Trojaner-Board - Windows 7, Avast hat Win32: Trojan-gen gefunden.

Hallo schrauber,
sende die logfiles. Ich hoffe, ich habe alles richtig gemacht.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=2a2618011ecf70489f5c30d36afe0e3e

# end=init

# utc_time=2015-06-20 12:35:40

# local_time=2015-06-20 02:35:40 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.1.7601 NT Service Pack 1

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=2a2618011ecf70489f5c30d36afe0e3e

# end=init

# utc_time=2015-06-20 12:37:32

# local_time=2015-06-20 02:37:32 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.1.7601 NT Service Pack 1

Update Init

Update Download

Update Finalize

Updated modules version: 24422

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=2a2618011ecf70489f5c30d36afe0e3e

# end=updated

# utc_time=2015-06-20 12:41:51

# local_time=2015-06-20 02:41:51 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.1.7601 NT Service Pack 1

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=2a2618011ecf70489f5c30d36afe0e3e

# engine=24422

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-06-20 12:56:29

# local_time=2015-06-20 02:56:29 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 86030 186436180 0 0

# scanned=81658

# found=0

# cleaned=0

# scan_time=877

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=2a2618011ecf70489f5c30d36afe0e3e

# end=init

# utc_time=2015-06-20 12:57:36

# local_time=2015-06-20 02:57:36 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.1.7601 NT Service Pack 1

Update Init

Update Download

esets_scanner_update returned -1 esets_gle=53251

Update Finalize

Updated modules version: 24422

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=2a2618011ecf70489f5c30d36afe0e3e

# end=updated

# utc_time=2015-06-20 12:57:48

# local_time=2015-06-20 02:57:48 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# osver=6.1.7601 NT Service Pack 1

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=2a2618011ecf70489f5c30d36afe0e3e

# engine=24422

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-06-20 02:07:18

# local_time=2015-06-20 04:07:18 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 90279 186440429 0 0

# scanned=411620

# found=0

# cleaned=0

# scan_time=4169

Code:

 Results of screen317's Security Check version 1.002  

 Windows 7 Service Pack 1 x86 (UAC is disabled!)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! Antivirus   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Flash Player         18.0.0.160  

 Adobe Reader XI  

 Mozilla Firefox (38.0.5) 

 Google Chrome (43.0.2357.124) 

