Hi, danke für die Rückmeldung: Hier kommen die Dateien:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by Roland (administrator) on ROLAND-PC on 17-09-2013 13:34:07
Running from C:\Users\Roland Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Users\Roland \Downloads\openhardwaremonitor-v0.5.1-beta\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Roland \AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\dradio-Recorder\phonostarTimer.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-29] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2012-10-10] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Roland \AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [dradio-RecorderTimer] - C:\Program Files\dradio-Recorder\phonostarTimer.exe [41472 2012-04-03] ()
HKCU\...\Run: [pdiface] - C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [259376 2013-07-29] (Bitdefender)
HKCU\...\Run: [Spotify] - C:\Users\Roland \AppData\Roaming\Spotify\Spotify.exe [4640768 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\Explorer: [NoDrives] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30E532FFD41ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Snapform Viewer PlugIn for IE - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Program Files\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 83.169.186.161 83.169.186.225
FireFox:
========
FF ProfilePath: C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll No File
FF SearchPlugin: C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\searchplugins\0180-telefonbuch.xml
FF SearchPlugin: C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\searchplugins\0180info.xml
FF SearchPlugin: C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\searchplugins\ebay-kleinanzeigen.xml
FF SearchPlugin: C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\searchplugins\finanzennet.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\DeviceDetection@logitech.com
FF Extension: Empty Cache Button - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF Extension: EPUBReader - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: clearConsole - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\clearConsole@penzil.com.xpi
FF Extension: ffext_basicchromeext - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\ffext_basicchromeext@startpage24.xpi
FF Extension: firefox - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\firefox@ghostery.com.xpi
FF Extension: info - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\info@virustotal.com.xpi
FF Extension: locationbar2 - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\locationbar2@design-noir.de.xpi
FF Extension: memoryrestart - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\memoryrestart@teamextension.com.xpi
FF Extension: secoltab - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\secoltab@talaransos.nsk.xpi
FF Extension: shopclever - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\shopclever@extension.xpi
FF Extension: testpilot - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
FF Extension: No Name - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: No Name - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi
FF Extension: No Name - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Roland \AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: No Name - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\135r9kpp.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1221384 2013-07-29] (Bitdefender)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-27] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 catchme; \??\C:\Users\ROLAND~1\AppData\Local\Temp\catchme.sys [x]
S3 cpuz136; \??\C:\Users\ROLAND~1\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [x]
R4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
R3 WinRing0_1_2_0; \??\C:\Users\Roland \AppData\Local\Temp\tmp9E97.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-17 13:33 - 2013-09-17 13:33 - 00000000 ____D C:\FRST
2013-09-17 13:32 - 2013-09-17 13:32 - 01083437 _____ (Farbar) C:\Users\Roland \Downloads\FRST.exe
2013-09-17 09:47 - 2013-09-17 09:47 - 00049210 _____ C:\Users\Roland \Downloads\Satzung_der_CityEnergy24_eG_-_Stand_04.2012.pdf.part
2013-09-11 23:11 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 23:11 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 23:11 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 23:11 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 23:11 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 23:11 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 23:11 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 22:46 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 22:46 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 22:45 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 22:45 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 22:45 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 22:45 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 22:45 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 22:45 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 22:45 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 21:39 - 2013-09-11 21:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-11 21:20 - 2013-09-11 21:21 - 07944952 _____ C:\Users\Roland \Downloads\E7369v1.0.zip
2013-09-04 10:26 - 2013-09-11 22:40 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
2013-09-04 09:24 - 2013-09-04 09:24 - 00000000 ____D C:\Program Files\Greenshot
2013-09-04 09:22 - 2013-09-04 09:22 - 01300198 _____ (Greenshot ) C:\Users\Roland \Downloads\Greenshot-INSTALLER-1.1.5.2643.exe
2013-08-31 12:23 - 2013-08-31 12:23 - 00228225 _____ C:\Users\Roland \Downloads\bills.sap
==================== One Month Modified Files and Folders =======
2013-09-17 13:33 - 2013-09-17 13:33 - 00000000 ____D C:\FRST
2013-09-17 13:32 - 2013-09-17 13:32 - 01083437 _____ (Farbar) C:\Users\Roland \Downloads\FRST.exe
2013-09-17 13:14 - 2012-12-18 14:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 13:10 - 2012-03-26 11:19 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 13:10 - 2011-07-28 11:50 - 00000000 ____D C:\Users\Roland \AppData\Roaming\Skype
2013-09-17 13:10 - 2011-07-22 14:40 - 01272258 _____ C:\Windows\WindowsUpdate.log
2013-09-17 11:49 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-09-17 10:15 - 2009-07-14 06:34 - 00018112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 10:15 - 2009-07-14 06:34 - 00018112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 10:08 - 2012-05-06 19:32 - 00000000 ___RD C:\Users\Roland \Google Drive
2013-09-17 10:07 - 2013-07-21 11:29 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-17 10:07 - 2012-12-14 12:23 - 00004150 _____ C:\Windows\PFRO.log
2013-09-17 10:07 - 2012-11-09 09:50 - 00051364 _____ C:\Windows\setupact.log
2013-09-17 10:07 - 2012-03-26 11:19 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-17 10:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 10:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\SchCache
2013-09-17 09:47 - 2013-09-17 09:47 - 00049210 _____ C:\Users\Roland \Downloads\Satzung_der_CityEnergy24_eG_-_Stand_04.2012.pdf.part
2013-09-17 09:19 - 2013-03-20 15:08 - 00000000 ____D C:\Users\Roland \Documents\Steuer 2012
2013-09-17 09:00 - 2011-08-29 18:46 - 00000000 ____D C:\Users\Roland \Documents\Klassenkasse Linda
2013-09-16 20:04 - 2012-06-19 17:47 - 00000000 ____D C:\Users\Roland \Documents\Robert
2013-09-16 19:23 - 2013-04-04 07:46 - 00087040 ___SH C:\Users\Roland \Desktop\Thumbs.db
2013-09-16 09:29 - 2013-03-18 20:19 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-09-16 08:15 - 2013-03-18 20:19 - 00001895 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-09-14 14:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 08:14 - 2012-03-31 18:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-13 08:14 - 2011-07-22 16:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 23:17 - 2009-07-14 06:33 - 00297368 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 23:16 - 2012-04-26 08:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-11 23:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 23:09 - 2013-07-29 11:24 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 23:06 - 2011-07-22 17:25 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 22:40 - 2013-09-04 10:26 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
2013-09-11 21:39 - 2013-09-11 21:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-11 21:21 - 2013-09-11 21:20 - 07944952 _____ C:\Users\Roland \Downloads\E7369v1.0.zip
2013-09-11 11:14 - 2011-07-22 14:48 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-06 10:39 - 2012-08-14 18:47 - 00000000 ____D C:\Users\Roland \Documents\bank
2013-09-04 20:55 - 2011-08-29 15:47 - 00000000 ____D C:\Users\Roland \Documents\Klassenkasse Heiko
2013-09-04 15:01 - 2013-06-01 13:55 - 00000000 ____D C:\ProgramData\CanonIJ
2013-09-04 15:01 - 2013-06-01 13:19 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-04 15:01 - 2012-10-17 08:01 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 09:24 - 2013-09-04 09:24 - 00000000 ____D C:\Program Files\Greenshot
2013-09-04 09:22 - 2013-09-04 09:22 - 01300198 _____ (Greenshot ) C:\Users\Roland \Downloads\Greenshot-INSTALLER-1.1.5.2643.exe
2013-09-04 08:41 - 2012-05-07 08:57 - 00000000 ____D C:\Users\Roland \Documents\ Bank
2013-09-04 08:31 - 2012-04-03 11:51 - 00000000 ____D C:\Users\Roland \Documents\ bank
2013-09-03 15:44 - 2011-07-28 12:19 - 00005062 _____ C:\Users\Roland \Desktop\roland.AmP
2013-09-02 09:54 - 2012-04-11 17:03 - 00000000 ____D C:\Users\Roland \AppData\Roaming\Spotify
2013-09-02 09:46 - 2012-04-11 17:03 - 00000000 ____D C:\Users\Roland \AppData\Local\Spotify
2013-08-31 12:23 - 2013-08-31 12:23 - 00228225 _____ C:\Users\Roland \Downloads\bills.sap
2013-08-30 08:02 - 2011-08-25 08:10 - 00000000 ____D C:\Users\Roland \Documents\BI B3
2013-08-29 17:00 - 2013-05-07 19:02 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-29 17:00 - 2012-10-17 08:01 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-29 17:00 - 2012-05-29 14:04 - 00000000 ____D C:\Users\Roland \Documents\ bank
Some content of TEMP:
====================
C:\Users\Roland \AppData\Local\temp\i4jdel0.exe
C:\Users\Roland \AppData\Local\temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Roland \AppData\Local\temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Roland \AppData\Local\temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Roland \AppData\Local\temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Roland \AppData\Local\temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Roland \AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Roland \AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Roland \AppData\Local\temp\MSETUP4.EXE
C:\Users\Roland \AppData\Local\temp\sfamcc00001.dll
C:\Users\Roland \AppData\Local\temp\sfamcc00002.dll
C:\Users\Roland \AppData\Local\temp\sfareca00002.dll
C:\Users\Roland \AppData\Local\temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-31 16:38
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
************************************************************************************************ Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03
Ran by Roland at 2013-09-17 13:34:31
Running from C:\Users\Roland\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
AAVUpdateManager (Version: 18.00.0000)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Alle meine Passworte 3.20
Avira Free Antivirus (Version: 13.0.0.4052)
BILD-Steuer 2011 (Version: 16.16)
BILD-Steuer 2012 (Version: 17.11)
BILD-Steuer 2013 (Version: 18.09)
Bitdefender 60-Second Virus Scanner (Version: 1.0.3.59)
Canon MP Navigator EX 2.0
CanoScan LiDE 200 Scanner Driver
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
CDBurnerXP (Version: 4.5.2.4291)
ClipTray (Version: 1.61)
CrystalDiskInfo 5.6.1 (Version: 5.6.1)
dradio-Recorder Version 3.02.6
ESET Online Scanner v3
EVEREST Home Edition v2.20 (Version: 2.20)
Google Drive (Version: 1.11.4865.2530)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
Greenshot 1.1.5.2643 (Version: 1.1.5.2643)
Inkjet Printer/Scanner Extended Survey Program
IrfanView (remove only) (Version: 4.30)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
MailStore Home 8.0.3.8595 (Version: 8.0.3.8595)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Camera Codec Pack (Version: 16.4.1970.0624)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
NVIDIA Drivers (Version: 1.10.62.40)
OpenOffice 4.0.0 (Version: 4.00.9702)
POIbase 1.051
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.6 (Version: 6.6.106)
Snapform Viewer 1.7.32 (Version: 1.7.32)
SpeedFan (remove only)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Squadra (Version: 0.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Yahoo! Install Manager
Yahoo! Widgets (Version: 4.5.2.0)
==================== Restore Points =========================
18-08-2013 11:14:15 Windows-Sicherung
20-08-2013 07:17:33 Windows Update
26-08-2013 06:20:08 Windows-Sicherung
27-08-2013 06:17:58 Windows Update
01-09-2013 13:55:05 Windows-Sicherung
03-09-2013 12:41:28 Windows Update
09-09-2013 05:49:37 Windows-Sicherung
10-09-2013 07:12:23 Windows Update
11-09-2013 21:05:29 Windows Update
15-09-2013 17:26:24 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:04 - 2012-08-15 09:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0E17B009-A2E2-4287-8E51-EE797D16DACD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26] (Google Inc.)
Task: {1DE2D526-040C-4B9A-80A3-6F5BE307266B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26] (Google Inc.)
Task: {22512525-1226-4C82-AA3A-A92E588EE869} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {26A4E3E3-CEC2-43D3-8DA7-2A0453AA4655} - System32\Tasks\Open Hardware Monitor\Startup => C:\Users\Roland \Downloads\openhardwaremonitor-v0.5.1-beta\OpenHardwareMonitor\OpenHardwareMonitor.exe [2012-12-13] ()
Task: {3E560EA2-C84C-4AF8-82C5-35BAE5D3D818} - System32\Tasks\{CFF2361D-307E-4C39-BAA3-4BE97920D66C} => C:\Users\Roland \AppData\Roaming\Spotify\spotify.exe [2013-09-02] (Spotify Ltd)
Task: {44FB1F20-217D-4ED8-B30A-F9AE7146A316} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {6BFD8621-BF96-48DD-8E3F-14C271842448} - System32\Tasks\{98531896-DA04-49DD-8AEE-5D3BBC5B0E20} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {883B3AFC-90DF-457B-BA3E-065F8EC05D53} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {A5CF1EBC-2F0D-476B-8786-820659D087BF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {D281713B-9618-4955-B354-6EE1B78A91CB} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {F448751B-5723-4EE2-9BEC-E15B31964329} - System32\Tasks\{728FB453-89DD-4D1D-B4B9-FA9A0FFFFDD5} => C:\Users\Roland \AppData\Roaming\Spotify\spotify.exe [2013-09-02] (Spotify Ltd)
Task: {FC0F2079-DAFF-4C9A-B855-40CA749A6737} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2013-05-03 10:34 - 2012-03-21 12:26 - 02794248 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Program Files\Bitdefender\60-Second Virus Scanner\install\htmlayout.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files\Skype\Updater\Updater.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 02436608 _____ (Python Software Foundation) C:\Users\Roland\AppData\Local\temp\_MEI30725\python27.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 00098816 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32api.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00110080 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\PyWinTypes27.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 00364544 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\pythoncom27.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 00044032 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\_socket.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 01153024 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\_ssl.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00320512 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32com.shell.shell.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00711680 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\_hashlib.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 01175040 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\wx._core_.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 01985024 _____ (wxWidgets development team) C:\Users\Roland \AppData\Local\temp\_MEI30725\wxbase294u_vc90.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 00154112 _____ (wxWidgets development team) C:\Users\Roland \AppData\Local\temp\_MEI30725\wxbase294u_net_vc90.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 04598272 _____ (wxWidgets development team) C:\Users\Roland \AppData\Local\temp\_MEI30725\wxmsw294u_core_vc90.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 01234944 _____ (wxWidgets development team) C:\Users\Roland \AppData\Local\temp\_MEI30725\wxmsw294u_adv_vc90.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 00805888 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\wx._gdi_.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00811008 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\wx._windows_.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00595968 _____ (wxWidgets development team) C:\Users\Roland \AppData\Local\temp\_MEI30725\wxmsw294u_html_vc90.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 01062400 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\wx._controls_.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00735232 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\wx._misc_.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00128512 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\_elementtree.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00127488 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\pyexpat.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00557056 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\pysqlite2._sqlite.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00087040 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\_ctypes.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00119808 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32file.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00108544 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32security.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00018432 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32event.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00038912 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32inet.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00122368 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\wx._wizard.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00686080 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\unicodedata.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00026624 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\_multiprocessing.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00070656 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\wx._html2.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00091648 _____ (wxWidgets development team) C:\Users\Roland \AppData\Local\temp\_MEI30725\wxmsw294u_webview_vc90.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 00010240 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\select.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00025600 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32pdh.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00504832 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\windows._cacheinvalidation.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00421200 _____ (Microsoft Corporation) C:\Users\Roland \AppData\Local\temp\_MEI30725\msvcp100.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 00773968 _____ (Microsoft Corporation) C:\Users\Roland \AppData\Local\temp\_MEI30725\msvcr100.dll
2013-09-17 10:07 - 2013-09-17 10:07 - 00011264 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32crypt.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00035840 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32process.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00017408 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32profile.pyd
2013-09-17 10:07 - 2013-09-17 10:07 - 00022528 _____ () C:\Users\Roland \AppData\Local\temp\_MEI30725\win32ts.pyd
2013-09-11 21:39 - 2013-09-11 21:39 - 03265432 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-10-21 19:02 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2012-10-21 19:02 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
2007-05-31 10:20 - 2007-05-31 10:20 - 00058248 _____ (Microsoft Corporation) C:\Windows\WindowsMobile\wmdsyncman.dll
==================== Alternate Data Streams (whitelisted) ==========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/17/2013 09:48:34 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 24.0.0.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1224
Startzeit: 01ceb36ec5a35fef
Endzeit: 15
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: 88c2e524-1f6d-11e3-98c7-00241d83b490
Error: (09/15/2013 07:19:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xafc
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/13/2013 07:59:20 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x670
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/11/2013 10:40:56 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/11/2013 08:40:31 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xf7c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/10/2013 09:08:12 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/09/2013 07:40:54 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xf90
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/04/2013 00:59:13 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/28/2013 09:19:17 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/27/2013 08:35:37 AM) (Source: Application Hang) (User: )
Description: Programm thunderbird.exe, Version 17.0.8.4961 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1600
Startzeit: 01cea2ecb3b502e6
Endzeit: 78
Anwendungspfad: C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Berichts-ID: d0c091d6-0ee2-11e3-8b04-00241d83b490
System errors:
=============
Error: (09/17/2013 08:13:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/15/2013 07:19:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Real-Time Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/15/2013 07:19:30 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (09/15/2013 07:19:26 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (09/14/2013 01:46:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/14/2013 01:44:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/14/2013 01:44:57 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (09/14/2013 01:44:56 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (09/13/2013 07:59:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Real-Time Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/13/2013 07:59:43 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
Error: (09/17/2013 09:48:34 AM) (Source: Application Hang)(User: )
Description: firefox.exe24.0.0.5000122401ceb36ec5a35fef15C:\Program Files\Mozilla Firefox\firefox.exe88c2e524-1f6d-11e3-98c7-00241d83b490
Error: (09/15/2013 07:19:23 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487afc01ceb237af30f6faC:\Program Files\Avira\AntiVir Desktop\avnotify.exeC:\Program Files\Avira\AntiVir Desktop\avnotify.exef6b3f4d0-1e2a-11e3-bbda-00241d83b490
Error: (09/13/2013 07:59:20 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148767001ceb046593ca8a1C:\Program Files\Avira\AntiVir Desktop\avnotify.exeC:\Program Files\Avira\AntiVir Desktop\avnotify.exea1446b6b-1c39-11e3-ac25-00241d83b490
Error: (09/11/2013 10:40:56 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/11/2013 08:40:31 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487f7c01ceaeb9c5e2323eC:\Program Files\Avira\AntiVir Desktop\avnotify.exeC:\Program Files\Avira\AntiVir Desktop\avnotify.exe0d21af80-1aad-11e3-9461-00241d83b490
Error: (09/10/2013 09:08:12 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487b3401ceadf4794a18a8C:\Program Files\Avira\AntiVir Desktop\avnotify.exeC:\Program Files\Avira\AntiVir Desktop\avnotify.exec0c936ac-19e7-11e3-bfb2-00241d83b490
Error: (09/09/2013 07:40:54 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487f9001cead1f1cbd340bC:\Program Files\Avira\AntiVir Desktop\avnotify.exeC:\Program Files\Avira\AntiVir Desktop\avnotify.exe640fc41d-1912-11e3-911e-00241d83b490
Error: (09/04/2013 00:59:13 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/28/2013 09:19:17 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/27/2013 08:35:37 AM) (Source: Application Hang)(User: )
Description: thunderbird.exe17.0.8.4961160001cea2ecb3b502e678C:\Program Files\Mozilla Thunderbird\thunderbird.exed0c091d6-0ee2-11e3-8b04-00241d83b490
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3326.49 MB
Available physical RAM: 2089.8 MB
Total Pagefile: 6651.27 MB
Available Pagefile: 4735.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.44 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:372.61 GB) (Free:296.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (CDROM) (Total:0.78 GB) (Free:0 GB) CDFS
Drive e: (Volume) (Fixed) (Total:232.88 GB) (Free:60.55 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.
SecurityCheck und:
