| HartmutA | 17.01.2015 17:20 |
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by HARDY (administrator) on HARDY-PC-NEU on 17-01-2015 17:21:40
Running from C:\Users\HARDY\Desktop\PC.Special\Malware-Tools)
Loaded Profiles: HARDY (Available profiles: HARDY & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-12-16] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2389243879-3189858854-901359939-1000\...\Run: [DeskDriveStartup] => C:\Program Files (x86)\Blue Onion Software\DeskDrive\DeskDrive.exe [66048 2012-02-08] (Blue Onion Software)
HKU\S-1-5-21-2389243879-3189858854-901359939-1000\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-2389243879-3189858854-901359939-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-2389243879-3189858854-901359939-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\HARDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\HARDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2389243879-3189858854-901359939-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-2389243879-3189858854-901359939-1000 -> Backup.Old.DefaultScope {9C1561B1-7036-483F-AF30-0CB0BACFD918}
SearchScopes: HKU\S-1-5-21-2389243879-3189858854-901359939-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406
FF Homepage: hxxp://www.startzentrale.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\.DEFAULT: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
FF Plugin HKU\S-1-5-21-2389243879-3189858854-901359939-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HARDY\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF user.js: detected! => C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\user.js
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2389243879-3189858854-901359939-1000\FireFox\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\aol-suche.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\chordie.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\idealode.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\podcastde.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\qrobeit.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\webwebweb---by-easy-video-downloader.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\searchplugins\youtube.xml
FF Extension: Facebook Translate - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\facebook-translate@oliver.schloebe.de [2014-04-06]
FF Extension: FRITZ!Box AddOn - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\fb_add_on@avm.de [2014-11-27]
FF Extension: LastPass - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\support@lastpass.com [2014-03-21]
FF Extension: Evernote Web Clipper - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-07-24]
FF Extension: Add to Amazon Wish List Button - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\amznUWL2@amazon.com.xpi [2014-07-24]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-10-31]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\elemhidehelper@adblockplus.org.xpi [2012-10-11]
FF Extension: Facebook Privacy Watcher - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\fpw@informatik.tu-darmstadt.de.xpi [2014-10-08]
FF Extension: ProxTube - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\toolbar-ff@payback.de.xpi [2014-11-20]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\vdpure@link64.xpi [2014-12-07]
FF Extension: YouTube Smart Pause - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\YouTubeSmartPause@jetpack.xpi [2013-09-11]
FF Extension: Facebook Phishing Protector - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2013-02-11]
FF Extension: ImTranslator - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-10-10]
FF Extension: Adblock Plus - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-10]
FF Extension: BetterPrivacy - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-08-23]
FF Extension: COMPUTERBILD-Abzockschutz - C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi [2012-10-17]
