FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by Daniel (administrator) on 26-06-2013 13:46:17
Running from C:\Dokumente und Einstellungen\Daniel\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 6
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Avira GmbH) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Google Inc.) C:\Programme\Google\Update\GoogleUpdate.exe
(Avira GmbH) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Google) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
(Avira GmbH) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jqs.exe
(UASSOFT.COM) C:\Programme\Multimedia Keyboard Driver\V5\KMWDSrv.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Programme\CyberLink\Shared Files\RichVideo.exe
(TomTom) C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(UASSOFT.COM) C:\Programme\Multimedia Keyboard Driver\V5\StartAutorun.exe
(UASSOFT.COM) C:\Programme\Multimedia Keyboard Driver\V5\KMConfig.exe
(Zone Labs, LLC) C:\Programme\ZoneAlarm\zlclient.exe
(Avira GmbH) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(UASSOFT.COM) C:\Programme\Multimedia Keyboard Driver\V5\KMProcess.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Sun Microsystems, Inc.) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(BitTorrent, Inc.) C:\Programme\DNA\btdna.exe
(Google Inc.) C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
() C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\987F5067CFEE98780000987EB7EF9EFF\987F5067CFEE98780000987EB7EF9EFF.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
(OldTimer Tools) C:\Dokumente und Einstellungen\Daniel\Desktop\OTL.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [KMConfig] "C:\Programme\Multimedia Keyboard Driver\V5\StartAutorun.exe" KMConfig.exe [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [7634944 2006-10-31] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2006-10-31] (NVIDIA Corporation)
HKLM\...\Run: [ZoneAlarm Client] "C:\Programme\ZoneAlarm\zlclient.exe" [919016 2008-07-09] (Zone Labs, LLC)
HKLM\...\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [413696 2009-01-05] (Apple Inc.)
HKLM\...\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04h\BrStDvPt.exe [49152 2004-11-11] (Brother Industories, Ltd.)
HKLM\...\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-03-28] (Avira GmbH)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce [181624 2009-04-08] (Symantec Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe" [342848 2009-05-12] (BitTorrent, Inc.)
HKCU\...\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe [x]
HKCU\...\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe [x]
HKCU\...\Run: [Google Update] "C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c [136176 2010-11-25] (Google Inc.)
HKCU\...\RunOnce: [987F5067CFEE98780000987EB7EF9EFF] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\987F5067CFEE98780000987EB7EF9EFF\987F5067CFEE98780000987EB7EF9EFF.exe [400384 2013-06-26] ()
MountPoints2: {5c6684db-db14-11dd-b774-0019667413e3} - F:\InstallTomTomHOME.exe
MountPoints2: {622196f5-873b-11de-9e22-0019667413e3} - F:\
MountPoints2: {6862bf0a-4c19-11df-9707-0019667413e3} - F:\wd_windows_tools\WDSetup.exe
MountPoints2: {6f1d5753-94fc-11e1-965e-0019667413e3} - F:\InstallTomTomHOME.exe
MountPoints2: {a35bb1c0-2e1c-11de-a786-0019667413e3} - G:\InstallTomTomHOME.exe
MountPoints2: {fb3c2b76-75a4-11dd-8815-806d6172696f} - D:\Bin\assetup.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\bfjapmi6.default
FF Homepage: hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Programme\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Programme\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=8 - C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF Extension: No Name - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Move Media Player - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\bfjapmi6.default\Extensions\moveplayer@movenetworks.com
FF Extension: Old Location Bar - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\bfjapmi6.default\Extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\bfjapmi6.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: ffe_ff3ff4 - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\bfjapmi6.default\Extensions\ffe_ff3ff4@game-point.net.xpi
FF Extension: status4evar - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\bfjapmi6.default\Extensions\status4evar@caligonstudios.com.xpi
FF Extension: No Name - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\bfjapmi6.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: No Name - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\bfjapmi6.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-08-29] ()
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [136360 2011-03-28] (Avira GmbH)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-29] (Avira GmbH)
S3 getPlusHelper; C:\Programme\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [136176 2010-11-25] (Google Inc.)
