core_.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00805888 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\wx._gdi_.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00811008 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\wx._windows_.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 01062400 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\wx._controls_.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00735232 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\wx._misc_.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00128512 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\_elementtree.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00127488 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\pyexpat.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00557056 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\pysqlite2._sqlite.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00087552 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\_ctypes.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00119808 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32file.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00108544 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32security.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00018432 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32event.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00038912 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32inet.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00070656 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\wx._html2.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00167936 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32gui.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00011264 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32crypt.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00027136 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\_multiprocessing.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00122368 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\wx._wizard.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00010240 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\select.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00024064 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32pipe.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00686080 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\unicodedata.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00025600 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32pdh.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00525640 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\windows._lib_cacheinvalidation.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00035840 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32process.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00017408 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32profile.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00022528 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\win32ts.pyd
2014-06-08 08:39 - 2014-06-08 08:39 - 00078336 _____ () C:\Users\Julia\AppData\Local\Temp\_MEI38602\wx._animate.pyd
2014-05-13 10:00 - 2014-05-13 10:00 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-30 11:20 - 2014-04-30 11:20 - 03019888 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-04-30 11:20 - 2014-04-30 11:20 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-04-30 11:20 - 2014-04-30 11:20 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-06-08 08:51 - 2014-06-08 08:51 - 00050477 _____ () C:\Users\Julia\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/08/2014 08:39:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/08/2014 08:39:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/08/2014 08:39:05 AM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (06/08/2014 08:39:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/07/2014 09:38:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/07/2014 09:38:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/07/2014 09:03:29 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (06/07/2014 09:03:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/07/2014 01:12:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x534e91e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0850cd94
ID des fehlerhaften Prozesses: 0x1298
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (06/04/2014 09:31:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm soffice.bin, Version 3.3.9556.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5f8
Startzeit: 01cf7361d0b082b8
Endzeit: 532
Anwendungspfad: C:\Program Files\OpenOffice.org 3\program\soffice.bin
Berichts-ID:
System errors:
=============
Error: (06/08/2014 08:46:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/08/2014 08:46:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht.
Error: (06/08/2014 08:46:57 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (06/08/2014 08:41:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/08/2014 08:41:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Browser-Schutz erreicht.
Error: (06/07/2014 01:08:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (06/05/2014 09:09:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (06/03/2014 03:04:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (05/31/2014 11:37:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (05/28/2014 05:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "F06DEFF2-5B9C-490D-910F-35D3A91196222" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (06/08/2014 08:39:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (06/08/2014 08:39:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (06/08/2014 08:39:05 AM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (06/08/2014 08:39:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (06/07/2014 09:38:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (06/07/2014 09:38:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (06/07/2014 09:03:29 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (06/07/2014 09:03:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (06/07/2014 01:12:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d6727a7bho.dll_unloaded0.0.0.0534e91e7c00000050850cd94129801cf7fc70260d79dC:\Windows\explorer.exebho.dll8c1c8f29-ee34-11e3-a152-e02a822156fe
Error: (06/04/2014 09:31:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: soffice.bin3.3.9556.5005f801cf7361d0b082b8532C:\Program Files\OpenOffice.org 3\program\soffice.bin
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 1976.27 MB
Available physical RAM: 640.01 MB
Total Pagefile: 3952.53 MB
Available Pagefile: 1979.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:240.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 60D43F02)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-08 11:12:52
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60A23T0 rev.02.01A02 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Julia\AppData\Local\Temp\ugloypod.sys
---- System - GMER 2.1 ----
SSDT 95A531EE ZwCreateSection
SSDT 95A531F8 ZwRequestWaitReplyPort
SSDT 95A531F3 ZwSetContextThread
SSDT 95A531FD ZwSetSecurityObject
SSDT 95A53202 ZwSystemDebugControl
SSDT 95A5318F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C5CA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C96212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9D58C 1 Byte [EE]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9D58C 4 Bytes [EE, 31, A5, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C9D8E8 4 Bytes JMP A531F882
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C9D92C 4 Bytes [F3, 31, A5, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C9D9A8 4 Bytes [FD, 31, A5, 95]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2676] ntdll.dll!LdrGetProcedureAddress + 26 77CA22A9 7 Bytes JMP 54C05720 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2676] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76D694E6 7 Bytes JMP 558A3624 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2676] kernel32.dll!QueryPerformanceCounter + 13 76D6C4E5 7 Bytes JMP 558A35DC C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2676] kernel32.dll!LoadAppInitDlls + 355 76D6F5A6 7 Bytes JMP 54C1650E C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2676] GDI32.dll!GetViewportOrgEx + 26C 77E1884B 7 Bytes JMP 558A364B C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3876] ntdll.dll!LdrLoadDll 77CA22AE 5 Bytes JMP 718F1EB1 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3876] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76D694E6 7 Bytes JMP 5E7384D6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3876] kernel32.dll!QueryPerformanceCounter + 13 76D6C4E5 7 Bytes JMP 5E7384F9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3876] kernel32.dll!LoadAppInitDlls + 355 76D6F5A6 7 Bytes JMP 5DDB3A32 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3876] GDI32.dll!GetViewportOrgEx + 26C 77E1884B 7 Bytes JMP 5E738457 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\BTHUSB \Device\00000089 bthport.sys
Device \Driver\BTHUSB \Device\0000008b bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{A60A4F72-9C71-44B2-9363-67BD4A8142E7}\Connection@Name isatap.{9E08E225-8FD6-4D70-B627-2BF370E42796}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a822156fe
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A60A4F72-9C71-44B2-9363-67BD4A8142E7}@InterfaceName isatap.{9E08E225-8FD6-4D70-B627-2BF370E42796}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A60A4F72-9C71-44B2-9363-67BD4A8142E7}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a822156fe (not active ControlSet)
---- EOF - GMER 2.1 ----
und dann hatte ich noch mit malewarebytes antimaleware einen scan durchgeführt: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 07.06.2014
Scan Time: 19:09:28
Logfile: log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.07.05
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Julia
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248125
Time Elapsed: 15 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 3
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, 420, , [5c457df82457e74fb4b5ed91926f6799]
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, 3760, , [5c457df82457e74fb4b5ed91926f6799]
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemku.exe, 4956, , [fba6195ce497f6401851215dbc45d42c]
Modules: 9
PUP.Optional.AztecMedia.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [d5cc6b0a6f0cd066c8c294cbb450d32d],
PUP.Optional.AztecMedia.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [d5cc6b0a6f0cd066c8c294cbb450d32d],
PUP.Optional.AztecMedia.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [d5cc6b0a6f0cd066c8c294cbb450d32d],
PUP.Optional.AztecMedia.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [d5cc6b0a6f0cd066c8c294cbb450d32d],
PUP.Optional.AztecMedia.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [d5cc6b0a6f0cd066c8c294cbb450d32d],
PUP.Optional.AztecMedia.A, C:\Program Files\Settings Manager\systemk\syskldr.dll, , [2180175e99e287afaecc7be46c98a45c],
PUP.Optional.AztecMedia.A, C:\Program Files\Settings Manager\systemk\syskldr.dll, , [2180175e99e287afaecc7be46c98a45c],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemk.dll, , [069b82f35c1f989e5712b3cb5aa7f60a],
PUP.Optional.SystemK.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF29.dll, , [1e833c39a3d8092da1c8cdb108f92bd5],
Registry Keys: 30
PUP.Optional.SystemK.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemkService, , [5c457df82457e74fb4b5ed91926f6799],
IPH.GenericBHO, HKLM\SOFTWARE\CLASSES\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, , [5b46561f7b0052e4eace27d9b8484cb4],
IPH.GenericBHO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, , [5b46561f7b0052e4eace27d9b8484cb4],
IPH.GenericBHO, HKU\S-1-5-21-3894828983-1079238010-610003492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, , [5b46561f7b0052e4eace27d9b8484cb4],
IPH.GenericBHO, HKU\S-1-5-21-3894828983-1079238010-610003492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, , [5b46561f7b0052e4eace27d9b8484cb4],
IPH.GenericBHO, HKLM\SOFTWARE\CLASSES\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}\INPROCSERVER32, , [5b46561f7b0052e4eace27d9b8484cb4],
PUP.Optional.SystemK.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A9119622, , [adf445304b30e155a4c55529aa5724dc],
PUP.Optional.SystemK.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A91196222, , [adf445304b30e155a4c55529aa5724dc],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [039ee59049322313f8543d30fd0425db],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, , [039ee59049322313f8543d30fd0425db],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [039ee59049322313f8543d30fd0425db],
PUP.Optional.Linkey.A, HKU\S-1-5-21-3894828983-1079238010-610003492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [039ee59049322313f8543d30fd0425db],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{726E90BE-DC22-4965-B215-E0784DC26F47}, , [039ee59049322313f8543d30fd0425db],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}, , [039ee59049322313f8543d30fd0425db],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}\INPROCSERVER32, , [039ee59049322313f8543d30fd0425db],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, , [623f83f2c1baad898330ba8023dfe61a],
PUP.Optional.Linkey.A, HKU\S-1-5-21-3894828983-1079238010-610003492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [a2ff472ebac1e84e5325347862a08779],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, , [7e2376ffc2b988aef487f0bc669c8c74],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK\General, , [772a94e13a415fd722d99d0ef111ca36],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK, , [8120d5a08cef072ffdffa605b151de22],
PUP.Optional.SavingsSideKick.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhdepfaagokllfmhfbcfmocaeigmoebo, , [455c65100b7049eda6f82a742fd3d42c],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3894828983-1079238010-610003492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [abf6561ffe7d82b404096c3c6b97bc44],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-3894828983-1079238010-610003492-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Settings Manager, , [4859a9cc93e8aa8c588287033ac848b8],
Registry Values: 2
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, hxxp://app.linkeyproject.com/popup/IE/background.js, , [7e2376ffc2b988aef487f0bc669c8c74]
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK|browser, ie ff cr, , [8120d5a08cef072ffdffa605b151de22]
Registry Data: 0
(No malicious items detected)
Folders: 10
PUP.Optional.SystemK.A, C:\ProgramData\systemk, , [356ce590bcbf2610ebbc9812b151837d],
PUP.Optional.Linkey.A, C:\Program Files\Linkey, , [a2ff472ebac1e84e5325347862a08779],
PUP.Optional.Linkey.A, C:\Program Files\Linkey\ChromeExtension, , [a2ff472ebac1e84e5325347862a08779],
PUP.Optional.Linkey.A, C:\Program Files\Linkey\IEExtension, , [a2ff472ebac1e84e5325347862a08779],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\content, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\content\js, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\skin, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.CrossRider.A, C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0, , [29788de817649d9968e2b7d97f83b24e],
Files: 57
PUP.Optional.AztecMedia.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [d5cc6b0a6f0cd066c8c294cbb450d32d],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, , [5c457df82457e74fb4b5ed91926f6799],
PUP.Optional.AztecMedia.A, C:\Program Files\Settings Manager\systemk\syskldr.dll, , [2180175e99e287afaecc7be46c98a45c],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemku.exe, , [fba6195ce497f6401851215dbc45d42c],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemk.dll, , [069b82f35c1f989e5712b3cb5aa7f60a],
PUP.Optional.SystemK.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF29.dll, , [1e833c39a3d8092da1c8cdb108f92bd5],
IPH.GenericBHO, C:\Users\Julia\AppData\LocalLow\systems ie bho\bho.dll, , [5b46561f7b0052e4eace27d9b8484cb4],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg, , [adf445304b30e155a4c55529aa5724dc],
PUP.Optional.Linkey.A, C:\Program Files\Linkey\IEExtension\iedll.dll, , [039ee59049322313f8543d30fd0425db],
PUP.Optional.AztecMedia.A, C:\Users\Julia\AppData\Local\Temp\nsq9838.tmp\Helper.dll, , [88199cd9bac1ae880883ce914eb64cb4],
PUP.Optional.AztecMedia.A, C:\Users\Julia\AppData\Local\Temp\nsq9838.tmp\Starter.exe, , [604192e32d4e989e93e90857788c7888],
PUP.Optional.AztecMedia.A, C:\Windows\Temp\nsq9309.tmp\Helper.dll, , [1988a6cf6d0e20164e3d332c21e3f60a],
PUP.Optional.Softonic.A, C:\Users\Julia\Downloads\SoftonicDownloader_fuer_quicktime.exe, , [bce5294c1d5e1b1b3a2c2ef478894bb5],
PUP.Optional.CrossRider.A, C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0.localstorage, , [cbd6482dde9d77bf122a6f3639c99070],
PUP.Optional.CrossRider.A, C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0.localstorage-journal, , [6a373c39235842f475c7287d11f113ed],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\general.cfg, , [356ce590bcbf2610ebbc9812b151837d],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\coordinator.cfg, , [356ce590bcbf2610ebbc9812b151837d],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\S-1-5-21-3894828983-1079238010-610003492-1001.cfg, , [356ce590bcbf2610ebbc9812b151837d],
PUP.Optional.DefaultSearch.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\searchplugins\default-search.xml, , [3071caab5b200e28a54d8328ef13f808],
PUP.Optional.DefaultSearch.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml, , [445dbdb80774dc5afcf70aa128daa957],
PUP.Optional.Linkey.A, C:\Program Files\Linkey\log.log, , [a2ff472ebac1e84e5325347862a08779],
PUP.Optional.Linkey.A, C:\Program Files\Linkey\Helper.dll, , [a2ff472ebac1e84e5325347862a08779],
PUP.Optional.Linkey.A, C:\Program Files\Linkey\Uninstall.exe, , [a2ff472ebac1e84e5325347862a08779],
PUP.Optional.Linkey.A, C:\Program Files\Linkey\ChromeExtension\ChromeExtension.crx, , [a2ff472ebac1e84e5325347862a08779],
PUP.Optional.Linkey.A, C:\Program Files\Linkey\IEExtension\iedll64.dll, , [a2ff472ebac1e84e5325347862a08779],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\chrome.manifest, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\install.rdf, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\content\button.css, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\content\overlay.xul, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\content\js\common.js, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\content\js\LinkeyManager.js, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\skin\bright_green_19_19.png, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\skin\default_19_19.png, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\skin\hard_green_19_19.png, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\skin\icon.png, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\skin\icon64.png, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\skin\orange_19_19.png, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\skin\red_19_19.png, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.Linkey.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\extensions\extension@linkeyproject.com\skin\yellow_19_19.png, , [752cf0856c0fbb7b743a2c5e9f63ac54],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\del_DM_DLL_nslABED.dll, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\del_DM_LL_nslABED.dll, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\del_mg_nslABED.dll, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\favicon.ico, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Helper.dll, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\syskldr_u.dll, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\systemkbho.dll, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\systemkChrome.dll, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\tbicon.exe, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Uninstall.exe, , [4859a9cc93e8aa8c588287033ac848b8],
PUP.Optional.CrossRider.A, C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0\1, , [29788de817649d9968e2b7d97f83b24e],
PUP.Optional.CrossRider.A, C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0\2, , [29788de817649d9968e2b7d97f83b24e],
PUP.Optional.DefaultSearch.A, C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage" : "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12791&tm=361&src=hmp",), ,[435e0372235845f1f4c21d7d90748f71]
PUP.Optional.DefaultSearch.A, C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage" : "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12791&tm=361&src=hmp",), ,[277a482d2f4cdc5aeccac4d6f410b64a]
PUP.Optional.DefaultSearch.A, C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "search_url" : "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12791&tm=361&src=ds&p={searchTerms}"), ,[851c3b3ad8a3280e8631b2e863a1aa56]
PUP.Optional.DefaultSearch.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12791&tm=361&src=hmp");), ,[3071730242395cdad6384c4f15ef9e62]
PUP.Optional.DefaultSearch.A, C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12791&tm=361&src=ds&p=");), ,[c5dc086d6516ba7c3bd4bddedf25df21]
Physical Sectors: 0
(No malicious items detected)
(end)
Vielen Dank und herzliche Grüße
Julia |
So funktioniert es:
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
SecurityCheck und:
