| The DarkSoul | 06.10.2014 16:12 |
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014
Ran by ************ (administrator) on ASPIRE on 06-10-2014 17:01:40
Running from C:\Users\************\Desktop\Bilder
Loaded Profile: ************ (Available profiles: ************ & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Tobit.Software) C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.bin
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2639925144-2050660770-710672834-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2639925144-2050660770-710672834-1000\...\Run: [RfxSrvTray] => C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2639925144-2050660770-710672834-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/?rlz=1W4CHBB_deDE549
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1DC02A1DEC0CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{03C771D4-0857-4D4E-8DB3-80FDE77C9A2A}: [NameServer] 208.53.156.36,173.208.90.251
FireFox:
========
FF ProfilePath: C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\yf7xxwel.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: German Dictionary - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\yf7xxwel.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-09-25]
FF Extension: DSL Soforthilfe - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\yf7xxwel.default\Extensions\{95E05177-EA09-4386-8B79-FEB1EAC063E6} [2014-03-08]
FF Extension: gTranslate - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\yf7xxwel.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2014-03-25]
FF Extension: Adblock Plus - C:\Users\************\AppData\Roaming\Mozilla\Firefox\Profiles\yf7xxwel.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-14]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-03]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-03]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-03]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-03]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-03]
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\************\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-04]
CHR Extension: (Google Drive) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-04]
CHR Extension: (YouTube) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-04]
CHR Extension: (Google-Suche) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-04]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-04]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-04]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-04]
CHR Extension: (Virtual Keyboard) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-04]
CHR Extension: (Google Wallet) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (Google Mail) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-04]
CHR Extension: (Anti-Banner) - C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-04]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37888 2013-12-17] () [File not signed]
R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 2006-08-04] (Conexant Systems, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2014-07-10] (Sony Mobile Communications)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [986624 2006-10-18] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\Windows\System32\DRIVERS\HSXHWAZL.sys [206848 2006-10-18] (Conexant Systems, Inc.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-03] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-19] (Kaspersky Lab ZAO)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Conexant) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-11-24] (The OpenVPN Project)
R3 TPLINKUDSMBus; C:\Windows\System32\drivers\TplinkUDSMBus.sys [88576 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
S3 TplinkUDSTcpBus; C:\Windows\System32\drivers\TplinkUDSTcpBus.sys [151296 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [659968 2006-10-18] (Conexant Systems, Inc.) [File not signed]
R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8192 2006-08-04] (Conexant Systems, Inc.) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-24] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-06 17:01 - 2014-10-06 17:01 - 00000000 ____D () C:\FRST
2014-10-06 16:42 - 2014-10-06 16:42 - 00000092 ____H () C:\Users\************\Desktop\.~lock.KDU zu niedrig berechnet.odt#
2014-10-06 01:16 - 2014-10-06 01:17 - 00010250 _____ () C:\Users\************\Desktop\KDU zu niedrig berechnet.odt
2014-09-27 00:23 - 2014-09-27 00:46 - 00011858 _____ () C:\Users\************\Documents\The Hut.odt
2014-09-25 16:45 - 2014-09-25 16:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 19:00 - 2014-09-09 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-11 19:17 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:17 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:17 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:17 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:17 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:17 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:17 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:17 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 19:17 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:17 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:17 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:17 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 19:17 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:17 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:17 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:17 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 19:17 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:17 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:17 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:17 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 19:17 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-06 17:01 - 2013-04-24 23:44 - 00000000 ____D () C:\Users\************\Desktop\Bilder
2014-10-06 16:42 - 2013-12-03 21:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-06 16:42 - 2011-12-21 03:43 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 16:26 - 2009-04-11 14:37 - 01300323 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 16:21 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 16:21 - 2006-11-02 14:47 - 00006096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 16:21 - 2006-11-02 14:47 - 00006096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 01:26 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-06 01:21 - 2013-10-04 12:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 01:16 - 2011-12-21 03:43 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-02 20:46 - 2014-08-21 20:46 - 00000000 ___RD () C:\Users\************\Dropbox
2014-10-02 20:42 - 2012-06-18 22:06 - 00000000 ____D () C:\Windows\pss