R2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [137200 2008-10-01] (Google)
R2 KMWDSERVICE; C:\Programme\Multimedia Keyboard Driver\V5\KMWDSrv.exe [2179072 2007-05-08] (UASSOFT.COM)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [129976 2012-05-04] (Mozilla Foundation)
R2 RichVideo; C:\Programme\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
S3 ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia)
R2 TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [92592 2012-01-23] (TomTom)
R2 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [75304 2008-07-09] (Zone Labs, LLC)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2008-08-29] (Meetinghouse Data Communications)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [43520 2006-07-01] (Advanced Micro Devices)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2009-07-19] ()
R1 avgio; C:\Programme\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-06-29] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-06-29] (Avira GmbH)
R3 EuMusDesignVirtualAudioCableWdm_s2x; C:\Windows\System32\DRIVERS\vacs2xkd.sys [42880 2007-11-01] (Eugene V. Muzychenko)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [127768 2007-07-19] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-07-19] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-26] (Malwarebytes Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
U3 Nerfpaunsvca; C:\WINDOWS\system32\drivers\tcpip.sys [361344 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [102400 2007-08-09] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [57600 2009-10-25] (SCM Microsystems Inc.)
R0 srescan; C:\Windows\System32\ZoneLabs\srescan.sys [51176 2008-02-27] (Zone Labs, LLC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2012-06-03] ()
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2008-11-13] (SCM Microsystems Inc.)
R1 vsdatant; C:\Windows\System32\vsdatant.sys [394952 2008-07-09] (Zone Labs, LLC)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
U2 CertPropSvc;
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\FRST
2013-06-26 13:30 - 2013-06-26 13:31 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-26 13:29 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-26 13:01 - 2013-06-26 13:01 - 00000000 ____D C:\_OTL
==================== One Month Modified Files and Folders ========
2013-06-26 13:45 - 2013-06-26 13:45 - 00000000 ____D C:\FRST
2013-06-26 13:42 - 2010-11-25 11:34 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-26 13:34 - 2013-01-30 22:23 - 00001214 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1417001333-682003330-1004UA.job
2013-06-26 13:31 - 2013-06-26 13:30 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-26 13:29 - 2008-08-29 10:27 - 00000000 ___RD C:\Programme
2013-06-26 13:12 - 2008-08-29 09:35 - 00305804 ____A C:\Windows\WindowsUpdate.log
2013-06-26 13:07 - 2008-08-29 15:27 - 00081496 ____A C:\Windows\System32\nvapps.xml
2013-06-26 13:06 - 2010-11-25 11:34 - 00000874 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 13:06 - 2008-08-29 16:02 - 00358382 ____A C:\Windows\System32\vsconfig.xml
2013-06-26 13:06 - 2008-08-29 10:29 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-26 13:06 - 2008-08-29 10:29 - 00000050 ____A C:\Windows\wiaservc.log
2013-06-26 13:06 - 2008-08-29 09:52 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 13:05 - 2008-08-29 16:05 - 136196128 __ASH C:\Windows\System32\Drivers\fidbox.dat
2013-06-26 13:05 - 2008-08-29 16:05 - 01529396 __ASH C:\Windows\System32\Drivers\fidbox.idx
2013-06-26 13:05 - 2008-08-29 09:52 - 00032634 ____A C:\Windows\SchedLgU.Txt
2013-06-26 13:01 - 2013-06-26 13:01 - 00000000 ____D C:\_OTL
2013-06-26 11:16 - 2009-04-08 14:09 - 00000386 ____A C:\Windows\Tasks\NSSstub.job
2013-06-26 00:07 - 2010-09-01 14:24 - 00001568 ____A C:\Windows\setupact.log
2013-06-25 21:34 - 2013-01-30 22:23 - 00001162 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1417001333-682003330-1004Core.job
2013-06-25 13:02 - 2008-04-14 14:00 - 00002422 ____A C:\Windows\System32\wpa.dbl
2013-06-23 21:53 - 2010-06-19 16:07 - 00050679 ____A C:\Windows\wmsetup.log
2013-06-23 12:34 - 2008-08-29 16:27 - 00000000 ____D C:\Waldritter
2013-06-10 15:44 - 2010-06-01 12:34 - 00184561 ____A C:\Windows\setupapi.log
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0109056 ____A (Microsoft Corporation) 4bb6a83640f1d1792ad21ce767b621c6
C:\Windows\System32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================ --- --- ---
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-06-2013 02
Ran by Daniel at 2013-06-26 13:46:41
Running from C:\Dokumente und Einstellungen\Daniel\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
4Musics WMA to WAV Converter 4.2
Adobe AIR (Version: 1.5.3.9130)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe Download Manager (Version: 1.6.2.63)
