DrunkenHorse | 20.06.2014 21:12 | Vielen Dank für die schnelle Antwort, hier die Dateien:
FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-06-2014
Ran by Alex (administrator) on ALEX-PC on 20-06-2014 22:05:48
Running from C:\Users\Alex\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6253160 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-26] (Microsoft Corporation)
HKU\S-1-5-21-2558831264-4044699663-2225051731-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2558831264-4044699663-2225051731-1000\...\Run: [WinHelp] => wscript.exe //B "C:\Users\Alex\AppData\Roaming\WinHelp.vbs"
HKU\S-1-5-21-2558831264-4044699663-2225051731-1000\...\MountPoints2: {4b6b0304-ee1f-11e3-9185-806e6f6e6963} - F:\windows\Data\setup.exe
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinHelp.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7E78894F7A01CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\voebtn2l.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-20 22:05 - 2014-06-20 22:06 - 00006957 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-06-20 22:05 - 2014-06-20 22:05 - 01073152 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2014-06-20 22:05 - 2014-06-20 22:05 - 00000000 ____D () C:\FRST
2014-06-20 19:02 - 2014-06-20 19:23 - 65384448 _____ () C:\Users\Alex\Downloads\S0sedy.na.Trope.Voyni.2014.Dt.WEBRip.1400MB_komapz.net.part1.rar.part
2014-06-19 18:54 - 2014-06-19 18:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-14 17:43 - 2014-06-20 18:55 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\FlashPlayer Install
2014-06-14 14:26 - 2014-06-20 19:29 - 00800428 ___SH () C:\Users\Alex\AppData\Roaming\WinHelp.vbs
2014-06-11 20:07 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 20:07 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 20:07 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 20:07 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 20:07 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 20:07 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 20:07 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 20:07 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 20:07 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 20:07 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 20:07 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 20:07 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 20:07 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 20:07 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 20:07 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 20:07 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 20:07 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 20:07 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 20:07 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 20:07 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 20:07 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 20:07 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 20:07 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 20:07 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 20:07 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 20:07 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 20:07 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 20:06 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 20:06 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 20:06 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 20:06 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 20:06 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 20:06 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 20:06 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 20:06 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 20:06 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 20:06 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-05-25 14:31 - 2014-05-25 14:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
==================== One Month Modified Files and Folders =======
2014-06-20 22:06 - 2014-06-20 22:05 - 00006957 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-06-20 22:05 - 2014-06-20 22:05 - 01073152 _____ (Farbar) C:\Users\Alex\Desktop\FRST.exe
2014-06-20 22:05 - 2014-06-20 22:05 - 00000000 ____D () C:\FRST
2014-06-20 21:49 - 2013-12-25 16:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-20 21:46 - 2013-12-25 16:38 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2014-06-20 20:02 - 2013-12-25 15:04 - 01456377 _____ () C:\Windows\WindowsUpdate.log
2014-06-20 19:29 - 2014-06-14 14:26 - 00800428 ___SH () C:\Users\Alex\AppData\Roaming\WinHelp.vbs
2014-06-20 19:26 - 2013-12-25 15:14 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 19:23 - 2014-06-20 19:02 - 65384448 _____ () C:\Users\Alex\Downloads\S0sedy.na.Trope.Voyni.2014.Dt.WEBRip.1400MB_komapz.net.part1.rar.part
2014-06-20 18:55 - 2014-06-14 17:43 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\FlashPlayer Install
2014-06-20 18:40 - 2009-07-14 06:34 - 00015072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 18:40 - 2009-07-14 06:34 - 00015072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 18:32 - 2014-04-19 12:24 - 00007237 _____ () C:\Windows\setupact.log
2014-06-20 18:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 18:31 - 2013-12-25 16:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 18:54 - 2014-06-19 18:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-16 18:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-11 20:21 - 2014-04-30 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-08 10:48 - 2014-06-11 20:06 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-11 20:06 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 19:33 - 2013-12-25 16:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-04 19:33 - 2013-12-25 16:23 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-30 11:18 - 2014-06-11 20:07 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-11 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-11 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-11 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-11 20:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-11 20:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 20:07 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-11 20:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 20:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-11 20:07 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-11 20:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-11 20:07 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-11 20:07 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-11 20:07 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-11 20:07 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 20:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-11 20:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 20:07 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-11 20:07 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-11 20:06 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-11 20:07 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 20:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 20:07 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-11 20:07 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-11 20:07 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-11 20:07 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-11 20:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-25 14:31 - 2014-05-25 14:31 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-25 14:31 - 2014-03-27 14:45 - 00000000 ___RD () C:\Program Files\Skype
2014-05-25 14:31 - 2013-12-25 16:38 - 00000000 ____D () C:\ProgramData\Skype
