Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Überprüfung nach Reinigung von Browser Hijacking und andere Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.09.2014, 19:58   #1
MotoG
 
Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Hallo Zusammen,

ich habe das private Notebook meiner Kollegin bekommen, bei dem Browser Hijacking vorlag.
Mit Unterstützung aus dem Forum (andere Beiträge) hier, habe ich folgendes bisher durchgeführt:

1. Scan mit EEK

Zuerst habe ich eine Scan mit Emsisoft Emergency Kit durchgeführt und die gefundenen Probleme in Quarantäne verschoben. Hier das Logfile dazu:

Code:
ATTFilter
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 16.09.2014 15:36:08
Benutzerkonto: PATRICKTINA\Hartmut

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	16.09.2014 15:42:22
C:\PROGRA~1\SupTab\DpInterface32.dll 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\002\fpvoixdaog32.exe 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SupTab.dll 	gefunden: Adware.Agent.OFO (B)
C:\Users\Hartmut\AppData\Local\ilvaaehj.exe 	gefunden: Gen:Variant.Adware.Symmi.11285 (B)
C:\Users\Hartmut\AppData\Local\Temp\APN-Stub 	gefunden: Application.Win32.WebToolbar (A)
C:\Users\Hartmut\AppData\Local\Temp\APN-Stub 	gefunden: Application.Win32.WebToolbar (A)
C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mypc backup 	gefunden: Application.AdStart (A)
C:\Users\Hartmut\AppData\Roaming\dvdvideosoftiehelpers 	gefunden: Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\software4u 	gefunden: Application.AppInstall (A)
C:\ProgramData\iminent 	gefunden: Application.AppInstall (A)
C:\ProgramData\partner 	gefunden: Application.AppInstall (A)
C:\Program Files\mypc backup 	gefunden: Application.AppInstall (A)
C:\Program Files\software4u 	gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK 	gefunden: Application.AdServ (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\IMINENT 	gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\SOFTONIC 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\IMINENT 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MYPC BACKUP 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MYPC BACKUP 	gefunden: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	gefunden: Application.AdShort (A)
C:\Users\Hartmut\AppData\Roaming\SupTab 	gefunden: Application.AdShort (A)
C:\Program Files\SupTab 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WEBSSEARCHESSOFTWARE 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WPM 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} 	gefunden: Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534} 	gefunden: Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5} 	gefunden: Application.AdBrowse (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\TUTOTAG 	gefunden: Adware.Win32.Ozore (A)
C:\ProgramData\IePluginServices 	gefunden: Application.AdPlug (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP 	gefunden: Application.InstallTab (A)
C:\Users\Hartmut\AppData\Roaming\completescan 	gefunden: Rogue.Win32.TPoint (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\FLVTUBEPLAYER.EXE 	gefunden: Adware.Win32.FlashPlay (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	gefunden: Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} 	gefunden: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\YAHOOPARTNERTOOLBAR 	gefunden: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} 	gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32 	gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS 	gefunden: Application.Win32.InstallExt (A)
C:\Program Files\002\fpvoixdaog32.exe 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\DpInterface32.dll 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SearchProtect32.dll 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SearchProtect64.dll 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SpAPPSv64.dll 	gefunden: Adware.Generic.958938 (B)
C:\Program Files\SupTab\SupTab.dll 	gefunden: Adware.Agent.OFO (B)
C:\Users\Hartmut\AppData\Local\ilvaaehj.exe 	gefunden: Gen:Variant.Adware.Symmi.11285 (B)
C:\Users\Hartmut\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe 	gefunden: Application.Win32.InstallMon (A)
C:\Users\Hartmut\AppData\Local\Temp\nsbFA69.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsc1202.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsm1721.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsrDA4C.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nswD5D8.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\PreExe_ID_13667.exe 	gefunden: Application.Win32.AdLoad (A)
C:\Users\Hartmut\AppData\Local\Temp\UpdateCheckerSetup.exe 	gefunden: Application.Win32.InstallAd (A)
C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}\chrome\content\overlay.xul 	gefunden: Trojan.JS.Redirector.LE (B)
C:\Users\Public\Documents\Patrick\Downloads\Downloads\FlashPlayer__4587_i810617247_il7939.exe 	gefunden: Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\Users\Public\Documents\Patrick\Downloads\Downloads\Groovestream.exe 	gefunden: Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)

Gescannt	379195
Gefunden	80

Scan Ende:	16.09.2014 19:20:50
Scan Zeit:	3:38:28

C:\Users\Public\Documents\Patrick\Downloads\Downloads\Groovestream.exe	Quarantäne Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)
C:\Users\Public\Documents\Patrick\Downloads\Downloads\FlashPlayer__4587_i810617247_il7939.exe	Quarantäne Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}\chrome\content\overlay.xul	Quarantäne Trojan.JS.Redirector.LE (B)
C:\Users\Hartmut\AppData\Local\Temp\UpdateCheckerSetup.exe	Quarantäne Application.Win32.InstallAd (A)
C:\Users\Hartmut\AppData\Local\Temp\PreExe_ID_13667.exe	Quarantäne Application.Win32.AdLoad (A)
C:\Users\Hartmut\AppData\Local\Temp\nswD5D8.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsrDA4C.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsm1721.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsc1202.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsbFA69.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe	Quarantäne Application.Win32.InstallMon (A)
C:\Program Files\SupTab\SpAPPSv64.dll	Quarantäne Adware.Generic.958938 (B)
C:\Program Files\SupTab\SearchProtect64.dll	Quarantäne Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SearchProtect32.dll	Quarantäne Application.Win32.InstallAd (A)
C:\Program Files\002\fpvoixdaog32.exe	Quarantäne Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS	Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32	Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}	Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\YAHOOPARTNERTOOLBAR	Quarantäne Application.Win32.YTool (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}	Quarantäne Application.Win32.WSearch (A)
Value: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR	Quarantäne Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR	Quarantäne Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\FLVTUBEPLAYER.EXE	Quarantäne Adware.Win32.FlashPlay (A)
C:\Users\Hartmut\AppData\Roaming\completescan	Quarantäne Rogue.Win32.TPoint (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP	Quarantäne Application.InstallTab (A)
C:\ProgramData\IePluginServices	Quarantäne Application.AdPlug (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\TUTOTAG	Quarantäne Adware.Win32.Ozore (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}	Quarantäne Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}	Quarantäne Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}	Quarantäne Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WPM	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WEBSSEARCHESSOFTWARE	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB	Quarantäne Application.AdShort (A)
C:\Users\Hartmut\AppData\Roaming\SupTab	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MYPC BACKUP	Quarantäne Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MYPC BACKUP	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\IMINENT	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\SOFTONIC	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\IMINENT	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK	Quarantäne Application.AdServ (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}	Quarantäne Application.AdReg (A)
C:\Program Files\software4u	Quarantäne Application.AppInstall (A)
C:\ProgramData\partner	Quarantäne Application.AppInstall (A)
C:\ProgramData\iminent	Quarantäne Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\software4u	Quarantäne Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\dvdvideosoftiehelpers	Quarantäne Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mypc backup	Quarantäne Application.AdStart (A)
C:\Users\Hartmut\AppData\Local\Temp\APN-Stub	Quarantäne Application.Win32.WebToolbar (A)

Quarantäne	66
         
2. Scan mit Malwarebytes.

Leider habe ich gerade das Logfile nicht zur Hand.

3.Scan mit F-Secure Rettungsdisk

Hier wurde nichts gefunden.

4.Scan mit Adware und Bereinigung

Das Browser Hijacking ist verschwunden

5. FRST:

Hier die beiden Logfiles:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Hartmut (administrator) on PATRICKTINA on 17-09-2014 16:37:17
Running from C:\Users\Hartmut\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.)
HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilvaaehj.lnk
ShortcutTarget: ilvaaehj.lnk -> C:\Users\Hartmut\AppData\Local\ilvaaehj.exe (No File)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.123.60

FireFox:
========
FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-23]
FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17]
FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}
FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider)
S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH)
S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO)
R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed]
S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed]
R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed]
S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] ()
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 a6p4ii14; C:\windows\system32\Drivers\a6p4ii14.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 16:37 - 2014-09-17 16:38 - 00021470 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-17 16:37 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:23 - 2014-09-17 16:29 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 12:19 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-18 17:52 - 2014-08-18 17:52 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Wondershare
2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2014-08-18 17:37 - 2014-08-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-08-18 17:36 - 2014-08-18 17:37 - 00000000 ___HD () C:\Program Files\DrFoneAndroid_Temp
2014-08-18 17:36 - 2014-08-18 17:37 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Wondershare
2014-08-18 17:36 - 2014-08-18 17:36 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-18 17:33 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-18 17:18 - 2014-08-18 17:18 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2014-08-18 17:16 - 2014-08-18 17:16 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Android
2014-08-18 16:56 - 2014-08-18 17:02 - 00000000 ____D () C:\Program Files\Recuva
2014-08-18 16:56 - 2014-08-18 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-08-18 16:30 - 2014-08-18 16:30 - 00000000 ____D () C:\Program Files\Spirent Communications
2014-08-18 15:55 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-18 15:55 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-18 15:55 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-18 15:55 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 16:38 - 2014-09-17 16:37 - 00021470 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-17 16:38 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 16:38 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 16:37 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:34 - 2009-12-05 04:40 - 01847762 _____ () C:\windows\WindowsUpdate.log
2014-09-17 16:31 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-17 16:31 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub
2014-09-17 16:31 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-09-17 16:30 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 16:30 - 2011-02-22 21:38 - 00135547 _____ () C:\windows\setupact.log
2014-09-17 16:30 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-09-17 16:30 - 2009-12-05 05:19 - 01041244 _____ () C:\windows\PFRO.log
2014-09-17 16:30 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-17 16:29 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew
2014-09-17 12:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 12:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 12:19 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore
2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-13 13:02 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-13 13:02 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-09-09 19:31 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps
2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina
2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\tmp
2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\hps
2014-08-19 20:56 - 2013-10-08 14:52 - 00001120 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2014-08-19 20:56 - 2013-10-08 14:52 - 00001105 _____ () C:\Users\Public\Desktop\dm-Fotowelt.lnk
2014-08-19 19:39 - 2014-09-13 13:17 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-13 13:17 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-13 13:17 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-13 13:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-13 13:17 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-13 13:17 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-13 13:17 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-13 13:17 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-13 13:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-13 13:17 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-13 13:17 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-13 13:17 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-13 13:17 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-13 13:17 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-13 13:17 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-13 13:17 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-13 13:17 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-13 13:17 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-13 13:17 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-13 13:17 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-13 13:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-13 13:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-13 13:17 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-13 13:17 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-13 13:17 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-13 13:17 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-13 13:17 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-13 13:17 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-13 13:17 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-13 13:17 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-18 17:52 - 2014-08-18 17:52 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2014-08-18 17:41 - 2014-01-04 12:16 - 00000000 ____D () C:\Users\Hartmut\.android
2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Wondershare
2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2014-08-18 17:37 - 2014-08-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-08-18 17:37 - 2014-08-18 17:36 - 00000000 ___HD () C:\Program Files\DrFoneAndroid_Temp
2014-08-18 17:37 - 2014-08-18 17:36 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Wondershare
2014-08-18 17:36 - 2014-08-18 17:36 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-18 17:35 - 2014-08-18 17:33 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-18 17:18 - 2014-08-18 17:18 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2014-08-18 17:16 - 2014-08-18 17:16 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Android
2014-08-18 17:02 - 2014-08-18 16:56 - 00000000 ____D () C:\Program Files\Recuva
2014-08-18 16:56 - 2014-08-18 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-08-18 16:45 - 2010-01-31 18:39 - 00088320 _____ () C:\Users\Hartmut\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 16:35 - 2014-01-04 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-08-18 16:34 - 2010-02-11 19:13 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-08-18 16:31 - 2009-12-05 04:44 - 00064962 _____ () C:\windows\DPINST.LOG
2014-08-18 16:30 - 2014-08-18 16:30 - 00000000 ____D () C:\Program Files\Spirent Communications
2014-08-18 16:30 - 2014-01-04 12:16 - 00000000 ____D () C:\Program Files\HTC
2014-08-18 16:28 - 2011-02-20 21:12 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Downloaded Installations

Files to move or delete:
====================
C:\windows\temp\DFI-0833TN.exe


Some content of TEMP:
====================
C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe
C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll
C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\f.exe
C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe
C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe
C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe
C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 20:11

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Hartmut at 2014-09-17 16:38:51
Running from C:\Users\Hartmut\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ArcSoft MediaConverter 3 (HKLM\...\{EE27AA87-8593-4B8A-A595-29E289C5520F}) (Version: 3.1.8.81 - ArcSoft)
ArcSoft Panorama Maker 4 (HKLM\...\{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}) (Version: 4.5.0.112 - ArcSoft)
ArcSoft Photo Book Screen Saver (HKLM\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version:  - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM\...\{F03EC055-F34E-4F6B-A684-8A370E11A304}) (Version: 3.0.255.500 - ArcSoft)
ArcSoft RAW Thumbnail Viewer (HKLM\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM\...\{363188E4-1A27-4DE6-BA48-823D2E205385}) (Version: 1.1.0.17 - ArcSoft)
ArcSoft Video Downloader (HKLM\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
BUFFALO LinkStation(LS-CHL) Setup Guide (HKLM\...\UN090415) (Version:  - )
BUFFALO NAS Navigator2 (HKLM\...\UN060501) (Version:  - )
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MG6200 series Benutzerregistrierung (HKLM\...\Canon MG6200 series Benutzerregistrierung) (Version:  - )
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version:  - )
Canon MG6200 series On-screen Manual (HKLM\...\Canon MG6200 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3304 - CyberLink Corp.) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version:  - )
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 3.2.0.0 - devolo AG)
dLAN Cockpit (Version: 3.2.28 - devolo AG) Hidden
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DVAPTray (HKLM\...\{30D1B542-44E0-44F0-8A31-2A101CB626B5}) (Version: 2.3.2.31 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A5675A9E-F073-414A-9A04-F9BCD50459D7}) (Version: 4.2.6 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Emsisoft HiJackFree 4.5 (HKLM\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
Genesis (HKCU\...\ilvaaehj) (Version:  - ) <==== ATTENTION
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
iCare Data Recovery Standard (HKLM\...\{F110DF75-A7A2-4641-A569-8D15F7AC7087}_is1) (Version: 6.0 - iCare Recovery)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{ea46649a-0ad3-47e6-8e81-ee599ce55b3b}) (Version:  - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.12.100 - Nero AG) Hidden
Nero Disc Copy Gadget (Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero PhotoSnap (Version: 2.4.28.0 - Nero AG) Hidden
Nero Recode (Version: 4.4.38.1 - Nero AG) Hidden
Nero Rescue Agent (Version: 2.4.14.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.21.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.19.100 - Nero AG) Hidden
Nero Vision (Version: 6.4.16.100 - Nero AG) Hidden
Nero WaveEditor (Version: 5.4.37.1 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.26.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.26.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundTrax (Version: 4.4.37.1 - Nero AG) Hidden
Stellar Phoenix Photo Recovery (HKLM\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.9895 - TeamViewer GmbH)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 4.8.0.135) (HKLM\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.0.135 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