Adobe Flash Player 10 Plugin (Version: 10.3.183.11)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe InDesign 2.0 (Version: 2.0)
Adobe Photoshop CS (Version: CS)
Adobe Reader 9 - Deutsch (Version: 9.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5)
Adobe SVG Viewer 3.0 (Version: 3.0)
AMD Processor Driver (Version: 1.3.2.0053)
Apple Software Update (Version: 2.1.1.116)
Audacity 1.2.6
AudibleManager (Version: 2089948342.2089948404.2090381600.2089948362)
Audiograbber 1.83 SE (Version: 1.83 SE )
Audiograbber Lame-MP3-Plugin (Version: 1.0)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.719)
bcTester 4.7 (de) (Version: 1.0.0)
Brother MFL-Pro Suite (Version: 1.00.000)
CamStudio
Camtasia Studio 6 (Version: 6.0.3)
CCleaner (Version: 2.31)
CDBurnerXP (Version: 4.5.1.3868)
Codec Pack - All In 1 6.0.3.0
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
CrissCross 8.40 (Version: 8.4.0.0)
CX4300_5500_DX4400 Handbuch
DNA (HKCU Version: 2.2.2 (13666))
ElsterFormular (Version: 14.1.11318)
ElsterFormular für Privatanwender (Version: 12.2.1.6570p)
EPSON Copy Utility 3 (Version: 3.2.0.0)
EPSON Scan
EPSON Web-To-Page
EPSON-Drucker-Software
Facebook Plug-In
FormatFactory 2.30 (Version: 2.30)
Fotobuch Designer 2.1 (Version: Fotobuch Designer 2.1)
FoxTab Audio Converter
Freemake Video Converter Version 3.1.2 (Version: 3.1.2)
Google Earth (Version: 5.2.1.1588)
Google Talk Plugin (Version: 3.10.2.10212)
Google Update Helper (Version: 1.2.183.39)
Google Updater (Version: 2.3.1334.1308)
GroupMail :: Free Edition (Version: 5.2.0.54)
GUI for dvdauthor 1.07 (Version: 1.07)
ID3-TagIT 3 (Version: 3)
IrfanView (remove only)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 33 (Version: 6.0.330)
Java(TM) 6 Update 7 (Version: 1.6.0.70)
Lexware Elster (Version: 9.10.00.0041)
Lexware Info Service (Version: 2.70.00.0081)
Ludwig 2.0 (Version: 2)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Mater
MFC RunTime files (Version: 1.0.0)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Language Pack - DEU (Version: 1.1.50727.42)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2000 Premium (Version: 9.00.2816)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 12.0 (x86 de) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MP3 WAV WMA Converter (Version: MP3 WAV WMA Converter)
mp3-2-wav converter 1.14
Mpeg2Decoder 1.3
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
msxml4 (Version: 1.0.0)
Multimedia Keyboard Driver (Version: 2.0)
No23 Recorder (Version: 2.1.0.3)
Nokia Connectivity Cable Driver (Version: 7.1.23.0)
NVIDIA Drivers
ODF Add-in für Microsoft Word (Version: 2.0.0)
OpenLibraries
OpenOffice.org 3.0 (Version: 3.0.9358)
Pazera Free MP4 to AVI Converter 1.6 (Version: 1.6)
PC Connectivity Solution (Version: 9.44.0.3)
PDFCreator (Version: 0.9.5)
Picasa 3 (Version: 3.1)
Pivot Stickfigure Animator version 2.2.7 (Version: 2.2.7)
Pixum Fotobuch
PowerDVD (Version: 7.0.3409.a)
psynetic® Gif-X 3.00 (Version: 3.00)
QuickTime (Version: 7.60.92.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5969)
RUBICon (Version: 2.0.25)
SCR3xxx Smart Card Reader (Version: 8.40)
Sicherheitsupdate für Windows Media Player (KB952069)
Skype™ 5.3 (Version: 5.3.120)
SmartTools Publishing · Word Falz und Lochmarken-Assistent (HKCU Version: v3.50)
Star Wars Battlefront (Version: 1.0)
Starcraft Shareware(ED)
System Care Antivirus
TomTom HOME 2.8.3.2499 (Version: 2.8.3.2499)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
VLC media player 0.9.4 (Version: 0.9.4)
VR-NetWorld
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.541 )
Windows Media Format Runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
Wisdom-soft Set up ASR 3.1 Free
ZoneAlarm (Version: 7.0.483.000)
==================== Restore Points =========================
27-05-2013 22:39:31 Systemprüfpunkt
02-06-2013 19:36:56 Systemprüfpunkt
04-06-2013 18:00:02 Systemprüfpunkt
09-06-2013 09:03:42 Systemprüfpunkt
10-06-2013 15:55:52 Systemprüfpunkt
14-06-2013 00:15:05 Systemprüfpunkt
16-06-2013 18:01:53 Systemprüfpunkt
18-06-2013 11:14:23 Systemprüfpunkt
25-06-2013 11:49:49 Systemprüfpunkt
==================== Hosts content: ==========================
127.0.0.1 localhost
127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 ar.atwola.com
127.0.0.1 atwola.com
127.0.0.1 adserver.71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 71i.de
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1417001333-682003330-1004Core.job => C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1417001333-682003330-1004UA.job => C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\NSSstub.job => C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe
==================== Faulty Device Manager Devices =============
Name: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
Description: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/26/2013 01:06:36 PM) (Source: crypt32) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.
Error: (06/26/2013 11:58:27 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error: (06/26/2013 11:57:15 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error: (06/26/2013 11:12:00 AM) (Source: crypt32) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.
Error: (06/25/2013 01:07:00 PM) (Source: Application Hang) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 12.0.0.4493, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (06/25/2013 01:02:36 PM) (Source: crypt32) (User: )
Description: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.
Error: (06/23/2013 09:57:56 PM) (Source: Application Hang) (User: )
Description: Stillstehende Anwendung moviemk.exe, Version 2.1.4026.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (06/23/2013 01:53:13 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung winword.exe, Version 9.0.0.2823, fehlgeschlagenes Modul mso9.dll, Version 9.0.0.2812, Fehleradresse 0x00010168.
Das medienspezifische Ereignis für [winword.exe!ws!] wird verarbeitet.
Error: (06/18/2013 06:18:13 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung gmmailer.exe, Version 5.2.0.54, fehlgeschlagenes Modul clbcatq.dll, Version 2001.12.4414.700, Fehleradresse 0x00001f30.
Das medienspezifische Ereignis für [gmmailer.exe!ws!] wird verarbeitet.
Error: (06/09/2013 04:02:35 PM) (Source: Application Hang) (User: )
Description: Stillstehende Anwendung WINWORD.EXE, Version 9.0.0.2823, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
System errors:
=============
Error: (06/26/2013 01:06:42 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error: (06/26/2013 00:37:03 PM) (Source: DCOM) (User: ARBEITSZIMMER)
Description: Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (06/26/2013 00:36:33 PM) (Source: DCOM) (User: ARBEITSZIMMER)
Description: Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (06/26/2013 00:36:03 PM) (Source: DCOM) (User: ARBEITSZIMMER)
Description: Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (06/26/2013 00:19:25 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Google Updater Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (06/26/2013 00:05:04 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/26/2013 00:04:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Updater Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 900000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error: (06/26/2013 00:03:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/26/2013 00:03:17 PM) (Source: Service Control Manager) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows Installer.
Error: (06/26/2013 00:00:53 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (06/26/2013 01:06:36 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
Error: (06/26/2013 11:58:27 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d
Error: (06/26/2013 11:57:15 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d
Error: (06/26/2013 11:12:00 AM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
Error: (06/25/2013 01:07:00 PM) (Source: Application Hang)(User: )
Description: firefox.exe12.0.0.4493hungapp0.0.0.000000000
Error: (06/25/2013 01:02:36 PM) (Source: crypt32)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
Error: (06/23/2013 09:57:56 PM) (Source: Application Hang)(User: )
Description: moviemk.exe2.1.4026.0hungapp0.0.0.000000000
Error: (06/23/2013 01:53:13 PM) (Source: Application Error)(User: )
Description: winword.exe9.0.0.2823mso9.dll9.0.0.281200010168
Error: (06/18/2013 06:18:13 PM) (Source: Application Error)(User: )
Description: gmmailer.exe5.2.0.54clbcatq.dll2001.12.4414.70000001f30
Error: (06/09/2013 04:02:35 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE9.0.0.2823hungapp0.0.0.000000000
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 1791.23 MB
Available physical RAM: 916.03 MB
Total Pagefile: 3685.82 MB
Available Pagefile: 2867.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.75 GB) (Free:27.67 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (BF_1) (CDROM) (Total:2.09 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F372F372)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================ --- --- ---
Vielen vielen vielen Dank schonmal fürs Helfen!!! |