2014-10-02 20:36 - 2014-09-04 17:01 - 00000000 ____D () C:\Users\************\Desktop\Schule
2014-10-02 20:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-10-02 18:21 - 2014-08-21 20:42 - 00000000 ____D () C:\Users\************\AppData\Roaming\Dropbox
2014-09-26 12:28 - 2014-03-06 16:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 16:30 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-09-24 20:21 - 2013-10-04 12:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 20:21 - 2013-10-04 12:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 19:01 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-18 19:59 - 2014-08-21 20:44 - 00000000 ____D () C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 19:26 - 2013-10-04 12:49 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-12 15:46 - 2013-02-01 03:20 - 00000000 ____D () C:\Users\************\Desktop\Dokumente
2014-09-11 20:20 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:15 - 2013-07-25 20:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 19:10 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-11 19:06 - 2009-04-11 18:55 - 01542810 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-07 22:20 - 2012-11-25 22:54 - 00000000 ____D () C:\Users\************\AppData\Roaming\BOM
Some content of TEMP:
====================
C:\Users\************\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgdmhdo.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 16:36
==================== End Of Log ============================
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014
Ran by *********** at 2014-10-06 17:02:26
Running from C:\Users\***********\Desktop\Bilder
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.5.567 - Amazon Services LLC)
Biet-O-Matic v2.14.10 (HKLM\...\Biet-O-Matic v2.14.10) (Version: 2.14.10 - BOM Development Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DSL Soforthilfe (HKLM\...\DSL Soforthilfe) (Version: 1.1.0.51 - Telefónica Germany GmbH & Co. OHG)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{2BDCE73D-C1CF-45BF-B6EB-B010365314A3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
ICQ7.7 (HKLM\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.2.2 (HKLM\...\OpenVPN) (Version: 2.2.2 - )
Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PC Connectivity Solution (HKLM\...\{7390478C-8581-415E-92E9-2997D9306B81}) (Version: 12.0.32.0 - Nokia)
Radio.fx (HKLM\...\Tobit Radio.fx Server) (Version: - Tobit.Software)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
TP-LINK USB Printer Controller (HKLM\...\{3EC900B5-28EE-4472-A9FF-B11A879EC838}) (Version: 1.12.0927 - Ihr Firmenname)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2639925144-2050660770-710672834-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***********\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
03-09-2014 17:13:18 Geplanter Prüfpunkt
04-09-2014 15:41:36 Geplanter Prüfpunkt
07-09-2014 12:04:12 Geplanter Prüfpunkt
09-09-2014 14:20:30 Geplanter Prüfpunkt
11-09-2014 15:02:13 Geplanter Prüfpunkt
11-09-2014 17:00:39 Windows Update
18-09-2014 18:38:51 Geplanter Prüfpunkt
23-09-2014 17:51:52 Geplanter Prüfpunkt
24-09-2014 17:00:12 Windows Update
26-09-2014 12:14:38 Geplanter Prüfpunkt
28-09-2014 09:18:22 Geplanter Prüfpunkt
30-09-2014 17:45:58 Geplanter Prüfpunkt
05-10-2014 16:17:49 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02ACB3B0-A8E8-4D7F-9FB2-979878E2B978} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-21] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5BCEA9BC-F2E7-418D-86C7-89B414B7682C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {8A4AF762-3D2D-42BB-87D6-041636EE0371} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-21] (Google Inc.)
Task: {95EBB7F2-9B67-442A-BC36-8956CBECA723} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {AA4C51F5-C189-420A-90B1-9DB8CB1B36F1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CE432D87-97A9-4827-AD19-9654652EF8BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2012-02-03 02:52 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
2012-02-03 02:52 - 2013-06-03 13:06 - 09907712 _____ () C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
2012-02-03 02:52 - 2013-05-16 14:28 - 00242688 _____ () C:\Program Files\Tobit Radio.fx\Client\rfx-client$.ger
2014-08-13 09:27 - 2014-08-13 09:27 - 00988160 _____ () C:\Program Files\OpenOffice 4\program\libxml2.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00170496 _____ () C:\Program Files\OpenOffice 4\program\libxslt.dll
2014-09-25 16:45 - 2014-09-25 16:45 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Radio.fx.LNK => C:\Windows\pss\Radio.fx.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^***********^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^***********^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\***********\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\***********\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: DSL Soforthilfe => C:\Program Files\DSL Soforthilfe\DSL_Soforthilfe.exe /auto
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: rfxsrvtray => "C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe"
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\***********\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: TP-LINK USB Printer Controller => C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2639925144-2050660770-710672834-500 - Administrator - Disabled)
Gast (S-1-5-21-2639925144-2050660770-710672834-501 - Limited - Enabled) => C:\Users\Gast
*********** (S-1-5-21-2639925144-2050660770-710672834-1000 - Administrator - Enabled) => C:\Users\***********
==================== Faulty Device Manager Devices =============
Name: Atheros AR5B91 Wireless Network Adapter
Description: Atheros AR5B91 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/02/2014 06:36:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rfx-server.exe, Version 6.0.0.1532, Zeitstempel 0x51ac78a7, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fd1e,
Prozess-ID 0x230, Anwendungsstartzeit rfx-server.exe0.
Error: (09/27/2014 04:04:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rfx-server.exe, Version 6.0.0.1532, Zeitstempel 0x51ac78a7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x00066609,
Prozess-ID 0x19c, Anwendungsstartzeit rfx-server.exe0.
Error: (09/27/2014 03:57:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rfx-server.exe, Version 6.0.0.1532, Zeitstempel 0x51ac78a7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x00066609,
Prozess-ID 0x10ac, Anwendungsstartzeit rfx-server.exe0.
Error: (09/27/2014 03:20:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rfx-server.exe, Version 6.0.0.1532, Zeitstempel 0x51ac78a7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000420, Fehleroffset 0x000b06fc,
Prozess-ID 0x264, Anwendungsstartzeit rfx-server.exe0.