 Google Chrome (43.0.2357.81) 
 ````````Process Check: objlist.exe by Laurent````````  

 Acronis OnlineBackupStandalone TrueImageMonitor.exe  

 Alwil Software Avast5 AvastSvc.exe  

 Alwil Software Avast5 ng vbox\AvastVBoxSVC.exe 

 Alwil Software Avast5 avastui.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015

Ran by Marion (administrator) on SCHÄFER-PC on 20-06-2015 16:51:32

Running from C:\Users\Marion\Desktop

Loaded Profiles: Marion (Available Profiles: Schäfer & Marion)

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe

(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

(Acronis) C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe

(Western Digital) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

() C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Video_deluxe_2008_PLUS_e-version\TrayServer.exe [90112 2007-03-29] (MAGIX AG)

HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5493736 2010-08-21] (Acronis)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [391296 2010-08-21] (Acronis)

HKLM\...\Run: [SAOB Monitor] => C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2570688 2010-08-20] (Acronis)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKU\S-1-5-21-2179745808-3346015633-651188674-1003\...\MountPoints2: {c62af93d-6459-11df-843e-806e6f6e6963} - E:\start.exe /auto

HKU\S-1-5-21-2179745808-3346015633-651188674-1003\...\MountPoints2: {d41872df-698f-11df-891f-e0cb4ec8869f} - "F:\WD SmartWare.exe" autoplay=true

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2011-08-12]

ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2011-04-19]

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()

Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-04-08]

ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-04-26] (Avast Software s.r.o.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2179745808-3346015633-651188674-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-26] (Avast Software s.r.o.)

BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)

BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdfb3u.default

FF DefaultSearchEngine: Google (avast)

FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006

FF SearchEngineOrder.1: Google (avast)

FF SelectedSearchEngine: Google (avast)

FF Homepage: hxxp://www.arcor.de/

FF Keyword.URL: https://www.google.com/search/?trackid=sp-006

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-14] ()

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2009-05-01] (Google, Inc.)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.709 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-03-14] (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.709 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-03-14] (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2010-03-14] (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2010-03-14] (RealNetworks, Inc.)

FF SearchPlugin: C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdfb3u.default\searchplugins\google-avast.xml [2015-01-03]

FF Extension: NoScript - C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\3uhdfb3u.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-26]

FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-06-05]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-04-20]
 

Chrome: 

=======

CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"

CHR Profile: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-27]

CHR Extension: (Avast Online Security) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-27]

CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [780504 2010-08-21] (Acronis)

R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2010-09-02] (Acronis)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-04-26] (Avast Software s.r.o.)

R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-26] (Avast Software)

S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]

R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-10-14] (WDC) [File not signed]

R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-26] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-04-26] (Avast Software s.r.o.)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-26] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-26] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-26] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-26] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-26] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-26] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-26] ()

R3 eapihdrv; C:\Users\Marion\AppData\Local\Temp\ehdrv.sys [135760 2015-06-20] (ESET)

R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()

R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [220752 2015-04-26] (Avast Software)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-06-20 16:51 - 2015-06-20 16:51 - 00013689 _____ C:\Users\Marion\Desktop\FRST.txt

2015-06-20 16:40 - 2015-06-20 16:39 - 00852639 _____ C:\Users\Marion\Desktop\SecurityCheck.exe

2015-06-20 14:35 - 2015-06-20 14:35 - 00000000 ____D C:\Program Files\ESET

2015-06-20 13:30 - 2015-06-18 20:46 - 02231296 _____ C:\Users\Marion\Desktop\adwcleaner_4.206.exe

2015-06-18 21:38 - 2015-06-18 21:38 - 00001063 _____ C:\JRT.txt

2015-06-18 21:29 - 2015-06-18 21:29 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SCHÄFER-PC-Windows-7-Home-Premium-(32-bit).dat

2015-06-18 21:29 - 2015-06-18 21:29 - 00000000 ____D C:\RegBackup

2015-06-18 21:28 - 2015-06-18 21:28 - 02950477 _____ (Thisisu) C:\Users\Marion\Desktop\JRT.exe

2015-06-18 20:47 - 2015-06-18 23:47 - 00000000 ____D C:\AdwCleaner

2015-06-18 20:42 - 2015-06-18 20:42 - 00197637 _____ C:\mbam.txt

2015-06-18 20:08 - 2015-06-19 15:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-06-18 20:08 - 2015-06-18 20:08 - 00001041 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-06-18 20:08 - 2015-06-18 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-06-18 20:08 - 2015-06-18 20:08 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-06-18 20:08 - 2015-06-18 20:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-06-18 20:08 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-06-18 20:08 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-18 20:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-06-18 11:42 - 2015-06-16 19:54 - 01148416 _____ (Farbar) C:\Users\Marion\Desktop\FRST.exe

2015-06-16 19:55 - 2015-06-20 16:51 - 00000000 ____D C:\FRST

2015-06-16 19:18 - 2015-06-16 23:46 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Nico Mak Computing

2015-06-11 17:55 - 2015-06-11 17:55 - 00000000 ____D C:\Users\Marion\AppData\Local\GWX

2015-06-10 23:17 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-06-10 23:17 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-06-10 23:17 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-06-10 23:17 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-06-10 23:17 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-06-10 23:17 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-06-10 23:17 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-06-10 23:17 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-06-10 23:17 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-06-10 23:17 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-06-10 23:17 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-06-10 23:17 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-06-10 23:17 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-06-10 23:17 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-06-10 23:17 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-06-10 23:17 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-06-10 23:17 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-06-10 23:17 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-06-10 23:17 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-06-10 23:17 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-06-10 23:17 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-06-10 23:17 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-06-10 23:17 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-06-10 23:17 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-06-10 23:17 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-06-10 23:17 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-06-10 23:17 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-06-10 23:17 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-06-10 23:17 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-06-10 23:17 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-06-10 23:17 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-06-10 23:17 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-06-10 23:17 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-06-10 23:17 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys

2015-06-10 23:16 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-06-10 23:16 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-06-10 23:16 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-06-10 23:16 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-06-10 23:16 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-06-10 23:16 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-06-10 23:16 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-06-10 23:16 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-06-10 23:16 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe

2015-06-10 23:16 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-06-10 23:16 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-06-10 23:16 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe

2015-06-10 23:16 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe

2015-06-10 23:16 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-06-10 23:16 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe

2015-06-10 23:16 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-06-10 23:16 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-06-10 23:16 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-06-10 23:16 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-06-10 23:16 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-06-10 23:16 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-06-10 23:16 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-06-10 23:16 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-06-10 23:16 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-06-10 23:16 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-06-10 23:16 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-06-10 23:16 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-06-10 23:16 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-06-10 23:16 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-06-10 23:16 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-06-10 23:16 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-06-10 23:16 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-06-05 13:31 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-06-05 13:31 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-06-05 13:31 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-06-05 13:31 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-06-05 13:31 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-06-05 13:31 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-06-05 13:31 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-06-05 13:31 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-06-03 13:35 - 2015-06-03 21:49 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-05-27 22:04 - 2015-05-27 22:04 - 00000000 ____D C:\Program Files\avast software
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-06-20 16:23 - 2012-04-14 16:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-06-20 16:16 - 2012-02-26 17:53 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-20 15:54 - 2011-10-14 21:32 - 01806772 _____ C:\Windows\WindowsUpdate.log

2015-06-20 14:29 - 2009-07-14 06:34 - 00023344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-20 14:29 - 2009-07-14 06:34 - 00023344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-20 13:34 - 2010-05-20 17:59 - 01629442 _____ C:\Windows\system32\PerfStringBackup.INI

2015-06-20 12:57 - 2015-03-02 13:50 - 00002036 _____ C:\Users\Marion\Desktop\SafeZone-Browser.lnk

2015-06-20 12:57 - 2012-02-26 17:53 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-20 12:39 - 2015-01-17 17:38 - 00011592 _____ C:\Windows\setupact.log

2015-06-20 12:39 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-19 20:12 - 2011-06-23 07:38 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-06-18 20:51 - 2015-01-22 17:05 - 00007076 _____ C:\Windows\PFRO.log

2015-06-14 16:47 - 2014-12-19 13:53 - 00000000 __SHD C:\Users\Marion\AppData\Local\EmieBrowserModeList

2015-06-14 16:47 - 2014-05-15 18:47 - 00000000 __SHD C:\Users\Marion\AppData\Local\EmieUserList

2015-06-14 16:47 - 2014-05-15 18:47 - 00000000 __SHD C:\Users\Marion\AppData\Local\EmieSiteList

2015-06-14 16:32 - 2012-04-14 16:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-06-14 16:32 - 2011-06-07 19:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-06-11 21:16 - 2013-07-19 17:34 - 00000000 ____D C:\Windows\system32\MRT

2015-06-11 21:13 - 2010-05-21 00:19 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-06-11 20:05 - 2015-01-08 09:42 - 00002036 _____ C:\Users\Schäfer\Desktop\SafeZone-Browser.lnk

2015-06-11 19:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache

2015-06-11 17:54 - 2009-07-14 06:33 - 00367384 _____ C:\Windows\system32\FNTCACHE.DAT

2015-06-11 17:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE

2015-06-10 23:22 - 2012-02-26 17:54 - 00002088 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-06-05 22:58 - 2014-12-11 14:58 - 00000000 ____D C:\Windows\system32\appraiser

2015-06-05 22:58 - 2014-05-06 18:34 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-06-05 13:35 - 2013-06-27 17:17 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-06-05 13:22 - 2012-04-28 15:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
 

==================== Files in the root of some directories =======
 

2011-08-20 21:08 - 2011-08-20 21:08 - 13818528 _____ (Mozilla) C:\Program Files\Firefox Setup 6.0.exe

2010-07-25 17:59 - 2010-07-25 18:01 - 121556352 _____ () C:\Program Files\TrueImage2010_s_de.exe

2010-06-14 18:23 - 2010-06-14 18:35 - 465347560 _____ (MAGIX AG) C:\Program Files\videodlx08plus_ev.exe

2011-04-19 16:43 - 2012-08-03 19:48 - 0001188 _____ () C:\Users\Marion\AppData\Local\crc32list11.txt

2014-04-04 16:04 - 2014-04-04 16:04 - 0007609 _____ () C:\Users\Marion\AppData\Local\Resmon.ResmonCfg

2010-06-05 12:13 - 2010-06-05 12:26 - 0000767 _____ () C:\ProgramData\hpzinstall.log
 

Some files in TEMP:

====================

C:\Users\Marion\AppData\Local\Temp\Quarantine.exe

C:\Users\Marion\AppData\Local\Temp\sqlite3.dll

C:\Users\Marion\AppData\Local\Temp\sqlite3.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-06-14 17:07
 

==================== End of log ============================

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015

Ran by Marion at 2015-06-20 16:52:14

Running from C:\Users\Marion\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2179745808-3346015633-651188674-500 - Administrator - Disabled)

Gast (S-1-5-21-2179745808-3346015633-651188674-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2179745808-3346015633-651188674-1002 - Limited - Enabled)

Marion (S-1-5-21-2179745808-3346015633-651188674-1003 - Administrator - Enabled) => C:\Users\Marion

Schäfer (S-1-5-21-2179745808-3346015633-651188674-1000 - Administrator - Enabled) => C:\Users\Schäfer
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden

Acronis*True*Image*Home (HKLM\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7046 - Acronis)

Acronis*True*Image*Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.5105 - Acronis)

Adobe Flash Player 10 ActiveX (HKLM\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

Ashampoo Burning Studio 2009 Advanced (HKLM\...\Ashampoo Burning Studio 2009 Advanced_is1) (Version: 9.0.0 - ashampoo GmbH & Co. KG)

Ashampoo WinOptimizer 2010 Advanced (HKLM\...\Ashampoo WinOptimizer 2010 Advanced_is1) (Version: 6.5.0 - Ashampoo GmbH & Co. KG)

Avast Pro Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)

BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden

ClearProg 1.6.0 Final (HKLM\...\ClearProg) (Version: 1.6.0 Final - Sven Hoffman)

Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden

Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden

DJ_AIO_06_F4500_SW_MIN (Version: 130.0.406.000 - Hewlett-Packard) Hidden

F4500 (Version: 130.0.406.000 - Hewlett-Packard) Hidden

Firebird SQL Server - MAGIX Edition (HKLM\...\{AF37F9DE-0726-439E-BC10-43D9195394D0}) (Version: 2.1.26.0 - MAGIX AG)

Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden

GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)

HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (HKLM\...\{7F08A772-2816-4F46-84F1-49578502AD28}) (Version: 13.0 - HP)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)

HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)

HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden

hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden

HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden

hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)

Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

K-Lite Mega Codec Pack 5.8.3 (HKLM\...\KLiteCodecPack_is1) (Version: 5.8.3 - )

MAGIX 3D Maker (embeded) (HKLM\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG)

MAGIX Foto Manager 8 6.0.1.457 (D) (HKLM\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.457 - MAGIX AG)

MAGIX Fotobuch 3.6 (HKLM\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)

MAGIX Fotos auf CD & DVD 8 deluxe 8.0.2.6 (D) (HKLM\...\MAGIX Fotos auf CD & DVD 8 deluxe D) (Version: 8.0.2.6 - MAGIX AG)

MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D) (HKLM\...\MAGIX Fotos auf CD & DVD 9 deluxe D) (Version: 9.0.0.18 - MAGIX AG)

MAGIX Online Druck Service (HKLM\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)

MAGIX Screenshare (HKLM\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)

MAGIX Speed burnR (HKLM\...\MAGIX Speed burnR D) (Version: 6.0.1.4 - MAGIX AG)

MAGIX Video deluxe 2008 PLUS Trial 7.5.1.6 (D) (HKLM\...\MAGIX Video deluxe 2008 PLUS Trial D) (Version: 7.5.1.6 - MAGIX AG)

MAGIX Xtreme Foto Designer 6 (HKLM\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.29.0 - MAGIX AG)

Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Standard Edition 2003 (HKLM\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Paint.NET v3.5.5 (HKLM\...\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}) (Version: 3.55.0 - dotPDN LLC)

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.1 - Google, Inc.)

Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)

SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden

SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden

Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden

Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden

Vistaprint Fotobücher (HKU\S-1-5-21-2179745808-3346015633-651188674-1003\...\{BA786D68-3AD8-42DC-8BE1-9E09B4737A27}_is1) (Version:  - Vistaprint)

VSO Image Resizer 3.0.0.140 (HKLM\...\{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1) (Version: 3.0.0.140 - VSO-Software)

WD SmartWare (HKLM\...\{CD0DC280-2489-4464-A2FC-16104676394A}) (Version: 1.1.1.6 - Western Digital)

WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden

Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version:  - )

WISO Steuer-Sparbuch 2011 (HKLM\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.00.6928 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2012 (HKLM\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-2179745808-3346015633-651188674-1003\...\{75CD2BB7-656C-4B84-8A39-F93C0FEF824F}) (Version: 21.00.8480 - Buhl Data Service GmbH)

WISO Steuer-Sparbuch 2015 (HKLM\...\{98446C74-C44C-481A-85B7-0449473F794E}) (Version: 22.00.8811 - Buhl Data Service GmbH)
 

==================== Custom CLSID (Whitelisted): ==========================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== Restore Points =========================
 

04-05-2015 23:04:16 Windows Update

08-05-2015 16:48:07 Windows Update

12-05-2015 22:31:09 Windows Update

12-05-2015 23:35:37 Windows Update

14-05-2015 12:57:32 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

14-05-2015 12:59:55 Installiert WISO Steuer-Sparbuch 2015

14-05-2015 13:06:21 Windows Update

14-05-2015 18:41:35 Windows Update

20-05-2015 10:57:40 Windows Update

20-05-2015 13:55:02 Windows Update

