Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts

Johann225

Hallo werte Forumsteilnehmer,

hatte letzte Woche einen gehackten Mail-Account (arcor) in meinem Mailprogramm (thunderbird - läuft mit windows 7 / upgrade von vista).
Arcor hatte mich dann gesperrt wegen Spammail-Versand von meinem Account.
Hab meinen Account telefonisch zurück bekommen, hab aber nun auch auf den anderen Mailadressen bei gmx und t-online Probleme:
bei gmx einen geänderten Postausgangsserver, zeitweise Sperre von t-online etc.
Außerdem treten "spontane Fenster" beim Versand auf, die zur "Passworteingabe" auffordern.

Was habe ich unternommen:
a) ein Bekannter hat thunderbird und firefox auf "Add-ons" überprüft, einige neue entfernt, die ich gar nicht installiert hatte und mir nun geraten, den Rechner platt zu machen.
b) Kaspersky-Komplett-Scan hat nichts gefunden
c) habe die Scans mit Defogger, Frst und GMER gemacht.
Die logs füge ich hier an
d) ich traue mich nicht, nun ein "thundersave" auszuführen, würde wohl nach dem Neuaufsetzen des Rechners dann die Probleme zurück bringen, oder?

Kann mir jemand bitte behilflich sein?
Wäre super...

Gruß Johann225

Hier die logs:

defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:05 on 12/11/2014 (fsc)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by fsc (administrator) on FSC-PC on 12-11-2014 14:07:02
Running from C:\Users\fsc\Desktop
Loaded Profile: fsc (Available profiles: fsc)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(T-Com) C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2012-02-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-980341799-358424455-1386240906-1000\...\MountPoints2: {4fbdfae8-8c6d-11e1-8a57-0022fbbdc47a} - H:\LaunchU3.exe -a
HKU\S-1-5-21-980341799-358424455-1386240906-1000\...\MountPoints2: {55a9f67e-9451-11e2-aab6-0024be38eaf4} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
Startup: C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0EB53CFC72E5CC01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default
FF Homepage: hxxp://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Adblock Plus - C:\Users\fsc\AppData\Roaming\Mozilla\Firefox\Profiles\sctb0r2r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-07]
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-12-20]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-12-20]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-09] (Kaspersky Lab ZAO)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [133664 2012-02-10] (Realtek Semiconductor)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-01-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2014-01-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-01-09] (Kaspersky Lab ZAO)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-10-22] (Realtek Semiconductor Corp.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:07 - 2014-11-12 14:07 - 00012786 _____ () C:\Users\fsc\Desktop\FRST.txt
2014-11-12 14:06 - 2014-11-12 14:07 - 00000000 ____D () C:\FRST
2014-11-12 14:05 - 2014-11-12 14:06 - 00000468 _____ () C:\Users\fsc\Desktop\defogger_disable.log
2014-11-12 14:05 - 2014-11-12 14:05 - 00000000 _____ () C:\Users\fsc\defogger_reenable
2014-11-12 13:58 - 2014-11-12 13:58 - 00380416 _____ () C:\Users\fsc\Desktop\Gmer-19357.exe
2014-11-12 13:50 - 2014-11-12 13:50 - 01107968 _____ (Farbar) C:\Users\fsc\Desktop\FRST.exe
2014-11-12 13:47 - 2014-11-12 13:47 - 00050477 _____ () C:\Users\fsc\Desktop\Defogger.exe
2014-11-07 21:57 - 2014-11-07 21:57 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-07 21:45 - 2014-11-07 21:46 - 24743106 _____ () C:\Users\fsc\Downloads\vlc-2.1.5-win32.exe
2014-11-07 21:02 - 2014-11-07 21:04 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-10-31 18:53 - 2014-10-31 18:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-10-31 18:52 - 2014-10-31 18:52 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-10-31 18:51 - 2014-11-07 21:36 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\Documents\samsung
2014-10-31 18:51 - 2014-10-31 18:51 - 00000000 ____D () C:\Users\fsc\AppData\Local\Samsung
2014-10-31 18:28 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-10-31 18:28 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-10-31 18:27 - 2014-04-30 19:47 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-31 18:22 - 2014-11-07 21:36 - 00000000 ____D () C:\Program Files\Samsung
2014-10-31 18:03 - 2014-10-31 18:03 - 00000000 ____D () C:\Users\fsc\AppData\Local\Downloaded Installations
2014-10-31 17:37 - 2014-10-31 17:38 - 75714480 _____ (Samsung Electronics Co., Ltd.) C:\Users\fsc\Downloads\KiesSetup.exe
2014-10-16 15:11 - 2014-10-16 15:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-14 16:32 - 2014-10-14 16:32 - 00128207 ____H () C:\Users\fsc\Desktop\~WRL2695.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:05 - 2012-02-07 01:53 - 00000000 ____D () C:\Users\fsc
2014-11-12 14:03 - 2014-09-04 10:36 - 00000000 ___RD () C:\Users\fsc\Dropbox
2014-11-12 14:03 - 2012-02-07 01:47 - 01258922 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 13:59 - 2014-01-22 13:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 13:52 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 13:52 - 2009-07-14 05:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 13:39 - 2012-02-07 01:55 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 13:19 - 2014-01-09 20:15 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-12 13:11 - 2012-05-14 07:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 15:59 - 2014-01-22 13:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 14:15 - 2014-09-04 10:27 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Dropbox
2014-11-11 14:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 14:12 - 2009-07-14 05:39 - 00329392 _____ () C:\Windows\setupact.log
2014-11-07 21:57 - 2012-03-20 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-07 21:41 - 2012-02-07 08:41 - 00016318 _____ () C:\Windows\PFRO.log
2014-11-07 21:26 - 2012-05-14 07:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-07 21:26 - 2012-02-13 13:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-07 21:22 - 2012-02-09 18:46 - 00000000 ____D () C:\Users\fsc\AppData\Local\Adobe
2014-11-07 21:09 - 2013-12-20 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 21:05 - 2012-02-07 09:56 - 00000000 ____D () C:\Users\fsc\AppData\Local\Thunderbird
2014-11-07 21:04 - 2012-06-22 07:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-31 18:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-31 18:27 - 2012-02-10 00:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-18 19:17 - 2014-03-28 15:35 - 08601600 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
2014-10-16 15:16 - 2012-02-08 14:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-16 15:13 - 2012-03-04 21:45 - 00000000 ____D () C:\Users\fsc\AppData\Roaming\Skype
2014-10-16 15:11 - 2012-02-08 14:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-16 15:10 - 2012-02-08 14:17 - 00000000 ____D () C:\Program Files\Adobe

Some content of TEMP:
====================
C:\Users\fsc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyy3gcw.dll
C:\Users\fsc\AppData\Local\Temp\exp5E73.tmp.exe
C:\Users\fsc\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 11:53

==================== End Of Log ============================


Addition:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014
Ran by fsc at 2014-11-12 14:07:32
Running from C:\Users\fsc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BibelCarD (HKLM\...\BibelCarD) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Eumex 800 V1.30 (HKLM\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (Version: 1.30.0000 - T-Home) Hidden
FOTOParadies (HKLM\...\{8E47D8C1-8F4D-4356-9B2B-1A202956B778}}_is1) (Version: 3.5.0.1 - Foto Online Service GmbH)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PhotoRescue Pro (HKLM\...\{5260B91C-28E1-4fe9-B2EE-BE1B6C82621A}_is1) (Version: 6.9 - Essential Data Tools)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Skype™ 5.8 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.156 - Skype Technologies S.A.)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-980341799-358424455-1386240906-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fsc\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-11-2014 20:33:24 Removed Samsung Kies

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D19EE30-0F02-4C1F-8086-9E0142F6EBEF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {25F4BE48-FD5A-4462-89EC-56DCE66BDD83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {4A07C489-E702-4E22-AE64-1F8CEF4D0F04} - System32\Tasks\{768A6CB9-F96E-4159-B0C7-FC9A6D871AF5} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {55F383D5-DED7-4256-9E06-6804945B8D58} - System32\Tasks\{F32DFB14-5636-4EA4-A95C-E2BFABF3ACF6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603
Task: {C5BA4815-87F4-40A9-86FE-F40591AB337C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {C7128B80-7B08-4442-BC81-0E4B2D0CC942} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-07] (Adobe Systems Incorporated)
Task: {CB9A6B64-558D-4CA9-9123-F8B57E14BB82} - System32\Tasks\{E1C01AB0-A45E-44E2-9F5F-F1A5ED1A6F98} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2003-08-29 10:24 - 2003-08-29 10:24 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
2012-02-14 10:24 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-980341799-358424455-1386240906-500 - Administrator - Disabled)
fsc (S-1-5-21-980341799-358424455-1386240906-1000 - Administrator - Enabled) => C:\Users\fsc
Gast (S-1-5-21-980341799-358424455-1386240906-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-980341799-358424455-1386240906-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 00:32:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/08/2014 00:30:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/01/2014 01:13:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/01/2014 01:11:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/31/2014 06:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1821, Zeitstempel: 0x539bcf9c
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965, Zeitstempel: 0x506dbd3f
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c6e3
ID des fehlerhaften Prozesses: 0x11d8
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3

Error: (10/31/2014 06:53:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.Windows.Input.InputManager..ctor()
at System.Windows.Input.InputManager.GetCurrentInputManagerImpl()
at System.Windows.Input.KeyboardNavigation..ctor()
at System.Windows.FrameworkElement+FrameworkServices..ctor()
at System.Windows.FrameworkElement.EnsureFrameworkServices()
at System.Windows.FrameworkElement..ctor()
at System.Windows.Controls.Control..ctor()
at System.Windows.Window..ctor()
at Kies.UI.Dialogs.KiesMessageBox..ctor()
at Kies.UI.Dialogs.KiesMessageBox.Show(System.Windows.Window, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions, System.String, Boolean)
at Kies.UI.Dialogs.KiesMessageBox.Show(System.String, System.String, System.Windows.MessageBoxButton)
at Kies.Common.Util.WebDownloader.SetDownloadType(Kies.Common.Util.UpdateTypeEnum)
at Kies.Common.Util.WebDownloader.StartDownloadFiles(Kies.Common.Util.UpdateTypeEnum)
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.DownloadExtractNMoveFile()
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.CheckNDownloadDriverFile()
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.DoNextOperation(System.Object)
at System.Threading._TimerCallback.TimerCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading._TimerCallback.PerformTimerCallback(System.Object)

Error: (10/31/2014 05:45:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm KiesSetup.exe, Version 2.6.3.14044 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1588

Startzeit: 01cff5297185a95d

Endzeit: 60000

Anwendungspfad: C:\Users\fsc\Downloads\KiesSetup.exe

Berichts-ID: 253062fe-611d-11e4-ba65-002433e8a72c

Error: (10/31/2014 05:44:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm KiesSetup.exe, Version 2.6.3.14044 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 49c

Startzeit: 01cff52942a4e74d

Endzeit: 0

Anwendungspfad: C:\Users\fsc\Downloads\KiesSetup.exe

Berichts-ID: d3e5027a-611c-11e4-ba65-002433e8a72c

Error: (10/28/2014 09:33:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/28/2014 09:33:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 07:09:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (11/11/2014 02:12:08 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (11/08/2014 00:32:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (11/08/2014 00:30:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe

Error: (11/01/2014 01:13:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (11/01/2014 01:11:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe

Error: (10/31/2014 06:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Kies.exe1.0.0.1821539bcf9cKERNELBASE.dll6.1.7601.17965506dbd3fe04343520000c6e311d801cff53341a86e3dC:\Program Files\Samsung\Kies\Kies.exeC:\Windows\system32\KERNELBASE.dlle3677b8f-6126-11e4-bf2a-002433e8a72c

Error: (10/31/2014 06:53:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.Windows.Input.InputManager..ctor()
at System.Windows.Input.InputManager.GetCurrentInputManagerImpl()
at System.Windows.Input.KeyboardNavigation..ctor()
at System.Windows.FrameworkElement+FrameworkServices..ctor()
at System.Windows.FrameworkElement.EnsureFrameworkServices()
at System.Windows.FrameworkElement..ctor()
at System.Windows.Controls.Control..ctor()
at System.Windows.Window..ctor()
at Kies.UI.Dialogs.KiesMessageBox..ctor()
at Kies.UI.Dialogs.KiesMessageBox.Show(System.Windows.Window, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions, System.String, Boolean)
at Kies.UI.Dialogs.KiesMessageBox.Show(System.String, System.String, System.Windows.MessageBoxButton)
at Kies.Common.Util.WebDownloader.SetDownloadType(Kies.Common.Util.UpdateTypeEnum)
at Kies.Common.Util.WebDownloader.StartDownloadFiles(Kies.Common.Util.UpdateTypeEnum)
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.DownloadExtractNMoveFile()
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.CheckNDownloadDriverFile()
at DeviceHost.ViewModel.ConnectionErrorSolutionVM.DoNextOperation(System.Object)
at System.Threading._TimerCallback.TimerCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading._TimerCallback.PerformTimerCallback(System.Object)

Error: (10/31/2014 05:45:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: KiesSetup.exe2.6.3.14044158801cff5297185a95d60000C:\Users\fsc\Downloads\KiesSetup.exe253062fe-611d-11e4-ba65-002433e8a72c

Error: (10/31/2014 05:44:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: KiesSetup.exe2.6.3.1404449c01cff52942a4e74d0C:\Users\fsc\Downloads\KiesSetup.exed3e5027a-611c-11e4-ba65-002433e8a72c

Error: (10/28/2014 09:33:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\open freely\NGEN\x64\ngen.exe

Error: (10/28/2014 09:33:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin\SetACL.exe


CodeIntegrity Errors:
===================================
Date: 2014-11-08 00:31:06.560
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.545
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.545
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.529
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.529
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.529
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.514
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.514
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.498
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-08 00:31:06.498
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 40%
Total physical RAM: 3039.03 MB
Available physical RAM: 1801.92 MB
Total Pagefile: 6076.34 MB
Available Pagefile: 4911.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.88 GB) (Free:24.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Laufwerk) (Fixed) (Total:22.78 GB) (Free:3.29 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:29.49 GB) (Free:0.38 GB) FAT32
Drive h: (PLATINUM) (Removable) (Total:119.01 GB) (Free:107.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BE3A5F1D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=88.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 119 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


Gmer-19357:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-12 14:32:03
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SATA_SSD rev.S5FAM011 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\fsc\AppData\Local\Temp\uwldypow.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x91C90990]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x91C411CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x91C41400]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x91C40FC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x91C9355C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x91C9298C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x91C92BD8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x91C9251E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x91C31640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x91C90AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x91C905FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x91C93312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x91C92052]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x91C9378C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x91C9267E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x91C931C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x91C412D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x91C92EE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x91C410C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x91C93048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x91C31A5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x91C90936]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x91C9225A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x91C92D82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x91C31A6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x91C923C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x91C92882]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x91C93894]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x91C9361E]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83244A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327E1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 8328522C 4 Bytes [90, 09, C9, 91] {NOP ; OR ECX, ECX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83285254 4 Bytes [CE, 11, C4, 91] {INTO ; ADC ESP, EAX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83285298 4 Bytes [00, 14, C4, 91] {ADD [ESP+EAX*8], DL; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 832852E8 4 Bytes [C8, 0F, C4, 91] {ENTER 0xc40f, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8328534C 4 Bytes [5C, 35, C9, 91]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9343B000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 2.1 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] ntdll.dll!NtProtectVirtualMemory 776A5F18 5 Bytes JMP 70F41ED6 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ushata.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 0.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] USER32.dll!NotifyWinEvent + 5B2 76FDD570 4 Bytes [0B, 26, F4, 70]
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] USER32.dll!NotifyWinEvent + 6AE 76FDD66C 4 Bytes [1B, 2F, F4, 70]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1920] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433e8a72c
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433e8a72c (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2014-11-12 13:16:58

---- EOF - GMER 2.1 ----