Error: (09/27/2014 03:20:23 PM) (Source: Radio.fx) (EventID: 100) (User: )
Description: Failed to open session
Error: (09/24/2014 08:56:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rfx-server.exe, Version 6.0.0.1532, Zeitstempel 0x51ac78a7, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18882, Zeitstempel 0x51dd2d9c, Ausnahmecode 0xc0000005, Fehleroffset 0x00043766,
Prozess-ID 0xd24, Anwendungsstartzeit rfx-server.exe0.
Error: (09/22/2014 06:29:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rfx-server.exe, Version 6.0.0.1532, Zeitstempel 0x51ac78a7, fehlerhaftes Modul rfx-server.exe, Version 6.0.0.1532, Zeitstempel 0x51ac78a7, Ausnahmecode 0x40000015, Fehleroffset 0x0025da14,
Prozess-ID 0x2a8, Anwendungsstartzeit rfx-server.exe0.
Error: (09/21/2014 08:41:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rfx-server.exe, Version 6.0.0.1532, Zeitstempel 0x51ac78a7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x00066666,
Prozess-ID 0xaa0, Anwendungsstartzeit rfx-server.exe0.
Error: (09/17/2014 10:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rfx-server.exe, Version 6.0.0.1532, Zeitstempel 0x51ac78a7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x00066609,
Prozess-ID 0x96c, Anwendungsstartzeit rfx-server.exe0.
Error: (09/17/2014 10:06:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***********\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YF7XXWEL.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (10/06/2014 04:22:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (10/06/2014 04:21:32 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ASPIRE" auf Transport "NetBT_Tcpip_{03C771D4-0857-4D4E-8DB3-80FDE". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (10/06/2014 04:21:25 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ASPIRE" auf Transport "NetBT_Tcpip_{03C771D4-0857-4D4E-8DB3-80FDE". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (10/05/2014 08:58:18 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 10.8.12.186 für die Netzwerkkarte mit der Netzwerkadresse 00FF3F772E95 wurde durch den DHCP-Server 10.8.12.209 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (10/05/2014 08:51:30 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 10.8.12.62 für die Netzwerkkarte mit der Netzwerkadresse 00FF3F772E95 wurde durch den DHCP-Server 10.8.12.185 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (10/05/2014 05:32:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (10/05/2014 05:31:00 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ASPIRE" auf Transport "NetBT_Tcpip_{03C771D4-0857-4D4E-8DB3-80FDE". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (10/05/2014 05:30:52 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ASPIRE" auf Transport "NetBT_Tcpip_{03C771D4-0857-4D4E-8DB3-80FDE". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (10/02/2014 11:10:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Radio.fx Server110001Neustart des Diensts
Error: (10/02/2014 08:49:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (10/02/2014 06:36:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rfx-server.exe6.0.0.153251ac78a7kernel32.dll6.0.6002.1903452f2ec86e06d73630003fd1e23001cfde5ba6541986
Error: (09/27/2014 04:04:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rfx-server.exe6.0.0.153251ac78a7ntdll.dll6.0.6002.1888151da3e27c00000050006660919c01cfda5aff06cfb0
Error: (09/27/2014 03:57:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rfx-server.exe6.0.0.153251ac78a7ntdll.dll6.0.6002.1888151da3e27c00000050006660910ac01cfda55dd3df430
Error: (09/27/2014 03:20:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rfx-server.exe6.0.0.153251ac78a7ntdll.dll6.0.6002.1888151da3e27c0000420000b06fc26401cfda3a580c55a4
Error: (09/27/2014 03:20:23 PM) (Source: Radio.fx) (EventID: 100) (User: )
Description: Failed to open session
Error: (09/24/2014 08:56:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rfx-server.exe6.0.0.153251ac78a7RPCRT4.dll6.0.6002.1888251dd2d9cc000000500043766d2401cfd82335dc7100
Error: (09/22/2014 06:29:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rfx-server.exe6.0.0.153251ac78a7rfx-server.exe6.0.0.153251ac78a7400000150025da142a801cfd67b26c8e5e8
Error: (09/21/2014 08:41:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rfx-server.exe6.0.0.153251ac78a7ntdll.dll6.0.6002.1888151da3e27c000000500066666aa001cfd5a0566d27b1
Error: (09/17/2014 10:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rfx-server.exe6.0.0.153251ac78a7ntdll.dll6.0.6002.1888151da3e27c00000050006660996c01cfd2b29042c0d6
Error: (09/17/2014 10:06:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***********\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YF7XXWEL.DEFAULT\SAFEBROWSING-BACKUP
CodeIntegrity Errors:
===================================
Date: 2014-10-06 17:01:56.439
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-06 17:01:56.190
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-06 17:01:55.940
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-06 17:01:55.691
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 20:22:55.913
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 20:22:55.651
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 20:22:55.315
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 20:22:54.971
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 20:22:19.690
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-02 20:22:19.316
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 2999.9 MB
Available physical RAM: 1597.45 MB
Total Pagefile: 6231.98 MB
Available Pagefile: 4616.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:288.32 GB) (Free:207.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: BD87394B)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=288.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
WARNUNG an die MITLESER: