Sorry ich war zu schnell mit dem Text, hier die Log-Analyse Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-31 19:26:11
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0002SDM1 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Petra\AppData\Local\Temp\kwloapob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FC21610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8FF695FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8FC220E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FC2DF18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FC2DF64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FC2E0FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FC2DE86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8FF69992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FC2DECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8FC225E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8FC22800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FC2E0B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8FC22E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FC21676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8FC26596]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8FF696C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8FF67C12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FC216DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FC2698C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FC2392C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FC2DF42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FC2DF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FC2E122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FC2DEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8FC25E78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FC2E036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FC2DEF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8FC2626E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FC2E0DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8FF69822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FC237F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8FC23506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FC21742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FC217A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8FC22D16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FC212F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FC214CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FC2145C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8FC23066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8FC231C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FC21556]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8FF698EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8FC22CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8FF67C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FC2180E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8FF6976E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FF82E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C88A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC21F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CC9220 4 Bytes [10, 16, C2, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CC9248 4 Bytes [FA, 95, F6, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CC92A8 4 Bytes [E6, 20, C2, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CC92FC 8 Bytes [18, DF, C2, 8F, 64, DF, C2, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CC9308 4 Bytes [FE, E0, C2, 8F]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E56D3D 5 Bytes JMP 8FF7FC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E6F380 5 Bytes JMP 8FF817CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E844DF 4 Bytes CALL 8FC23FEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E9E333 4 Bytes CALL 8FC24005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F28224 7 Bytes JMP 8FF82E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91408000, 0x2D5378, 0xE8000020]
.text sechost.dll!SetServiceObjectSecurity 766D5181 5 Bytes [E9, 8E, BE, B1, 89] {JMP 0x89b1be93}
.text sechost.dll!ChangeServiceConfigA 766D5254 5 Bytes [E9, AB, B5, B1, 89] {JMP 0x89b1b5b0}
.text sechost.dll!ChangeServiceConfigW 766D53D5 5 Bytes [E9, 2E, B6, B1, 89] {JMP 0x89b1b633}
.text sechost.dll!ChangeServiceConfig2A 766D54C2 5 Bytes [E9, 45, B7, B1, 89] {JMP 0x89b1b74a}
.text sechost.dll!ChangeServiceConfig2W 766D55E2 5 Bytes [E9, 29, B8, B1, 89] {JMP 0x89b1b82e}
.text sechost.dll!CreateServiceA 766D567C 5 Bytes [E9, 77, AB, B1, 89] {JMP 0x89b1ab7c}
.text sechost.dll!CreateServiceW 766D589F 5 Bytes [E9, 58, AB, B1, 89] {JMP 0x89b1ab5d}
.text sechost.dll!DeleteService 766D5A22 5 Bytes [E9, D9, AB, B1, 89] {JMP 0x89b1abde}
.text user32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes [E9, 0A, 5C, DA, 89] {JMP 0x89da5c0f}
.text user32.dll!UnhookWinEvent 7645B750 5 Bytes [E9, A7, 4C, DA, 89] {JMP 0x89da4cac}
.text user32.dll!SetWindowsHookExW 7645E30C 5 Bytes [E9, F3, 24, DA, 89] {JMP 0x89da24f8}
.text user32.dll!SetWinEventHook 764624DC 5 Bytes [E9, 17, DD, D9, 89] {JMP 0x89d9dd1c}
.text user32.dll!SetWindowsHookExA 76486D0C 5 Bytes [E9, EF, 98, D7, 89] {JMP 0x89d798f4}
.text kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[408] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[480] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[528] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text ...
.text C:\Windows\system32\SearchIndexer.exe[1252] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001203FC
.text C:\Windows\system32\SearchIndexer.exe[1252] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001201F8
.text C:\Windows\system32\SearchIndexer.exe[1252] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[1252] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[1252] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[1252] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[1252] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[1252] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\WUDFHost.exe[1332] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1644] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text ...