FF Extension: LastPass - C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2389243879-3189858854-901359939-1000\FireFox\Extensions\support@lastpass.com [2013-11-07]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-01-13]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-01-13]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-30]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-30]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-30]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S4 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-12-16] (Copyright 2013 SAMSUNG)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [513600 2009-11-05] (ITETech )
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-13] (AzureWave Technologies, Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 L6UX2; C:\Windows\System32\Drivers\L6UX264.sys [772864 2013-07-11] (Line 6)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [132200 2013-12-17] (Yamaha Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 16:53 - 2015-01-17 17:01 - 174172336 _____ () C:\Users\HARDY\Desktop\Boardwalk.Empire.S05E06.Pakt.mit.dem.Teufel-TVP.rar.part
2015-01-17 12:46 - 2015-01-17 17:05 - 00000288 _____ () C:\Users\HARDY\Desktop\Desk Drive (F) - 0,5GB (0,4).lnk
2015-01-17 12:36 - 2015-01-17 17:05 - 00001194 _____ () C:\Users\HARDY\Desktop\Boot (C).lnk
2015-01-17 12:36 - 2015-01-17 17:05 - 00000384 _____ () C:\Users\HARDY\Desktop\Desk Drive (H).lnk
2015-01-17 09:42 - 2015-01-17 09:42 - 00000000 _____ () C:\Windows\SysWOW64\shoC3C.tmp
2015-01-16 15:39 - 2015-01-16 15:39 - 00000000 ____D () C:\Users\HARDY\Desktop\TestProgrammer
2015-01-16 10:37 - 2015-01-16 10:37 - 00000000 ____D () C:\Users\HARDY\AppData\Local\{54EBF782-DCAE-4BD7-8E00-B984DAD9FCC2}
2015-01-15 14:24 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 14:24 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 14:24 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 14:24 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 14:24 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 14:24 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 14:24 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 14:24 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 14:24 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 14:24 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 14:24 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 14:24 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 14:24 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 22:03 - 2015-01-14 21:30 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-14 21:35 - 2015-01-14 22:06 - 00034224 _____ () C:\zoek-results.log
2015-01-14 21:30 - 2015-01-17 09:35 - 00000000 ____D () C:\zoek_backup
2015-01-14 20:02 - 2015-01-14 21:31 - 00000000 ____D () C:\AdwCleaner
2015-01-14 19:12 - 2015-01-14 19:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 19:11 - 2015-01-14 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 19:11 - 2015-01-14 19:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 19:11 - 2015-01-14 19:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 19:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 19:11 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-14 19:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-14 16:51 - 2015-01-17 17:21 - 00000000 ____D () C:\FRST
2015-01-13 19:11 - 2015-01-13 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 06:30 - 2015-01-13 06:30 - 00000000 _____ () C:\autoexec.bat
2015-01-10 08:04 - 2015-01-10 08:04 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-10 08:04 - 2015-01-10 08:04 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-10 08:04 - 2015-01-10 08:04 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-10 08:04 - 2015-01-10 08:04 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 21:01 - 2015-01-08 21:01 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-12-26 09:56 - 2014-12-26 09:56 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-20 06:54 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-20 06:54 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-17 17:12 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 17:12 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 17:08 - 2012-06-20 19:39 - 01184774 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 17:05 - 2012-09-18 11:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-17 17:04 - 2014-11-25 09:37 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-17 17:04 - 2014-07-01 07:04 - 00061639 _____ () C:\Windows\setupact.log
2015-01-17 17:04 - 2013-03-06 16:24 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-17 17:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 16:48 - 2014-10-15 09:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 12:49 - 2011-05-16 15:04 - 00700612 _____ () C:\Windows\system32\perfh007.dat
2015-01-17 12:49 - 2011-05-16 15:04 - 00150494 _____ () C:\Windows\system32\perfc007.dat
2015-01-17 12:49 - 2009-07-14 06:13 - 01624592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 12:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-17 12:34 - 2009-07-14 05:45 - 00384816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-16 20:16 - 2014-01-27 12:54 - 00000000 ____D () C:\Users\HARDY\AppData\Roaming\vlc
2015-01-16 15:38 - 2013-09-20 15:42 - 00000000 ___RD () C:\Users\HARDY\Desktop\GITARREN-PROG
2015-01-16 15:12 - 2013-02-20 09:38 - 00000000 ____D () C:\Users\HARDY\Download
2015-01-16 09:00 - 2012-06-25 07:01 - 00000000 ____D () C:\Users\HARDY\Desktop\PC.Special
2015-01-15 14:01 - 2012-06-21 08:39 - 00000000 ____D () C:\Users\HARDY\AppData\Roaming\MediaMonkey
2015-01-14 22:04 - 2014-07-19 07:14 - 00053684 _____ () C:\Windows\PFRO.log
2015-01-14 19:49 - 2014-03-02 04:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 19:49 - 2012-12-31 09:39 - 00000000 ____D () C:\Windows\pss
2015-01-14 19:38 - 2013-03-21 15:49 - 00000000 ____D () C:\Users\HARDY\Programme ect
2015-01-14 19:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-14 15:33 - 2013-11-22 11:13 - 00000000 ____D () C:\Users\HARDY\MEDION NAS TOOL
2015-01-14 14:48 - 2014-10-15 09:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 14:48 - 2013-07-16 18:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 14:48 - 2013-03-07 16:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 06:08 - 2014-12-03 07:37 - 00000227 _____ () C:\Windows\SysWOW64\debug.log
2015-01-12 14:44 - 2014-07-18 08:55 - 00000000 ____D () C:\Users\HARDY\AppData\Roaming\AllDup
2015-01-12 14:43 - 2014-07-18 08:55 - 00000000 ____D () C:\ProgramData\AllDup
2015-01-12 11:42 - 2013-10-06 07:08 - 00000000 ____D () C:\Users\Gast
2015-01-12 11:42 - 2012-06-20 11:52 - 00000000 ___RD () C:\Users\HARDY
2015-01-12 11:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-12 11:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-09 21:19 - 2014-09-16 21:46 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-01-05 19:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-03 11:32 - 2014-09-14 13:52 - 00000857 _____ () C:\Users\Gast\Desktop\Guitar Explorer.lnk
2014-12-24 09:32 - 2012-06-21 16:36 - 00000000 ____D () C:\Users\HARDY\AppData\Roaming\SoftGrid Client
2014-12-18 09:50 - 2014-05-24 08:39 - 00000000 ____D () C:\Users\HARDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-18 09:50 - 2012-06-23 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
==================== Files in the root of some directories =======
2012-10-28 15:02 - 2012-10-28 14:56 - 3706880 _____ (ROBL - PC - WARE) C:\Program Files (x86)\Stromverbrauch.exe
2013-03-08 22:51 - 2013-11-07 20:19 - 12744192 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-07-09 12:39 - 2012-07-09 12:39 - 0017412 _____ () C:\Users\HARDY\AppData\Roaming\UserTile.png
2014-01-20 15:52 - 2014-07-29 08:15 - 0001456 _____ () C:\Users\HARDY\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2012-06-30 15:39 - 2013-07-24 18:38 - 0018944 _____ () C:\Users\HARDY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-16 09:13 - 2013-11-16 09:13 - 0000017 _____ () C:\Users\HARDY\AppData\Local\resmon.resmoncfg
2012-06-20 17:18 - 2012-06-20 17:18 - 0017408 _____ () C:\Users\HARDY\AppData\Local\WebpageIcons.db
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 20:52
==================== End Of Log ============================
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by HARDY at 2015-01-17 17:22:26
Running from C:\Users\HARDY\Desktop\PC.Special\Malware-Tools)
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
120GuitarChords (HKLM-x32\...\120GuitarChords) (Version: - NeonWay)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Amazon Cloud Player (HKU\S-1-5-21-2389243879-3189858854-901359939-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version: - )
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 3.6.108 - Abelssoft)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Cinergy HTC Stick V5.09.1202.00 (HKLM-x32\...\Cinergy HTC Stick) (Version: 5.09.1202.00 - )
COMPUTER BILD Account-Alarm (HKLM-x32\...\{04B0A9F1-070A-4C32-A575-6D2DC8F5C52E}) (Version: 1.0.3 - J3S)
COMPUTERBILD-Abzockschutz (HKLM-x32\...\{8AA87888-D4A2-4CA2-BAEC-7759D0AD8E38}) (Version: 1.0.43 - J3S)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Covermanager (HKLM-x32\...\Covermanager_is1) (Version: 1.5.0 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das große Franzis Paket Office - Office Vorlagen Teil 1 (HKLM-x32\...\Das große Franzis Paket Office - Office Vorlagen Teil 1_is1) (Version: - )
DeskDrive Version 1.8.5 (HKLM-x32\...\{840CAC48-BDE6-490C-AA34-904E10AB1261}_is1) (Version: 1.8.5 - Blue Onion Software)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.3.0 - devolo AG)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden
Dropbox (HKU\S-1-5-21-2389243879-3189858854-901359939-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVDFab Version 8.0.2.2 (HKLM-x32\...\{616FEB8D-CA05-49F4-A155-B74F8DB38B7A}_is1) (Version: 8.0.2.2 - DVDFab 8.0.2.2 Preactivado - Dimitry)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Epson Benutzerhandbuch XP-600 Series (HKLM-x32\...\XP-600 Series Useg) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Netzwerkhandbuch XP-600 Series (HKLM-x32\...\XP-600 Series Netg) (Version: - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-600 Series Printer Uninstall (HKLM\...\EPSON XP-600 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gitarrero Leadstar 1.00 Demo (HKLM-x32\...\Gitarrero Leadstar Maxi Demo_is1) (Version: 1.00 - Baumgaertel/ Wetzel)
Gitarrero Notenmeister (HKLM-x32\...\Gitarrero Notenmeister) (Version: - )
Guitar Explorer 1.0 (HKLM-x32\...\Guitar Explorer 1.0) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2669 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version: - )
Liederalbum Paulchen 1.0 (HKLM-x32\...\Liederalbum Paulchen_is1) (Version: 1.0 - Gitarrero Software GbR)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
M-DVD.Org V2 (HKLM-x32\...\{D831211C-EE0F-43E3-9F8C-E4832B34C18A}_is1) (Version: 2.0 - SynApp GmbH)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
MediaShow 3.0 (HKLM-x32\...\{D5A9B7C0-8751-11D8-9D75-000129760D75}) (Version: - )
MEDION GoPal Assistant (HKLM-x32\...\{B9D45A76-61DF-4387-B0FE-CA165D582B57}) (Version: 6.3.6.13143 - MEDION)
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7939 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2389243879-3189858854-901359939-1000\...\MyFreeCodec) (Version: - )
mySongBook Player (HKLM-x32\...\{42F6B687-F7B1-41A8-87CB-043FBBE4621D}_is1) (Version: - Arobas Music)
Native Instruments DrumMicA (HKLM-x32\...\Native Instruments DrumMicA) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.2.245 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.1.1158 - Native Instruments)
Nero OEM (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
OpenOffice 4.1.0 Language Pack (German) (HKLM-x32\...\{ED7A9584-1F78-4CB0-B3E7-C30E6B7B02FE}) (Version: 4.10.9764 - Apache Software Foundation)
PhotoNow! 1.0 (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PowerCinema 4.0 (HKLM-x32\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - )
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PowerProducer (HKLM-x32\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: - )
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
RealSpeak Solo fur Deutsch - Steffi (HKLM-x32\...\{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}) (Version: 4.00.0000 - ScanSoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
RiffWorks T4 (HKLM-x32\...\RiffWorks T4) (Version: 2.6.7 - Sonoma Wire Works)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 2.0.0.1412161531 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1412161531 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SynthFont (HKLM-x32\...\SynthFont) (Version: - )
