adware bundledz c virus von Avira gefunden
Hallo, liebe Helfer,
ich hatte vor einigen Wochen mehrere Viren auf dem Computer, die ich mit Hilfe eines Trojanerboard-Mitgliedes beseitigen konnte. Jetzt habe ich mal MSE durch Avira ersetzt und dieser wurde prompt fündig.
hier die Log von Avira: Code:
Exportierte Ereignisse:
07.01.2014 00:49 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Julia\Downloads\Codec-C.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Bundledz.C' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4575c3cd.qua'
verschoben!
07.01.2014 00:49 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Julia\Downloads\Codec-V.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Bundledz.C' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5de2ec6a.qua'
verschoben!
07.01.2014 00:49 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Julia\Downloads\Codec-C(1).exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Bundledz.C' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '172a9925.qua'
verschoben!
und die von FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by Julia (administrator) on JULIA-PC on 07-01-2014 10:48:10
Running from C:\Users\Julia\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(APN LLC.) C:\Users\Julia\AppData\Local\VNT\vntldr.exe
(Western Digital) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Dropbox, Inc.) C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM\...\Run: [VNT] - C:\Program Files\VNT\vntldr.exe [202192 2013-12-20] (APN LLC.)
MountPoints2: {1802ab2f-d537-11e0-8c2b-e02a822156fe} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {643105d7-aec8-11e1-90c0-e02a822156fe} - E:\.\Setup.exe AUTORUN=1
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEE774FD13168CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - (No Name) - {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi
FF Extension: Adblock Plus - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\585slyrb.default-1349868527628\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-07 10:47 - 2014-01-07 10:47 - 01064805 _____ (Farbar) C:\Users\Julia\Downloads\FRST.exe
2014-01-06 23:24 - 2014-01-06 23:24 - 00000000 ____D C:\Users\Julia\AppData\Local\VNT
2014-01-06 23:24 - 2014-01-06 23:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-06 23:24 - 2014-01-06 23:24 - 00000000 ____D C:\Program Files\VNT
2014-01-06 23:24 - 2014-01-06 23:24 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-06 23:23 - 2014-01-06 23:23 - 00000000 ____D C:\Users\Julia\AppData\Roaming\Avira
2014-01-06 23:23 - 2014-01-06 23:23 - 00000000 ____D C:\ProgramData\APN
2014-01-06 23:22 - 2014-01-06 23:22 - 00098160 _____ C:\ProgramData\1389046905.bdinstall.bin
2014-01-06 23:22 - 2014-01-06 23:22 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-06 23:22 - 2014-01-06 23:22 - 00000000 ____D C:\ProgramData\Avira
2014-01-06 23:22 - 2014-01-06 23:22 - 00000000 ____D C:\Program Files\Avira
2014-01-06 23:22 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-06 23:22 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-06 23:22 - 2013-12-09 11:37 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-01-06 23:22 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-06 23:22 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-01-06 23:21 - 2014-01-06 23:21 - 00037629 _____ C:\ProgramData\1389046903.bdinstall.bin
2014-01-06 23:05 - 2014-01-06 23:08 - 129598176 _____ C:\Users\Julia\Downloads\avira_free_antivirus_de.exe
2014-01-06 19:56 - 2014-01-06 19:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Julia\Downloads\mbam-setup-1.75.0.1300(2).exe
2014-01-06 19:49 - 2014-01-06 19:49 - 00222888 _____ C:\ProgramData\1389033879.bdinstall.bin
2014-01-06 19:47 - 2012-11-02 14:17 - 00242504 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-01-06 19:39 - 2014-01-06 19:39 - 00042660 _____ C:\ProgramData\1389033556.7568.bin
2014-01-06 19:39 - 2014-01-06 19:39 - 00002050 _____ C:\ProgramData\1389033556.6328.bin
2014-01-06 19:39 - 2014-01-06 19:39 - 00000189 _____ C:\ProgramData\1389033556.7124.bin
2014-01-06 19:37 - 2014-01-06 19:46 - 00000000 ____D C:\Users\Julia\AppData\Roaming\QuickScan
2014-01-06 19:37 - 2014-01-06 19:37 - 00045238 _____ C:\ProgramData\1389033432.bdinstall.bin
2014-01-06 19:36 - 2014-01-06 19:44 - 09927424 _____ C:\Users\Julia\Downloads\Antivirus_Free_Edition_x86.exe
2014-01-06 19:36 - 2014-01-06 19:36 - 00162208 _____ C:\Users\Julia\Downloads\Antivirus_Free_Edition(1).exe
2014-01-06 19:35 - 2014-01-06 19:35 - 00162208 _____ C:\Users\Julia\Downloads\Antivirus_Free_Edition.exe
2014-01-06 13:54 - 2014-01-06 13:54 - 00001095 _____ C:\Users\Julia\Desktop\Mass Storage Device - Verknüpfung.lnk
2014-01-06 13:25 - 2014-01-06 13:31 - 328324136 _____ (Microsoft Corporation) C:\Users\Julia\Downloads\WindowsXP-KB936929-SP3-x86-DEU.exe
2013-12-20 13:01 - 2013-12-20 13:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-16 09:39 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-16 09:39 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-16 09:39 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-16 09:39 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-16 09:39 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-16 09:39 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-16 09:39 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-16 09:39 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-16 09:39 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-16 09:39 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-16 09:39 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-16 09:39 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-16 09:39 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-16 09:39 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-16 09:39 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-16 09:39 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-16 09:39 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-16 09:39 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-16 09:39 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-15 11:37 - 2013-12-15 11:37 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-15 11:36 - 2013-12-15 11:36 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-15 11:36 - 2013-12-15 11:36 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-15 11:36 - 2013-12-15 11:36 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-15 11:36 - 2013-12-15 11:36 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-15 11:36 - 2013-12-15 11:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-15 11:36 - 2013-12-15 11:36 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-15 11:36 - 2013-12-15 11:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-15 11:36 - 2013-12-15 11:36 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-15 11:35 - 2013-12-15 11:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-15 11:35 - 2013-12-15 11:35 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-14 13:30 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 13:30 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 10:33 - 2013-12-14 14:02 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-13 10:07 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-13 10:07 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-13 10:07 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-13 10:07 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-13 10:07 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-13 10:07 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-13 10:06 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-13 10:06 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-13 10:06 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-13 10:06 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-13 10:06 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 23:54 - 2013-12-12 11:12 - 00000000 ____D C:\Users\Julia\Documents\Antrag JudGT
2013-12-10 23:06 - 2013-12-10 23:06 - 00000111 ____H C:\Users\Julia\Documents\.~lock.Antrag Tierfilmprojekt.odt#
2013-12-09 23:28 - 2013-12-09 23:28 - 00046970 _____ C:\Users\Julia\Desktop\rmYDXlqS.htm
==================== One Month Modified Files and Folders =======
2014-01-07 10:48 - 2013-11-18 10:47 - 00009388 _____ C:\Users\Julia\Downloads\FRST.txt
2014-01-07 10:47 - 2014-01-07 10:47 - 01064805 _____ (Farbar) C:\Users\Julia\Downloads\FRST.exe
2014-01-07 10:39 - 2012-10-16 15:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 10:09 - 2011-09-02 10:56 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 09:55 - 2009-07-14 05:34 - 00015824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 09:55 - 2009-07-14 05:34 - 00015824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 09:49 - 2011-09-05 12:51 - 00000000 ___RD C:\Users\Julia\Dropbox
2014-01-07 09:49 - 2011-09-05 12:49 - 00000000 ____D C:\Users\Julia\AppData\Roaming\Dropbox
2014-01-07 09:48 - 2011-09-02 10:56 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 09:47 - 2011-09-03 02:19 - 00226732 _____ C:\Windows\PFRO.log
2014-01-07 09:47 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 09:47 - 2009-07-14 05:39 - 00071370 _____ C:\Windows\setupact.log
2014-01-07 01:02 - 2011-08-31 19:11 - 02089882 _____ C:\Windows\WindowsUpdate.log
2014-01-06 23:24 - 2014-01-06 23:24 - 00000000 ____D C:\Users\Julia\AppData\Local\VNT
2014-01-06 23:24 - 2014-01-06 23:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-06 23:24 - 2014-01-06 23:24 - 00000000 ____D C:\Program Files\VNT
2014-01-06 23:24 - 2014-01-06 23:24 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-06 23:23 - 2014-01-06 23:23 - 00000000 ____D C:\Users\Julia\AppData\Roaming\Avira
2014-01-06 23:23 - 2014-01-06 23:23 - 00000000 ____D C:\ProgramData\APN
2014-01-06 23:22 - 2014-01-06 23:22 - 00098160 _____ C:\ProgramData\1389046905.bdinstall.bin
2014-01-06 23:22 - 2014-01-06 23:22 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-06 23:22 - 2014-01-06 23:22 - 00000000 ____D C:\ProgramData\Avira
2014-01-06 23:22 - 2014-01-06 23:22 - 00000000 ____D C:\Program Files\Avira
2014-01-06 23:21 - 2014-01-06 23:21 - 00037629 _____ C:\ProgramData\1389046903.bdinstall.bin
2014-01-06 23:08 - 2014-01-06 23:05 - 129598176 _____ C:\Users\Julia\Downloads\avira_free_antivirus_de.exe
2014-01-06 19:56 - 2014-01-06 19:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Julia\Downloads\mbam-setup-1.75.0.1300(2).exe
2014-01-06 19:49 - 2014-01-06 19:49 - 00222888 _____ C:\ProgramData\1389033879.bdinstall.bin
2014-01-06 19:46 - 2014-01-06 19:37 - 00000000 ____D C:\Users\Julia\AppData\Roaming\QuickScan
2014-01-06 19:44 - 2014-01-06 19:36 - 09927424 _____ C:\Users\Julia\Downloads\Antivirus_Free_Edition_x86.exe
2014-01-06 19:39 - 2014-01-06 19:39 - 00042660 _____ C:\ProgramData\1389033556.7568.bin
2014-01-06 19:39 - 2014-01-06 19:39 - 00002050 _____ C:\ProgramData\1389033556.6328.bin
2014-01-06 19:39 - 2014-01-06 19:39 - 00000189 _____ C:\ProgramData\1389033556.7124.bin
2014-01-06 19:38 - 2011-09-01 00:10 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-06 19:37 - 2014-01-06 19:37 - 00045238 _____ C:\ProgramData\1389033432.bdinstall.bin
2014-01-06 19:36 - 2014-01-06 19:36 - 00162208 _____ C:\Users\Julia\Downloads\Antivirus_Free_Edition(1).exe
2014-01-06 19:35 - 2014-01-06 19:35 - 00162208 _____ C:\Users\Julia\Downloads\Antivirus_Free_Edition.exe
2014-01-06 14:27 - 2011-09-19 20:18 - 00000000 ____D C:\Users\Julia\AppData\Roaming\vlc
2014-01-06 14:14 - 2011-08-31 19:21 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 13:54 - 2014-01-06 13:54 - 00001095 _____ C:\Users\Julia\Desktop\Mass Storage Device - Verknüpfung.lnk
2014-01-06 13:31 - 2014-01-06 13:25 - 328324136 _____ (Microsoft Corporation) C:\Users\Julia\Downloads\WindowsXP-KB936929-SP3-x86-DEU.exe
2013-12-23 12:30 - 2013-11-25 13:26 - 00000000 ____D C:\Users\Julia\Documents\Arendt WeltuPerson
2013-12-23 12:30 - 2013-01-16 14:44 - 00000000 ____D C:\Users\Julia\Documents\PS Macht WS1213
2013-12-22 15:44 - 2012-09-04 14:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-20 14:47 - 2011-09-09 12:34 - 00000432 _____ C:\Windows\BRWMARK.INI
2013-12-20 13:01 - 2013-12-20 13:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-15 13:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-15 11:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-15 11:40 - 2013-11-20 11:57 - 00028584 _____ C:\Windows\IE11_main.log
2013-12-15 11:37 - 2013-12-15 11:37 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-15 11:37 - 2011-09-02 10:56 - 00000000 ____D C:\Program Files\Google
2013-12-15 11:36 - 2013-12-15 11:36 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-15 11:36 - 2013-12-15 11:36 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-15 11:36 - 2013-12-15 11:36 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-15 11:36 - 2013-12-15 11:36 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-15 11:36 - 2013-12-15 11:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-15 11:36 - 2013-12-15 11:36 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-15 11:36 - 2013-12-15 11:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-15 11:36 - 2013-12-15 11:36 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 11:36 - 2013-12-15 11:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-15 11:35 - 2013-12-15 11:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-15 11:35 - 2013-12-15 11:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-15 11:35 - 2013-12-15 11:35 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-14 14:02 - 2013-12-13 10:33 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-14 14:00 - 2009-07-14 05:33 - 00367032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 13:37 - 2013-07-15 09:20 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 13:30 - 2011-11-22 10:16 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 11:12 - 2013-12-10 23:54 - 00000000 ____D C:\Users\Julia\Documents\Antrag JudGT
2013-12-11 15:39 - 2012-10-16 15:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 15:39 - 2011-09-01 00:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 23:06 - 2013-12-10 23:06 - 00000111 ____H C:\Users\Julia\Documents\.~lock.Antrag Tierfilmprojekt.odt#
2013-12-09 23:28 - 2013-12-09 23:28 - 00046970 _____ C:\Users\Julia\Desktop\rmYDXlqS.htm
2013-12-09 11:37 - 2014-01-06 23:22 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2014-01-06 23:22 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2014-01-06 23:22 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2014-01-06 23:22 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-09 11:37 - 2014-01-06 23:22 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
Some content of TEMP:
====================
C:\Users\Julia\AppData\Local\Temp\AskSLib.dll
C:\Users\Julia\AppData\Local\Temp\avgnt.exe
C:\Users\Julia\AppData\Local\Temp\contentDATs.exe
C:\Users\Julia\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe
C:\Users\Julia\AppData\Local\Temp\installhelper.dll
C:\Users\Julia\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Julia\AppData\Local\Temp\OSU.exe
C:\Users\Julia\AppData\Local\Temp\Quarantine.exe
C:\Users\Julia\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Julia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Julia\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Julia\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Julia\AppData\Local\Temp\tbFree.dll
C:\Users\Julia\AppData\Local\Temp\Uninstaller.exe
C:\Users\Julia\AppData\Local\Temp\UninstallerFre.dll
C:\Users\Julia\AppData\Local\Temp\UninstallerSpa.dll
C:\Users\Julia\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Julia\AppData\Local\Temp\WTGXMLUtil.dll
C:\Users\Julia\AppData\Local\Temp\WZCPlugin_VISTA.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-02 21:14
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by Julia at 2014-01-07 10:57:31
Running from C:\Users\Julia\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8 - Adobe Systems Incorporated)
Audacity 1.2.6 (Version: - )
Auslogics BoostSpeed (Version: 5.4 - Auslogics Software Pty Ltd)
Auslogics Disk Defrag (Version: 3.5 - Auslogics Software Pty Ltd)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (Version: 12.10.0.2951 - APN, LLC)
Barca 2.8 (Build 4400) (Version: - Pocomail.com)
Celtx (2.9) (Version: 2.9 (de) - Greyfirst)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (Version: 2.0.22 - Dropbox, Inc.)
ESET Online Scanner v3 (Version: - )
GIMP 2.6.11 (Version: 2.6.11 - The GIMP Team)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HyperCam 3 (Version: 3.2.1107.8 - Solveig Multimedia)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (Version: 24.2.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org)
SecureW2 EAP Suite 1.1.3 for Windows (Version: - )
Security Task Manager 1.8g (Version: 1.8g - Neuber Software)
Skype Click to Call (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 15.0.24.0 - Synaptics Incorporated)
Text-To-Speech-Runtime (Version: 1.0.0.0 - Magix Development GmbH)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN)
WD SmartWare (Version: 1.2.0.8 - Western Digital)
Winamp (Version: 5.623 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
==================== Restore Points =========================
04-12-2013 10:33:59 Windows Update
07-12-2013 15:17:40 Windows Update
10-12-2013 17:00:10 Windows Update
14-12-2013 12:27:01 Windows Update
15-12-2013 10:32:42 Windows Update
16-12-2013 08:38:26 Windows Update
19-12-2013 18:24:16 Windows Update
23-12-2013 11:03:36 Windows Update
02-01-2014 19:02:58 Windows Update
06-01-2014 14:26:37 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {663A8E1D-4269-4D88-8734-ADEA645FED56} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {70E7B75D-0DB5-446B-A9D4-A6FE6F483318} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-02] (Google Inc.)
Task: {8514144A-E251-4CB6-A786-1F0B42AD6127} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-02] (Google Inc.)
Task: {F429E222-DC51-4DDE-9CE1-76C34D5246D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-06 23:22 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2009-08-19 14:49 - 2009-08-19 14:49 - 00049152 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-07-29 14:24 - 2009-07-29 14:24 - 00504293 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Julia\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 15:19 - 2011-09-02 09:04 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2010-11-19 17:45 - 2011-09-02 09:04 - 00170496 _____ () C:\Program Files\OpenOffice.org 3\program\libxslt.dll
2013-12-13 10:33 - 2013-12-13 10:33 - 03017840 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-12-13 10:33 - 2013-12-13 10:33 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-13 10:33 - 2013-12-13 10:33 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-12-20 13:01 - 2013-12-20 13:01 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-01-06 23:22 - 2013-12-09 11:37 - 00394808 _____ () C:\program files\avira\antivir desktop\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2014 09:49:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/07/2014 09:49:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/07/2014 09:48:11 AM) (Source: WDSmartWareBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (01/07/2014 09:48:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/06/2014 07:41:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/06/2014 07:41:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/06/2014 07:41:45 PM) (Source: WDSmartWareBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (01/06/2014 07:41:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/06/2014 03:26:48 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslb04722d1.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/06/2014 00:43:12 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
System errors:
=============
Error: (01/06/2014 11:21:56 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (01/06/2014 11:21:51 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (01/06/2014 08:23:11 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PC834640339160",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1622E391-6874-4FF7-B38B-6BC-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/06/2014 08:11:11 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PC834640339160",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1622E391-6874-4FF7-B38B-6BC-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/06/2014 07:47:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "bdfwfpf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/06/2014 07:47:13 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PC834640339160",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1622E391-6874-4FF7-B38B-6BC-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/06/2014 07:35:11 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PC834640339160",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1622E391-6874-4FF7-B38B-6BC-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/06/2014 03:18:50 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PC834640339160",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1622E391-6874-4FF7-B38B-6BC-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/06/2014 03:06:52 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PC834640339160",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1622E391-6874-4FF7-B38B-6BC-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/06/2014 02:54:53 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PC834640339160",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1622E391-6874-4FF7-B38B-6BC-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (01/07/2014 09:49:01 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (01/07/2014 09:49:01 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (01/07/2014 09:48:11 AM) (Source: WDSmartWareBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (01/07/2014 09:48:01 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (01/06/2014 07:41:52 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (01/06/2014 07:41:52 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (01/06/2014 07:41:45 PM) (Source: WDSmartWareBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
Error: (01/06/2014 07:41:42 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL
Error: (01/06/2014 03:26:48 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslb04722d1.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/06/2014 00:43:12 PM) (Source: Windows Backup)(User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
==================== Memory info ===========================
Percentage of memory in use: 61%
Total physical RAM: 1976.27 MB
Available physical RAM: 761.48 MB
Total Pagefile: 3952.53 MB
Available Pagefile: 2097.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:244.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 60D43F02)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-07 11:26:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60A23T0 rev.02.01A02 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Julia\AppData\Local\Temp\ugloypod.sys
---- System - GMER 2.1 ----
SSDT 93D08F2E ZwCreateSection
SSDT 93D08F38 ZwRequestWaitReplyPort
SSDT 93D08F33 ZwSetContextThread
SSDT 93D08F3D ZwSetSecurityObject
SSDT 93D08F42 ZwSystemDebugControl
SSDT 93D08ECF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C41A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7B212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C8258C 4 Bytes [2E, 8F, D0, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C828E8 4 Bytes [38, 8F, D0, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C8292C 4 Bytes [33, 8F, D0, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C829A8 4 Bytes [3D, 8F, D0, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C829FC 4 Bytes [42, 8F, D0, 93]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2804] ntdll.dll!LdrGetProcedureAddress + 26 77DC22A9 7 Bytes JMP 5BDD562B C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2804] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 763B941E 7 Bytes JMP 5CA74A7E C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2804] kernel32.dll!QueryPerformanceCounter + 13 763BC425 7 Bytes JMP 5CA74A36 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2804] kernel32.dll!LoadAppInitDlls + 355 763BF4E6 7 Bytes JMP 5BDE643D C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2804] GDI32.dll!GetViewportOrgEx + 26C 7621884B 7 Bytes JMP 5CA74AA5 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] ntdll.dll!LdrGetProcedureAddress + 26 77DC22A9 7 Bytes JMP 52BAB780 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 763B941E 7 Bytes JMP 533E6EDA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] kernel32.dll!QueryPerformanceCounter + 13 763BC425 7 Bytes JMP 533E6EFD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] kernel32.dll!LoadAppInitDlls + 355 763BF4E6 7 Bytes JMP 52BB0836 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] GDI32.dll!GetViewportOrgEx + 26C 7621884B 7 Bytes JMP 533E6E5B C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\BTHUSB \Device\00000086 bthport.sys
Device \Driver\BTHUSB \Device\00000088 bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a822156fe
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a822156fe (not active ControlSet)
---- EOF - GMER 2.1 ----
|