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[2072] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000E03FC
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[2072] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000E01F8
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[2072] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[2072] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00100A08
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[2072] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 001003FC
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[2072] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00100804
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[2072] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 001001F8
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[2072] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00100600
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2268] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2268] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2268] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2268] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00080A08
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2268] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 000803FC
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2268] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00080804
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2268] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 000801F8
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2268] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2344] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[2344] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[2344] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2344] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00110A08
.text C:\Windows\system32\svchost.exe[2344] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 001103FC
.text C:\Windows\system32\svchost.exe[2344] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00110804
.text C:\Windows\system32\svchost.exe[2344] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 001101F8
.text C:\Windows\system32\svchost.exe[2344] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[2372] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[2372] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[2372] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00150A08
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[2388] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2388] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[2388] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[2388] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[2388] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[2388] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\wbem\wmiprvse.exe[2636] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2636] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2636] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2636] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2636] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2636] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\wbem\wmiprvse.exe[2636] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2636] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[2792] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2792] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2792] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2792] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\svchost.exe[2792] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2792] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00090804
.text C:\Windows\system32\svchost.exe[2792] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[2792] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00090600
.text C:\Windows\system32\AUDIODG.EXE[2828] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2988] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[2988] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[2988] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2988] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[2988] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[2988] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[2988] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[2988] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00100600
.text D:\Download\gmer_2.1.19163.exe[3352] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001E03FC
.text D:\Download\gmer_2.1.19163.exe[3352] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001E01F8
.text D:\Download\gmer_2.1.19163.exe[3352] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text D:\Download\gmer_2.1.19163.exe[3352] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00200A08
.text D:\Download\gmer_2.1.19163.exe[3352] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 002003FC
.text D:\Download\gmer_2.1.19163.exe[3352] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00200804
.text D:\Download\gmer_2.1.19163.exe[3352] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 002001F8
.text D:\Download\gmer_2.1.19163.exe[3352] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\taskhost.exe[3400] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000D03FC
.text C:\Windows\system32\taskhost.exe[3400] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000D01F8
.text C:\Windows\system32\taskhost.exe[3400] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3400] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00120A08
.text C:\Windows\system32\taskhost.exe[3400] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskhost.exe[3400] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00120804
.text C:\Windows\system32\taskhost.exe[3400] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 001201F8
.text C:\Windows\system32\taskhost.exe[3400] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00120600
.text C:\Windows\system32\taskeng.exe[3412] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskeng.exe[3412] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskeng.exe[3412] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3412] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[3412] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[3412] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[3412] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[3412] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\Dwm.exe[3536] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\Dwm.exe[3536] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\Dwm.exe[3536] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3536] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[3536] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[3536] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[3536] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[3536] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe[3568] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe[3568] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe[3568] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe[3568] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe[3568] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 002F03FC
.text C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe[3568] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 002F0804
.text C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe[3568] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe[3568] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 002F0600
.text C:\Windows\Explorer.EXE[3612] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000E03FC
.text C:\Windows\Explorer.EXE[3612] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000E01F8
.text C:\Windows\Explorer.EXE[3612] KERNEL32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[3612] USER32.dll!UnhookWindowsHookEx 7645ADF9 5 Bytes JMP 00100A08
.text C:\Windows\Explorer.EXE[3612] USER32.dll!UnhookWinEvent 7645B750 5 Bytes JMP 001003FC
.text C:\Windows\Explorer.EXE[3612] USER32.dll!SetWindowsHookExW 7645E30C 5 Bytes JMP 00100804
.text C:\Windows\Explorer.EXE[3612] USER32.dll!SetWinEventHook 764624DC 5 Bytes JMP 001001F8
.text C:\Windows\Explorer.EXE[3612] USER32.dll!SetWindowsHookExA 76486D0C 5 Bytes JMP 00100600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3784] kernel32.dll!GetBinaryTypeW + 70 75FB69F4 1 Byte [62]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 2.1 ----
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2013 04
Ran by Petra (administrator) on PETRA-PC on 31-08-2013 18:40:54
Running from D:\Download
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960194
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960194
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960194
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960194
URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960194
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960195
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960195
SearchScopes: HKCU - DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bigseekpro.com/search/browser/facesmooch3/{D89FFC0D-63FB-4E65-B0D2-32A02258216E}?q={searchTerms}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960195
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bigseekpro.com/search/browser/facesmooch3/{D89FFC0D-63FB-4E65-B0D2-32A02258216E}?q={searchTerms}
SearchScopes: HKCU - {BE136C9D-E064-4A48-8503-95C00D03F15A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYAR&apn_uid=27b9839f-ca59-425e-b799-68d31d8a47c2&apn_sauid=F846AF37-49E5-4EFA-8C79-92E20748C7C9
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll No File
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll No File
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.73.91.35 204.152.180.76 87.118.100.175
FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\g06se1p3.default
FF user.js: detected! => C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\g06se1p3.default\user.js
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960194
FF SearchEngineOrder.1: qvo6
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "backup.ftp", "10.99.1.44"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "10.99.1.44"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "10.99.1.44"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "10.99.1.44"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "10.99.1.44"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "10.99.1.44"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_version", 0
FF NetworkProxy: "ssl", "10.99.1.44"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Petra\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\g06se1p3.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\g06se1p3.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\g06se1p3.default\Extensions\nostmp
FF Extension: No Name - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\g06se1p3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST9320423AS_5VH5HZFYXXXX5VH5HZFY&ts=1377960194
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-06-06] (Freemake)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Corporation)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [73928 2007-05-08] (SlySoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [15440 2007-02-28] (Elaborate Bytes AG)
S3 EverestDriver; C:\Program Files\Everest\kerneld.wnt [20856 2006-12-14] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-31 18:35 - 2013-08-31 18:35 - 00000000 _____ C:\Users\Petra\defogger_reenable
2013-08-31 15:23 - 2013-08-31 15:23 - 00000056 _____ C:\Windows\setupact.log
2013-08-31 15:23 - 2013-08-31 15:23 - 00000000 _____ C:\Windows\setuperr.log
2013-08-31 14:35 - 2013-08-31 14:35 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-08-31 11:44 - 2013-08-31 11:44 - 00000053 _____ C:\Users\Petra\AppData\Roaming\WB.CFG
2013-08-31 10:43 - 2013-08-31 12:36 - 00000000 ____D C:\ProgramData\eSafe
2013-08-31 10:43 - 2013-08-31 10:43 - 00000000 ____D C:\Users\Petra\AppData\Roaming\SimilarSites
2013-08-31 10:43 - 2013-08-31 10:43 - 00000000 ____D C:\Users\Petra\AppData\Local\Google
2013-08-31 10:42 - 2013-08-31 11:44 - 00000286 _____ C:\Windows\Tasks\DSite.job
2013-08-31 10:42 - 2013-08-31 10:42 - 00000000 ____D C:\Users\Petra\AppData\Roaming\DSite
2013-08-16 21:39 - 2013-08-16 21:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-09 10:25 - 2013-08-09 10:25 - 00000000 ____D C:\ProgramData\APN
2013-08-09 10:23 - 2013-08-09 10:23 - 00000000 ____D C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2013-08-09 10:23 - 2013-06-06 16:41 - 00489392 _____ (Ask Partner Network) C:\Users\Petra\Documents\APNSetup.exe
2013-08-08 18:54 - 2013-08-08 19:17 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2013-08-31 18:40 - 2013-08-31 18:40 - 00000000 ____D C:\FRST
2013-08-31 18:35 - 2013-08-31 18:35 - 00000000 _____ C:\Users\Petra\defogger_reenable
2013-08-31 18:35 - 2011-02-27 16:42 - 00000000 ____D C:\Users\Petra
2013-08-31 18:15 - 2012-05-11 07:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-31 18:13 - 2011-02-27 12:37 - 01059838 _____ C:\Windows\WindowsUpdate.log
2013-08-31 15:31 - 2009-07-14 00:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-31 15:31 - 2009-07-14 00:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-31 15:29 - 2011-02-27 16:51 - 01689236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 15:25 - 2013-04-16 20:45 - 00000328 _____ C:\Windows\Tasks\dsmonitor.job
2013-08-31 15:24 - 2012-07-14 21:45 - 00000264 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-31 15:24 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-31 15:23 - 2013-08-31 15:23 - 00000056 _____ C:\Windows\setupact.log
2013-08-31 15:23 - 2013-08-31 15:23 - 00000000 _____ C:\Windows\setuperr.log
2013-08-31 14:35 - 2013-08-31 14:35 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-08-31 12:36 - 2013-08-31 10:43 - 00000000 ____D C:\ProgramData\eSafe
2013-08-31 11:44 - 2013-08-31 11:44 - 00000053 _____ C:\Users\Petra\AppData\Roaming\WB.CFG
2013-08-31 11:44 - 2013-08-31 10:42 - 00000286 _____ C:\Windows\Tasks\DSite.job
2013-08-31 11:01 - 2011-02-28 11:03 - 00043104 _____ C:\Windows\PFRO.log
2013-08-31 10:43 - 2013-08-31 10:43 - 00000000 ____D C:\Users\Petra\AppData\Roaming\SimilarSites
2013-08-31 10:43 - 2013-08-31 10:43 - 00000000 ____D C:\Users\Petra\AppData\Local\Google
2013-08-31 10:43 - 2011-02-27 16:42 - 00001700 _____ C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-31 10:42 - 2013-08-31 10:42 - 00000000 ____D C:\Users\Petra\AppData\Roaming\DSite
2013-08-30 21:51 - 2011-03-01 08:20 - 00000000 ____D C:\Users\Petra\AppData\Roaming\Skype
2013-08-30 20:32 - 2011-04-10 15:23 - 00000000 ____D C:\Users\Petra\Documents\ProSaldo
2013-08-25 22:18 - 2012-05-03 21:51 - 00000000 ____D C:\Users\Petra\AppData\Roaming\uTorrent
2013-08-17 17:56 - 2012-04-26 06:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-16 21:40 - 2013-08-16 21:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-09 21:22 - 2011-04-01 07:08 - 00000000 ____D C:\Users\Petra\AppData\Roaming\vlc
2013-08-09 10:25 - 2013-08-09 10:25 - 00000000 ____D C:\ProgramData\APN
2013-08-09 10:23 - 2013-08-09 10:23 - 00000000 ____D C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2013-08-08 19:17 - 2013-08-08 18:54 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
Files to move or delete:
====================
C:\Users\Petra\AppData\Local\Temp\ose00000.exe
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\CbsProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\CompatProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\DismCore.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\DismCorePS.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\DismHost.exe
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\DismProv.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\DmiProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\FolderProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\IntlProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\LogProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\MsiProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\OSProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\SmiProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\TransmogProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\UnattendProvider.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\wdscore.dll
C:\Users\Petra\AppData\Local\Temp\FE50D6BA-6F37-49B4-9B53-BD1F928A2511\WimProvider.dll
C:\Users\Petra\AppData\Local\Temp\eIntaller\22CC02BFD68D45228B6A99267B92633B\eGdpSvc.exe
C:\Users\Petra\AppData\Local\Temp\eIntaller\22CC02BFD68D45228B6A99267B92633B\eXQ.exe
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\CbsProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\CompatProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\DismCore.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\DismCorePS.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\DismHost.exe
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\DismProv.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\DmiProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\FolderProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\IntlProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\LogProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\MsiProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\OSProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\SmiProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\TransmogProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\UnattendProvider.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\wdscore.dll
C:\Users\Petra\AppData\Local\Temp\CBDD0C74-8899-42BA-ABF5-2DB66A3CC847\WimProvider.dll
C:\Users\Petra\AppData\Local\Temp\719679.Uninstall\uninstaller.exe
C:\Users\Petra\AppData\Local\Temp\683019.Uninstall\uninstaller.exe
C:\Users\Petra\AppData\Local\Temp\3527666.Uninstall\uninstaller.exe
C:\Users\Petra\AppData\Local\Temp\10724210.Uninstall\uninstaller.exe
C:\Users\Petra\AppData\Local\Temp\10380415.Uninstall\uninstaller.exe
C:\Users\Petra\AppData\Local\Temp\10360712.Uninstall\uninstaller.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 06:38
==================== End Of Log ============================
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2013 04
Ran by Petra at 2013-08-31 18:41:40
Running from D:\Download
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
µTorrent (Version: 3.3.0.29544)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
AnyDVD
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1489.0)
CDBurnerXP (Version: 4.5.1.3868)
Cisco EAP-FAST Module (Version: 2.0.26)
Cisco LEAP Module (Version: 1.0.11)
Cisco PEAP Module (Version: 1.0.12)
Conduit Engine (Version: )
DivX-Setup (Version: 2.6.1.41)
DriverScanner (Version: 4.0.10.0)
FormatFactory 3.1.1 (Version: 3.1.1)
Free YouTube Download version 3.2.4.622 (Version: 3.2.4.622)
Freemake Video Converter Version 3.1.1 (Version: 3.1.1)
Gigaflat
GIMP 2.6.11 (Version: 2.6.11)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Lame ACM MP3 Codec
Malwarebytes Anti-Malware Version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (Version: 14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office ScreenTip Language 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
Opera 12.16 (Version: 12.16.1860)
Polipo 1.0.4.1
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
REALTEK Wireless LAN Driver (Version: 1.00.0117)
RealUpgrade 1.1 (Version: 1.1.0)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.6 (Version: 6.6.106)
TeamSpeak 3 Client
Tor 0.2.1.30
Um die Welt in 80 Tagen 1.0
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Vidalia 0.2.10
VLC media player 2.0.7 (Version: 2.0.7)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
Wise Registry Cleaner 5.9.1 (Version: 5.9.1)
x264vfw - H.264/MPEG-4 AVC codec (remove only)
Xvid Video Codec (Version: 1.3.2)
==================== Restore Points =========================
31-08-2013 15:16:11 Die Service Pack-Sicherungsdateien wurden entfernt.
==================== Hosts content: ==========================
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAF2345-4BE1-431F-9198-AD518AB26638} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1868493620-193578892-1275578510-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {46B04325-E480-4C5A-9523-D0A0C4BA1174} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {4AC9C856-D8FD-402B-9FC7-8B2E64D90CCB} - System32\Tasks\{519F7A9E-CD31-4360-BBB3-3F7D6CD133D4} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {828E4E8E-8D87-4CC2-BEEF-7504F9D50DC1} - System32\Tasks\dsmonitor => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {833E6ACA-12D5-4CB1-A643-4E3F4AB68720} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {8FC15F55-9E22-4D07-92C3-FC665D769748} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {BDAEE442-AB3F-446D-BD38-486AF0EF5358} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-14] (Adobe Systems Incorporated)
Task: {EA989D7A-BA8B-409E-9258-9DEA7328CAF8} - System32\Tasks\DSite => C:\Users\Petra\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {EE51FFF4-4045-4261-8BBC-62B488BB01A5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1868493620-193578892-1275578510-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Petra\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
==================== Loaded Modules (whitelisted) =============
2013-05-30 06:55 - 2013-05-09 04:58 - 00246592 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\snxhk.dll
2009-07-13 20:09 - 2009-07-13 21:14 - 00220672 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2009-07-13 19:29 - 2009-07-13 21:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2009-08-18 01:31 - 2009-08-18 01:31 - 02469888 _____ (ATI Technologies Inc. ) C:\Windows\system32\atidxx32.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00121968 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashShell.dll
2010-01-21 17:51 - 2010-01-21 17:51 - 04222864 _____ (Microsoft Corporation) C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
2013-04-16 17:48 - 2013-04-16 17:48 - 00159048 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
2009-07-13 19:53 - 2009-07-13 21:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\dtsh.dll
2009-07-13 19:53 - 2009-07-13 21:15 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2009-07-13 19:22 - 2009-07-13 21:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll
2009-07-13 19:22 - 2009-07-13 21:15 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll
2009-07-13 19:53 - 2009-07-13 21:15 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\fdwcn.dll
2009-07-13 19:53 - 2009-07-13 21:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\wcnapi.dll
2009-07-13 19:22 - 2009-07-13 21:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\fdWNet.dll
2009-07-13 19:37 - 2009-07-13 21:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\dfscli.dll
2012-08-16 06:52 - 2012-07-04 17:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2011-04-05 14:42 - 2010-11-20 08:19 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2009-07-13 19:44 - 2009-07-13 21:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2009-07-13 19:53 - 2009-07-13 21:16 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\NetworkItemFactory.dll
2011-02-27 19:12 - 2012-06-09 19:20 - 00167936 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2013-06-17 13:31 - 2013-06-17 13:31 - 00076288 _____ (Free Time) C:\Program Files\FreeTime\FormatFactory\ShellEx_103.dll
2012-11-05 13:20 - 2012-11-05 13:20 - 00535008 _____ (Microsoft Corporation) C:\Program Files\FreeTime\FormatFactory\MSVCP110.dll
2012-11-05 13:20 - 2012-11-05 13:20 - 00875472 _____ (Microsoft Corporation) C:\Program Files\FreeTime\FormatFactory\MSVCR110.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00038032 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswUtil.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00943408 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashBase.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00051952 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00116848 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00206440 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00380528 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00156512 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashTask.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00682824 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswAux.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00073064 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\avastIP.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00260536 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswProperty.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00149272 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\AavmRpch.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00226552 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswLog.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00476800 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswSqLt.dll
2013-04-16 17:48 - 2013-04-16 17:48 - 03781960 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
2013-04-16 17:49 - 2013-04-16 17:49 - 00063312 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL
2013-05-30 06:55 - 2013-05-09 04:58 - 00065848 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\1031\Base.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 02105248 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswAra.dll
2013-05-30 06:55 - 2013-04-02 10:14 - 00265216 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Program Files\AVAST Software\Avast\SSLEAY32.dll
2013-05-30 06:55 - 2013-04-02 10:14 - 01169408 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Program Files\AVAST Software\Avast\LIBEAY32.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00206976 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswData.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00062752 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00902720 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\Aavm4h.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00277528 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\1031\UILangRes.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 06449776 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\CommonRes.dll
2013-08-31 15:03 - 2013-08-19 09:26 - 00042688 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\defs\13083101\uiExt.dll
2011-04-05 14:41 - 2010-11-20 08:19 - 01853440 _____ (Microsoft Corporation) C:\Program Files\Windows Photo Viewer\ImagingEngine.dll
2009-08-18 01:20 - 2009-08-18 01:20 - 03105280 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdag.dll
2009-08-18 01:05 - 2009-08-18 01:05 - 02868736 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdva.dll
2011-04-05 14:42 - 2010-11-20 08:21 - 00428544 _____ (Microsoft Corporation) C:\Windows\System32\shwebsvc.dll
2013-08-16 21:40 - 2013-08-16 21:40 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00134888 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00380528 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswCmnBS.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00116848 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswCmnOS.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00206440 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswCmnIS.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00902720 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\Aavm4h.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00149272 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\AavmRpch.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00943408 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\ashBase.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00051952 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswEngLdr.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00156512 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\ashTask.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00682824 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswAux.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00260536 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\aswProperty.dll
2013-05-30 06:55 - 2013-05-09 04:58 - 00073064 _____ (AVAST Software) C:\PROGRA~1\AVASTS~1\Avast\avastIP.dll
2011-04-05 14:42 - 2010-11-20 08:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2013-07-14 14:59 - 2013-07-14 14:59 - 16166280 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/31/2013 11:16:10 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {397cf053-886b-48d9-9911-07fc31dda051}
Error: (08/31/2013 10:53:03 AM) (Source: MsiInstaller) (User: Petra-PC)
Description: Produkt: Ask Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (08/30/2013 10:01:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc252
Name des fehlerhaften Moduls: xul.dll, Version: 23.0.1.4974, Zeitstempel: 0x520bc166
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017af08
ID des fehlerhaften Prozesses: 0x1060
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (08/24/2013 09:18:48 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/23/2013 07:03:42 AM) (Source: ESENT) (User: )
Description: taskhost (2128) Versuch, Datei "C:\Users\Petra\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (08/16/2013 08:20:39 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/11/2013 04:13:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 23.0.0.4959, Zeitstempel: 0x51f84049
Name des fehlerhaften Moduls: xul.dll, Version: 23.0.0.4959, Zeitstempel: 0x51f83f58
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015b268
ID des fehlerhaften Prozesses: 0xb50
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (08/09/2013 06:51:40 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/05/2013 03:36:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0xe10
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (08/03/2013 10:09:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0xae0
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
System errors:
=============
Error: (08/31/2013 03:24:43 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (08/31/2013 03:23:54 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (08/31/2013 03:23:54 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (08/31/2013 11:03:22 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (08/31/2013 11:03:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error: (08/31/2013 11:01:50 AM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (08/31/2013 11:01:50 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (08/31/2013 10:56:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update WebConnect" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/31/2013 10:43:43 AM) (Source: DCOM) (User: )
Description: {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}
Error: (08/31/2013 08:02:10 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Microsoft Office Sessions:
=========================
Error: (08/31/2013 11:16:10 AM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {397cf053-886b-48d9-9911-07fc31dda051}
Error: (08/31/2013 10:53:03 AM) (Source: MsiInstaller)(User: Petra-PC)
Description: Produkt: Ask Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/30/2013 10:01:27 PM) (Source: Application Error)(User: )
Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af08106001cea5ec991b89ccC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll3e3f6c4e-11e1-11e3-aedd-406186113f09
Error: (08/24/2013 09:18:48 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/23/2013 07:03:42 AM) (Source: ESENT)(User: )
Description: taskhost2128C:\Users\Petra\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (08/16/2013 08:20:39 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/11/2013 04:13:18 PM) (Source: Application Error)(User: )
Description: firefox.exe23.0.0.495951f84049xul.dll23.0.0.495951f83f58c00000050015b268b5001ce9690465ce9b4C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll75ccc903-02c2-11e3-8061-406186113f09
Error: (08/09/2013 06:51:40 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/05/2013 03:36:48 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668e1001ce91d9c2608190C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll5df55339-fe06-11e2-9436-406186113f09
Error: (08/03/2013 10:09:42 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668ae001ce9087c07fdc34C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dllec27414a-fcaa-11e2-9436-406186113f09
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 3071.16 MB
Available physical RAM: 1986.09 MB
Total Pagefile: 6140.61 MB
Available Pagefile: 4914.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.42 MB
==================== Drives ================================
Drive c: (Windows 7) (Fixed) (Total:39.35 GB) (Free:17.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:258.74 GB) (Free:134.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0001C3AB)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=259 GB) - (Type=05)
==================== End Of Log ============================
|