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.73 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TuxGuitar 1.2 (HKLM-x32\...\TuxGuitar_0) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version: - )
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{B590D7D4-CB5C-4919-971F-EC5EA982749D}) (Version: 1.8.4 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.8.4 - Yamaha Corporation) Hidden
YAMAHA THR Editor (HKLM-x32\...\{5115B75F-32BF-42CB-A8BC-2F0A71C4DF93}) (Version: 1.0.0 - Yamaha Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2389243879-3189858854-901359939-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2389243879-3189858854-901359939-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2389243879-3189858854-901359939-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2389243879-3189858854-901359939-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2389243879-3189858854-901359939-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2389243879-3189858854-901359939-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2389243879-3189858854-901359939-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2389243879-3189858854-901359939-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2389243879-3189858854-901359939-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HARDY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-01-2015 14:24:55 Windows Update
15-01-2015 15:47:45 Windows-Sicherung
15-01-2015 21:23:25 Windows-Sicherung
17-01-2015 17:01:56 Restore Point Created by FRST
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2012-06-22 08:23 - 00000895 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01CE3279-476C-4C5C-89E7-001A26E6B6E7} - System32\Tasks\{5BB6C394-6524-4F8B-A640-24C0C0EE135F} => pcalua.exe -a "C:\Program Files (x86)\MEDION GoPal Assistant\GoPal_Assistant.exe" -d "C:\Program Files (x86)\MEDION GoPal Assistant\"
Task: {07587E55-8173-4B0E-8466-B374FECC9A17} - System32\Tasks\Google Updater and Installer => C:\Users\HARDY\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0E23132F-78C4-477F-BEC4-536D9230D3B8} - System32\Tasks\{FAAA3501-6F34-4738-B3EF-0463B08318A3} => pcalua.exe -a "C:\Program Files (x86)\UX Pack\uxuninst.exe"
Task: {28A4A412-0271-4D91-803F-73536605C94F} - System32\Tasks\{9AE069F7-D45D-4AEB-AB11-8ADDF4741DC4} => pcalua.exe -a "C:\Program Files (x86)\watchmi\Tvd.Setup.HotfixCheck.exe" -d "C:\Program Files (x86)\watchmi"
Task: {2D58DAAB-3FC7-4E5E-8CBB-529B05FB0A2D} - System32\Tasks\{759734EE-496E-437D-8746-432732041486} => C:\Program Files (x86)\M-DVD.Org V2\M-DVD_Org.exe [2005-10-28] (SynApp GmbH)
Task: {36A849B5-E844-4A06-841B-002CC0D82026} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {3DE9985D-06A9-47A9-BE05-600ED4218B83} - System32\Tasks\{E6EF038A-821D-4B61-9E42-5868F795AEB4} => pcalua.exe -a C:\Users\HARDY\Download\aolsync-outlook-plugin.exe -d C:\Users\HARDY\Download
Task: {3E7E3EED-5133-4F23-88DF-930349022346} - System32\Tasks\{FAA6E2C1-F82F-4731-9EE8-563DDCE51AAB} => pcalua.exe -a C:\Users\HARDY\Downloads\M2Tech_USB_Audio_Driver_r1.5.exe -d C:\Users\HARDY\Downloads
Task: {3FB73559-1448-45B9-90D1-CA0B79693468} - System32\Tasks\{F0151E50-0B1B-43C4-917C-AEDB54C2FEFE} => msiexec.exe /package "C:\Users\HARDY\Downloads\Adobe Photoshop Elements 10\PSE 10\Adobe Photoshop Elements 10.msi"
Task: {45E79AE0-A4D8-4CBF-9FDA-2389593A8B9B} - System32\Tasks\{B8FD48E8-898D-4018-A9AB-A7F0CD197129} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe"
Task: {5181B170-CAC3-467B-A4DB-FE54FEF884B7} - System32\Tasks\{B28959DD-C9C5-420E-8A9E-8D843DEDF87A} => pcalua.exe -a E:\FSetup.exe -d E:\
Task: {524BF74F-9B79-406C-876E-C7C1D616E3E8} - System32\Tasks\{8C5AB6D8-233E-4ED9-9E3B-3CD8723FD37F} => C:\Program Files (x86)\Line6\BackTrack Setup Utility\BackTrack Setup Utility.exe [2012-07-30] (Line 6, Inc.)
Task: {54F65104-84EB-47AA-AB1A-7035632FC313} - System32\Tasks\{CD3C0597-4080-4693-B3DD-2D241916A1E6} => pcalua.exe -a C:\Users\HARDY\Downloads\BlueStacks-ThinInstaller_0.7.0.725.exe -d C:\Users\HARDY\Downloads
Task: {5628FD7C-FDC2-4104-9109-63B6A3665961} - System32\Tasks\{6ED33290-8B02-400B-9B3E-C49B90DFBABE} => pcalua.exe -a "C:\Program Files (x86)\MEDION GoPal Assistant\Assistant_UninstallOldPerUser.exe" -d "C:\Program Files (x86)\MEDION GoPal Assistant"
Task: {58445BE3-F7A9-4586-A461-D80CDB5E0359} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {5B3AF5D3-DB79-4EE3-849E-D9B760DD7E43} - System32\Tasks\AdobeAAMUpdater-1.0-HARDY-PC-Neu-HARDY => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {5C3D9495-4A8A-40E6-909D-575C7DCF0096} - System32\Tasks\{314C74CA-5DC0-4402-8419-D5A08F874B87} => pcalua.exe -a C:\Users\HARDY\Desktop\Downloads\Silverlight_x64.exe -d C:\Users\HARDY\Desktop\Downloads
Task: {73B747D4-4652-4663-AFD3-F4476B42AB56} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7CFAB931-83DD-4BCB-B6A5-12DA32CA5A81} - System32\Tasks\{D23C8B30-7D2B-4F6B-9CE5-7E4AEEACAEFA} => pcalua.exe -a "C:\Program Files (x86)\Line6\BackTrack Setup Utility\BackTrack Setup Utility.exe" -d "C:\Program Files (x86)\Line6\BackTrack Setup Utility"
Task: {7DB7619A-CC9B-4BB6-8F62-F574EDE06AC0} - System32\Tasks\{ED305C0B-E1FA-4171-8C8D-B8B5ACBBD759} => pcalua.exe -a "C:\Users\HARDY\Music\Ex.Fi.music\GuitarTricks.com Learn Guitar Tricks Video Lessons Tutorial\GuitarTricksVideoPlayer.exe" -d "C:\Users\HARDY\Music\Ex.Fi.music\GuitarTricks.com Learn Guitar Tricks Video Lessons Tutorial"
Task: {84ABDE2E-361E-4296-84F8-94FCC634DEB2} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {84B91E6B-2D21-42DD-956C-F85F4FE126B2} - System32\Tasks\{BC4C6CFC-FCC3-43C1-80AC-5CE4D99AACE5} => C:\Program Files (x86)\Line6\BackTrack Setup Utility\BackTrack Setup Utility.exe [2012-07-30] (Line 6, Inc.)
Task: {8D1674D8-9973-4E0A-94A3-392960062A34} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8EE5251C-F894-4179-9C22-2D20A54A32B6} - System32\Tasks\{01D13927-EBED-4E36-A400-5DECE39709A9} => C:\Program Files (x86)\Ahead\CoverDesigner\CoverDes.exe [2004-04-15] (Ahead Software AG)
Task: {901B4D67-8377-4153-BEAD-B1AA7A46AB1A} - System32\Tasks\{48EFBEA0-DA6C-401F-93BD-B0E04A62A8B5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
Task: {9322C93A-A674-4FD5-89DA-A19531B148EB} - System32\Tasks\{460EAC6F-0AFE-4AB5-8657-831693429A6E} => pcalua.exe -a C:\Users\HARDY\Desktop\BlueStacks-ThinInstaller_0.7.0.725.exe -d C:\Users\HARDY\Desktop
Task: {97FB23E3-6BA7-4D39-B8ED-1A9D76249CB4} - System32\Tasks\{30145EAF-8D60-42D4-863A-6C4141EA2CEE} => C:\Program Files (x86)\Samsung\AllShare\AllShare.exe [2012-03-01] (Samsung Electronics Co., Ltd.)
Task: {AA3CF6B7-F363-4E9F-9BA5-B23B845AEE5C} - System32\Tasks\{DE00E98D-63ED-4E35-8921-F23C8D409B38} => C:\Program Files (x86)\M-DVD.Org V2\M-DVD_Org.exe [2005-10-28] (SynApp GmbH)
Task: {AC09C7F6-EF6B-41C4-974D-23F6632561E9} - System32\Tasks\{FDA84CF0-A618-435B-A9E8-545843F2BDDA} => C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
Task: {AD26D56E-D089-40AC-A3C7-B14BE6E66741} - System32\Tasks\{0CC5FEDB-992C-4E71-8859-F1BA3AAA8F18} => pcalua.exe -a C:\Users\HARDY\Downloads\Cinergy_HTC_Stick_Drv_Setup_5.09.1202.00_XP_Vista_7.exe -d C:\Users\HARDY\Downloads
Task: {ADC744E4-FC78-4793-B992-DE36840C9640} - System32\Tasks\{0E5C7BB1-C80B-4D91-AF1E-0332A31B448F} => C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe
Task: {B3EFAB65-51E8-415D-A6AC-F11314027236} - System32\Tasks\{780B4A00-C1FC-400B-BEBA-13D528E78FFB} => C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
Task: {BA45BD61-FDC3-4509-90A3-DA31C8D9FEAB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C2A00F78-2543-4964-B095-E83C9BE0202C} - System32\Tasks\{8719663D-A1F3-4EDE-8726-A0E44BEFF8F1} => pcalua.exe -a C:\Users\HARDY\Desktop\BlueStacks-ThinInstaller_0.7.0.722.exe -d C:\Users\HARDY\Desktop
Task: {C4EF3A20-157D-41BC-9832-FA80D8320326} - System32\Tasks\{1E730C56-CBFE-47A9-A175-2A6144A0A0B2} => C:\Program Files (x86)\Ahead\Nero\nero.exe [2004-05-06] (Ahead Software AG)
Task: {C81E95F1-6124-40D2-97D9-A83BD67BD421} - System32\Tasks\{E540C571-F025-406A-8C5A-F144F3FF899F} => pcalua.exe -a "C:\Program Files (x86)\MEDION GoPal Assistant\Assistant_Uninstaller.exe" -d "C:\Program Files (x86)\MEDION GoPal Assistant"
Task: {CF9D471F-2AAA-4ED4-B5E0-9E2DA9735D25} - System32\Tasks\{86B33A8D-29F0-4297-ACA3-D1394DE020CA} => pcalua.exe -a E:\Home_Cinema\Setup.exe -d E:\Home_Cinema
Task: {D7C2F35D-C393-4A5D-AD63-C9E79494E65F} - System32\Tasks\{C2A63AA0-D21A-4AA0-B7C8-CC814CE913F3} => pcalua.exe -a "C:\Program Files (x86)\watchmi\Tvd.InstallHelper.exe" -d "C:\Program Files (x86)\watchmi"
Task: {EA6C3919-32EF-4153-8367-E7A035EE5F31} - System32\Tasks\{ED2DC00A-6486-4DCE-B8BA-E0D9A7089A4D} => C:\Program Files (x86)\MEDION GoPal Assistant\GoPal_Assistant.exe [2013-11-20] (MEDION)
Task: {ECB8AF17-E5A6-4977-8C17-C795D546D4D9} - System32\Tasks\{6AC9A34D-B86D-45D2-A7B7-F7D87546F115} => C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe
Task: {F6F0702F-2479-449F-9FA9-81774499CA59} - System32\Tasks\{61F45520-D525-4268-82D0-FE6FFB16268B} => C:\Program Files (x86)\Samsung\AllShare\AllShare.exe [2012-03-01] (Samsung Electronics Co., Ltd.)
Task: {FFB5A3D0-32D3-40F5-89FD-7BFA071CCB3A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-06-21 08:39 - 2012-06-05 18:55 - 00091648 _____ () C:\Program Files (x86)\MediaMonkey\DeskPlayer.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-08-07 10:39 - 2014-08-07 10:39 - 00014336 _____ () C:\Program Files (x86)\COMPUTER BILD Account-Alarm\BCrypt.Net.dll
2014-10-26 09:24 - 2014-10-26 09:24 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-03-13 00:11 - 2012-02-02 00:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-13 19:11 - 2015-01-13 19:11 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-21 13:37 - 2014-03-21 13:37 - 01020928 _____ () C:\Users\HARDY\AppData\Roaming\Mozilla\Firefox\Profiles\3ns3nsl5.default-1349855230406\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-04-20 00:42 - 2014-04-20 00:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 00:42 - 2014-10-08 09:10 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 00:42 - 2014-04-20 00:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\HARDY\Documents\2013-09-08 09.43.35.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeActiveFileMonitor11.0 => 2
MSCONFIG\Services: AdobeActiveFileMonitor8.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: DevoloNetworkService => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: Samsung Link Service => 2
MSCONFIG\Services: SimpleSlideShowServer => 3
MSCONFIG\Services: WMPNetworkSvc => 2
========================= Accounts: ==========================
Administrator (S-1-5-21-2389243879-3189858854-901359939-500 - Administrator - Disabled)
Gast (S-1-5-21-2389243879-3189858854-901359939-501 - Limited - Enabled) => C:\Users\Gast
HARDY (S-1-5-21-2389243879-3189858854-901359939-1000 - Administrator - Enabled) => C:\Users\HARDY
HomeGroupUser$ (S-1-5-21-2389243879-3189858854-901359939-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/17/2015 05:01:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {8eedb11d-a96e-4d1b-a46c-bc274601be91}
Error: (01/17/2015 01:11:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/17/2015 09:32:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 14.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 82020
Startzeit: 01d031c2645fe6cc
Endzeit: 20
Anwendungspfad: C:\Users\HARDY\Desktop\PC.Special\Malware-Tools)\FRST64.exe
Berichts-ID:
Error: (01/16/2015 06:01:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm TUAutoUpdateCheck.exe, Version 12.0.3600.73 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 28e64
Startzeit: 01d0317b5650dc39
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoUpdateCheck.exe
Berichts-ID:
Error: (01/16/2015 05:34:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 14.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3f694
Startzeit: 01d0318cfed15cf5
Endzeit: 124
Anwendungspfad: C:\Users\HARDY\Desktop\PC.Special\Malware-Tools)\FRST64.exe
Berichts-ID:
Error: (01/16/2015 05:33:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AcroRd32.exe, Version 11.0.10.32 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 4b638
Startzeit: 01d0319675add335
Endzeit: 160
Anwendungspfad: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Berichts-ID:
Error: (01/16/2015 05:33:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1b42c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/16/2015 05:33:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x161c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/16/2015 05:33:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x2028
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/16/2015 05:32:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xb38
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (01/17/2015 05:07:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Samsung Link Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/17/2015 05:04:53 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.22192.168.137.0255.255.255.0
Error: (01/17/2015 05:04:53 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (01/17/2015 05:04:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/17/2015 05:02:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/17/2015 05:02:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/17/2015 05:02:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (01/17/2015 05:01:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/17/2015 05:01:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/17/2015 05:01:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/17/2015 05:01:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {8eedb11d-a96e-4d1b-a46c-bc274601be91}
Error: (01/17/2015 01:11:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
Error: (01/17/2015 09:32:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe14.1.2015.18202001d031c2645fe6cc20C:\Users\HARDY\Desktop\PC.Special\Malware-Tools)\FRST64.exe
Error: (01/16/2015 06:01:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TUAutoUpdateCheck.exe12.0.3600.7328e6401d0317b5650dc390C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoUpdateCheck.exe
Error: (01/16/2015 05:34:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe14.1.2015.13f69401d0318cfed15cf5124C:\Users\HARDY\Desktop\PC.Special\Malware-Tools)\FRST64.exe
Error: (01/16/2015 05:33:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AcroRd32.exe11.0.10.324b63801d0319675add335160C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Error: (01/16/2015 05:33:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d480000003000014251b42c01d0317037900974C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll5a87f7ff-9d9d-11e4-bbe3-8c89a5cac3ba
Error: (01/16/2015 05:33:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425161c01d0315c63daa4ceC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll5a77f233-9d9d-11e4-bbe3-8c89a5cac3ba
Error: (01/16/2015 05:33:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425202801d0315c6462533eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll5a6ca78a-9d9d-11e4-bbe3-8c89a5cac3ba
Error: (01/16/2015 05:32:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425b3801d0315c642df4f8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll53b45ee5-9d9d-11e4-bbe3-8c89a5cac3ba
CodeIntegrity Errors:
===================================
Date: 2014-12-16 07:31:44.272
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-16 07:31:44.212
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 20:15:06.889
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 20:15:06.887
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 20:15:06.872
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 20:15:06.870
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 20:13:57.338
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 20:13:57.309
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-26 08:08:01.158
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-26 08:08:00.922
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz
Percentage of memory in use: 61%
Total physical RAM: 3975.64 MB
Available physical RAM: 1531.24 MB
Total Pagefile: 7949.46 MB
Available Pagefile: 5289.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:414.66 GB) (Free:23.34 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:16.84 GB) NTFS
Drive f: () (Removable) (Total:0.48 GB) (Free:0.37 GB) FAT
Drive h: () (Fixed) (Total:931.51 GB) (Free:516.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DD3B8AC5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=414.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 81BA830F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 495.5 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