2014-05-23 18:20 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-20 18:51
==================== End Of Log ============================ --- --- ---
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-06-2014
Ran by Alex at 2014-06-20 22:07:02
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0705.1115.18310 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.60705.1113 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (Version: 2011.0705.1115.18310 - Ihr Firmenname) Hidden
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{13AD0436-E893-E726-0CBB-33FCF35A2F29}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.0705.1115.18310 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2011.0705.1115.18310 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2011.0705.1115.18310 - ATI) Hidden
CCC Help Chinese Standard (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Czech (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Danish (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Dutch (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help English (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Finnish (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help French (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help German (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Greek (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Hungarian (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Italian (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Japanese (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Korean (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Norwegian (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Polish (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Portuguese (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Russian (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Spanish (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Swedish (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Thai (Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Turkish (Version: 2011.0705.1114.18310 - ATI) Hidden
ccc-utility (Version: 2011.0705.1115.18310 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
==================== Restore Points =========================
30-04-2014 15:34:07 Windows Update
02-05-2014 09:03:33 Windows Update
09-05-2014 20:05:26 Geplanter Prüfpunkt
17-05-2014 08:08:16 Windows Update
17-05-2014 13:57:14 Windows Update
25-05-2014 14:51:20 Geplanter Prüfpunkt
11-06-2014 18:16:31 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {260FA391-9397-40A0-A4AC-27ACF5390E07} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {B2347D3D-E2EA-4A55-BBC3-5E06A131D059} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-07-05 12:26 - 2011-07-05 12:26 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-07-05 12:26 - 2011-07-05 12:26 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 12:13 - 2011-07-05 12:13 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 14:42 - 2011-06-17 14:42 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-06-19 18:54 - 2014-06-19 18:54 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-14 05:49 - 2014-05-14 05:49 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2014 09:30:28 PM) (Source: MsiInstaller) (EventID: 1024) (User: Alex-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (03/05/2014 03:24:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa
Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001560c7
ID des fehlerhaften Prozesses: 0xf18
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (02/16/2014 11:15:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm plugin-container.exe, Version 27.0.1.5156 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17dc
Startzeit: 01cf2af008bd8e25
Endzeit: 73
Anwendungspfad: C:\Program Files\Mozilla Firefox\plugin-container.exe
Berichts-ID:
Error: (02/02/2014 03:31:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: Alex-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011006}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/28/2013 10:08:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2558831264-4044699663-2225051731-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {7403db50-470c-4ae8-a986-159eb11d34df}
Error: (12/28/2013 09:49:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Alex-PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (12/28/2013 09:49:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Alex-PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error: (12/28/2013 09:49:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Alex-PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (12/28/2013 09:49:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
for C:\Users\Alex\ntuser.dat
Error: (12/27/2013 10:25:32 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3032) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
System errors:
=============
Error: (06/20/2014 07:24:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/20/2014 07:24:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/20/2014 07:24:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/20/2014 07:24:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/20/2014 07:24:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/20/2014 06:32:09 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (06/20/2014 05:36:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/20/2014 05:16:28 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (06/19/2014 10:42:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/19/2014 06:30:53 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Microsoft Office Sessions:
=========================
Error: (05/15/2014 09:30:28 PM) (Source: MsiInstaller) (EventID: 1024) (User: Alex-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (03/05/2014 03:24:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe27.0.1.515652fc0faaxul.dll27.0.1.515652fc0f79c0000005001560c7f1801cf3862e9eccec3C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll70f4d634-a469-11e3-8c2e-2c768ad29234
Error: (02/16/2014 11:15:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: plugin-container.exe27.0.1.515617dc01cf2af008bd8e2573C:\Program Files\Mozilla Firefox\plugin-container.exe
Error: (02/02/2014 03:31:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: Alex-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)
Error: (12/28/2013 10:08:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2558831264-4044699663-2225051731-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {7403db50-470c-4ae8-a986-159eb11d34df}
Error: (12/28/2013 09:49:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Alex-PC)
Description:
Error: (12/28/2013 09:49:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Alex-PC)
Description:
Error: (12/28/2013 09:49:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Alex-PC)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (12/28/2013 09:49:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\Alex\ntuser.dat
Error: (12/27/2013 10:25:32 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3032WindowsMail0:
==================== Memory info ===========================
Percentage of memory in use: 73%
Total physical RAM: 1642.91 MB
Available physical RAM: 438.57 MB
Total Pagefile: 3285.81 MB
Available Pagefile: 1772.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.56 GB) (Free:70.11 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:197.84 GB) NTFS
Drive e: (09 Mrz 2014) (CDROM) (Total:4.38 GB) (Free:4.38 GB) UDF
Drive f: () (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0EFD49B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================ |