23-05-2015 23:04:43 Windows Update

27-05-2015 22:05:36 Windows Update

02-06-2015 22:11:45 Windows Update

05-06-2015 13:52:28 Windows Update

10-06-2015 23:11:29 Windows Update

10-06-2015 23:35:21 Windows Update

11-06-2015 21:12:54 Windows Update

17-06-2015 13:35:06 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (Whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {0B21D40E-699E-4AB4-A66B-F4AB36834EA3} - System32\Tasks\{39AAC05F-C744-42CF-9FD4-F66D0A16ACB7} => pcalua.exe -a "C:\Program Files\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hwsetupwizard\setup_guide.exe" -d C:\Users\Schäfer\Desktop

Task: {139E7BE6-EDC9-446F-91FC-DBDBA9308F5A} - System32\Tasks\{DBF96C85-9E17-406A-A879-7F4535AF886A} => Firefox.exe 

Task: {1E76433E-4C4A-46B8-B38D-30DE62D86BCF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {2469D12A-C268-4EF3-A4E6-E31F02B556A5} - System32\Tasks\{EA8BB709-6419-43EB-8BC9-703B25547942} => C:\Program Files\Windows Live\Mail\wlmail.exe [2010-04-16] (Microsoft Corporation)

Task: {2D22EC52-5C7D-4C2A-806E-424C0E94F9D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)

Task: {3C7ECE16-7668-4CE3-87C8-6F5152C3E8C0} - System32\Tasks\{195BDEE5-2B15-4A40-AAC5-E2ABD48ECB9D} => C:\Program Files\Windows Live\Mail\wlmail.exe [2010-04-16] (Microsoft Corporation)

Task: {4E4A2064-A719-4BF8-9D37-30AAE107E2CC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {51541DE4-2207-4F48-BB00-160C6FC848C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {5BA18D1B-317F-4817-AC25-20B26BE803F2} - System32\Tasks\{037BA8F9-B25C-4D22-BAD5-125F1E5D463F} => C:\Program Files\Windows Live\Mail\wlmail.exe [2010-04-16] (Microsoft Corporation)

Task: {629D3C59-65E7-44AA-AEFA-9FF97F112320} - System32\Tasks\{B263AF47-1D3A-472E-A826-77F058430CD3} => C:\Program Files\Windows Live\Mail\wlmail.exe [2010-04-16] (Microsoft Corporation)

Task: {665B5F12-4406-4B2D-82E5-A4565E97AE53} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)

Task: {668EB73F-5E3B-4455-95FC-E91F19909926} - System32\Tasks\{C1F127EF-FE26-4633-B758-D9C9B23C38D9} => Firefox.exe 

Task: {6AE2BBAB-B946-4550-9791-5A56961A93D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {84063327-3468-4D33-885D-36B8DB373FB9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2179745808-3346015633-651188674-1003

Task: {927FAE6E-11DA-4BF6-8513-6E6041B0325B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {970AE683-F0F9-42A0-AD33-275F3EDDDC0B} - System32\Tasks\{AC63C866-84A6-4B5B-9AEE-7BBC9F0796E7} => Firefox.exe 

Task: {975E3255-5050-482E-9D04-C3CB436F1242} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)

Task: {98171F44-6D3F-4AA1-A363-35CBA4870859} - System32\Tasks\{F0B61203-DA55-41BE-8F46-1B065249FCE2} => C:\Program Files\Windows Live\Mail\wlmail.exe [2010-04-16] (Microsoft Corporation)

Task: {9F85651E-FBA3-4671-945C-B0C5210D8505} - System32\Tasks\{E2FC8916-0410-485C-8450-DE27891CB18D} => C:\Program Files\Windows Live\Mail\wlmail.exe [2010-04-16] (Microsoft Corporation)

Task: {B1FAE6EC-5423-4A98-9C7A-CFCC5F065E34} - System32\Tasks\{C7DE03C8-8788-4C21-B38F-D176AECD676F} => C:\Program Files\Windows Live\Mail\wlmail.exe [2010-04-16] (Microsoft Corporation)

Task: {B64D89AB-8A02-47B9-B3FE-F7602A66CD14} - System32\Tasks\{80064BFE-8202-4AE6-844A-71BA296FBE77} => C:\Program Files\Windows Live\Mail\wlmail.exe [2010-04-16] (Microsoft Corporation)

Task: {C27CE61C-08F0-4F1D-99A3-EAE26B20E9D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-14] (Adobe Systems Incorporated)

Task: {C96F8C9F-E5FE-42C9-A3FD-A4280AFF7B93} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

Task: {CE7130A2-CC87-47CE-BC31-70D45E6BFD52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)

Task: {D4A543C3-94F3-4580-B7E1-176C2B0B6E51} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)

Task: {DD03500A-8C93-44CB-BD86-4B334010C2CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {EED645FB-C718-4054-9C00-5CE58E937763} - System32\Tasks\{53F4D45D-F4C5-40CA-8F88-715730EDBC01} => C:\Program Files\Windows Live\Mail\wlmail.exe [2010-04-16] (Microsoft Corporation)

Task: {F8F2E176-3CB4-4113-BE51-D49D204B397A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (Whitelisted) ==============
 

2015-04-26 16:40 - 2015-04-26 16:40 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll

2015-04-26 16:40 - 2015-04-26 16:40 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll

2015-06-19 20:13 - 2015-06-19 20:13 - 02952704 _____ () C:\Program Files\Alwil Software\Avast5\defs\15061903\algo.dll

2015-06-20 14:24 - 2015-06-20 14:24 - 02952704 _____ () C:\Program Files\Alwil Software\Avast5\defs\15062000\algo.dll

2010-05-20 19:47 - 2005-10-19 11:56 - 00125952 _____ () C:\Program Files\WinRAR\rarext.dll

2015-03-17 13:02 - 2015-03-17 13:02 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

2009-08-19 16:49 - 2009-08-19 16:49 - 00049152 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll

2009-07-29 16:24 - 2009-07-29 16:24 - 00504293 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL

2013-02-07 17:44 - 2012-12-12 19:10 - 01397480 _____ () C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe

2013-02-07 17:42 - 2012-12-12 19:13 - 08809704 _____ () C:\Program Files\WISO\Steuersoftware 2013\wgui13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 00028672 _____ () C:\Program Files\WISO\Steuersoftware 2013\rsdcom48.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 00308968 _____ () C:\Program Files\WISO\Steuersoftware 2013\rscorewinapi48.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 00321256 _____ () C:\Program Files\WISO\Steuersoftware 2013\rsguiwinapi48.dll

2013-02-07 17:42 - 2012-12-12 19:14 - 02967272 _____ () C:\Program Files\WISO\Steuersoftware 2013\wcore13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 00136424 _____ () C:\Program Files\WISO\Steuersoftware 2013\rsodbc48.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 02133224 _____ () C:\Program Files\WISO\Steuersoftware 2013\wfvie13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01599208 _____ () C:\Program Files\WISO\Steuersoftware 2013\wsteu13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01712872 _____ () C:\Program Files\WISO\Steuersoftware 2013\wreli13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 04115176 _____ () C:\Program Files\WISO\Steuersoftware 2013\wauff13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01470696 _____ () C:\Program Files\WISO\Steuersoftware 2013\wmain13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 04862184 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae113.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01367784 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae213.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01747176 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae313.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01553128 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae413.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01149672 _____ () C:\Program Files\WISO\Steuersoftware 2013\whau113.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01202408 _____ () C:\Program Files\WISO\Steuersoftware 2013\whau213.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01302248 _____ () C:\Program Files\WISO\Steuersoftware 2013\wwerb13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 06752488 _____ () C:\Program Files\WISO\Steuersoftware 2013\wkont13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01214976 _____ () C:\Program Files\WISO\Steuersoftware 2013\wimp13.dll

2013-02-07 17:42 - 2012-12-12 19:10 - 01318120 _____ () C:\Program Files\WISO\Steuersoftware 2013\wfabu13.dll
 

==================== Alternate Data Streams (Whitelisted) =========
 

(If an entry is included in the fixlist, only the ADS will be removed.)
 
 

==================== Safe Mode (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (Whitelisted) ===============
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2179745808-3346015633-651188674-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.2.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
 

==================== FirewallRules (Whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [{0D71C517-5925-4335-BBA8-40208075905A}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{96D82B2E-FB47-4636-9D1B-700A9145AD27}] => (Allow) svchost.exe

FirewallRules: [{E7734D00-8A29-43F8-A173-506DBC08E2DB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{B143367B-4663-4471-B69F-756D0DD5C197}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{D448839A-FFC7-4E37-9E39-A75D5570DB6D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{33BDD043-EFBE-40B8-B961-DF73B9E9D17F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{C6DBE9C0-6174-4B4B-A322-BA7A1F5DE29A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe

FirewallRules: [{1A916D03-C301-48ED-ABC3-F79335737116}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{1B7238F3-55AE-430F-8E87-ABF37CA2B94F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe

FirewallRules: [{97C9F6A0-325C-4FDF-AAA6-7E41D0D0CAF4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{7A697DFA-138D-4FE1-9BD2-BC509B39553B}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe

FirewallRules: [{487B3975-04E1-4A1D-86F7-55457E208490}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe

FirewallRules: [{476CF49E-9BC2-4C4C-AFE1-F244F3C0FB17}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

FirewallRules: [{FD33FDAA-D18D-4182-9AFB-D9B0D1480DB9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe

FirewallRules: [{1C4CD5A4-41D1-4BF7-BB80-F80CAC72B48B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe

FirewallRules: [{47115316-8B70-4639-A92B-F57CA39D28F8}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe

FirewallRules: [{70778930-0DBC-4859-8A12-9C2B6724AEC7}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe

FirewallRules: [{3A3C0D7E-4A47-489B-A7FF-C058B9F11960}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{AE23952E-2392-4594-A254-9FD3560F9D81}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{44633372-414A-4A7D-9789-48B9BF74BA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{738BDBFD-2366-460F-87E6-18CA7C3F356C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{390BCAEF-EC41-43FC-A911-B7717FEF4BD5}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{8D47F621-55A6-412A-B6A5-A379BA7CDEAE}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [{2E82BF0E-06F9-4317-84B1-B013D3F5BAF9}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe

FirewallRules: [{EC6EC2BF-F573-41BF-A9B4-078515C08E30}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe

FirewallRules: [{5B1E658C-C0DF-4B35-B548-6E0D323BB1FB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/20/2015 00:47:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: 80004005
 

Error: (06/20/2015 00:39:56 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/19/2015 03:01:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: 80004005
 

Error: (06/19/2015 02:53:44 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/18/2015 11:49:07 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/18/2015 08:52:30 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/18/2015 08:09:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.2.929, Zeitstempel: 0x552d3ec4

Name des fehlerhaften Moduls: mbam.exe, Version: 1.0.2.929, Zeitstempel: 0x552d3ec4

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001c3fc0

ID des fehlerhaften Prozesses: 0x13f8

Startzeit der fehlerhaften Anwendung: 0xmbam.exe0

Pfad der fehlerhaften Anwendung: mbam.exe1

Pfad des fehlerhaften Moduls: mbam.exe2

Berichtskennung: mbam.exe3
 

Error: (06/18/2015 04:22:53 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/18/2015 01:40:16 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: 80004005
 

Error: (06/18/2015 01:32:25 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
 

System errors:

=============

Error: (06/20/2015 02:26:04 PM) (Source: bowser) (EventID: 8003) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{EA5B853B-1F89-43B5-A5A5-69E0A946FA-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (06/20/2015 02:01:26 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.
 

Error: (06/20/2015 02:01:25 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.
 

Error: (06/20/2015 02:01:25 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.
 

Error: (06/20/2015 02:01:24 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.
 

Error: (06/20/2015 02:01:24 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.
 

Error: (06/19/2015 08:42:22 PM) (Source: bowser) (EventID: 8003) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{EA5B853B-1F89-43B5-A5A5-69E0A946FA-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (06/19/2015 07:15:14 PM) (Source: bowser) (EventID: 8003) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{EA5B853B-1F89-43B5-A5A5-69E0A946FA-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (06/19/2015 04:17:56 PM) (Source: bowser) (EventID: 8003) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{EA5B853B-1F89-43B5-A5A5-69E0A946FA-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (06/19/2015 02:59:49 PM) (Source: bowser) (EventID: 8003) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{EA5B853B-1F89-43B5-A5A5-69E0A946FA-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
 

Microsoft Office:

=========================

Error: (06/20/2015 00:47:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: 80004005
 

Error: (06/20/2015 00:39:56 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/19/2015 03:01:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: 80004005
 

Error: (06/19/2015 02:53:44 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/18/2015 11:49:07 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/18/2015 08:52:30 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/18/2015 08:09:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.2.929552d3ec4mbam.exe1.0.2.929552d3ec4c0000005001c3fc013f801d0a9f1cf2ecb54C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\mbam.exe2d6907d4-15e5-11e5-bc04-e0cb4ec8869f
 

Error: (06/18/2015 04:22:53 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )

Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()

   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---

   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)

   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)

   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)

   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)

   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)
 

Error: (06/18/2015 01:40:16 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )

Description: 80004005
 

Error: (06/18/2015 01:32:25 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description: 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

The catalog is corrupt
 
 

==================== Memory info =========================== 
 

Processor: Pentium(R) Dual-Core CPU E6300 @ 2.80GHz

Percentage of memory in use: 38%

Total physical RAM: 3549.12 MB

Available physical RAM: 2175.36 MB

Total Pagefile: 7096.55 MB

Available Pagefile: 5599.66 MB

Total Virtual: 2047.88 MB

Available Virtual: 1907.52 MB
 

==================== Drives ================================
 

Drive c: (WIN-7) (Fixed) (Total:97.56 GB) (Free:14.12 GB) NTFS

Drive d: (DATEN) (Fixed) (Total:600.98 GB) (Free:42.21 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A74192F9)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=601 GB) - (Type=07 NTFS)
 

==================== End of log ============================

--- --- ---