13-09-2014 09:35:51 Windows Update
17-09-2014 05:38:09 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {203A0F5F-3436-462D-A70E-2898EE779A1D} - System32\Tasks\{3FDE1250-FCE9-479F-8E09-F3B709E73AA4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsMain
Task: {2D577A20-059C-43FE-B6C0-1FB82EC956F8} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {48A6287D-9267-44E7-99FD-21FCA0982FF8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {4C14D940-64FD-4462-B964-2371058E5BE0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {57678265-526C-442F-AF80-DC7E2EB0CEEF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: {6700FBE9-7BE9-4262-B6B6-DE9D03166726} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {88A49655-48B3-4C5D-8CD2-9B43A4A79D2F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {8D4D5684-8FAB-4077-95EB-C9C0BBB68E80} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {9A171F4D-432A-42AF-A3CC-EBCB4A1C5430} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {9AFF92F3-6909-4FE1-83FE-1D9E9E6015F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {9E874946-B293-4597-B515-99F274BAF2DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {AC5777FD-2872-4C74-BB5E-883113CCDDE5} - System32\Tasks\{4B44AE94-0578-406A-B88B-9BBE0D4FA6FC} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {CC0D875C-93E1-46F8-B7B7-80E0B3BCFA41} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2014-08-06 13:40 - 2014-08-06 13:40 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 13:44 - 2014-08-06 13:44 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 13:46 - 2014-08-06 13:46 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2012-06-25 13:31 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2009-12-05 04:45 - 2010-04-20 14:26 - 00300912 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
2009-12-05 04:45 - 2010-04-16 14:11 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
2009-12-05 04:54 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2009-12-05 04:50 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-23 22:52 - 2014-07-23 22:52 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-27 10:35 - 2014-08-27 10:35 - 17048240 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2014 07:38:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Computer Backup (MyPC Backup) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/17/2014 00:32:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/17/2014 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2014 08:14:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2014 08:11:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/09/2014 07:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d26078
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000fcf32
ID des fehlerhaften Prozesses: 0x18a0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3


System errors:
=============
Error: (09/17/2014 04:31:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/17/2014 04:31:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01
sfsync02

Error: (09/17/2014 04:30:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (09/17/2014 04:30:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (09/17/2014 04:30:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (09/17/2014 04:30:18 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01.sys konnte nicht geladen werden.

Error: (09/17/2014 04:30:17 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.

Error: (09/17/2014 04:17:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01
sfsync02

Error: (09/17/2014 04:17:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/17/2014 04:17:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/17/2014 07:38:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Computer Backup (MyPC Backup) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (09/17/2014 00:32:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe

Error: (09/17/2014 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe

Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (09/16/2014 08:14:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe

Error: (09/16/2014 08:11:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe

Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (09/09/2014 07:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1723953d22946MSHTML.dll11.0.9600.1723953d26078c0000005000fcf3218a001cfcc53b7ef389fC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll0b79d4f0-3847-11e4-a75d-002454583452


CodeIntegrity Errors:
===================================
  Date: 2014-09-17 00:32:24.060
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.057
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.034
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.030
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:23.992
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:23.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:23.985
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:23.975
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 43%
Total physical RAM: 3032.61 MB
Available physical RAM: 1707.39 MB
Total Pagefile: 6061.45 MB
Available Pagefile: 4370.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.73 MB

==================== Drives ================================

Drive c: (Windows/Programme) (Fixed) (Total:130.17 GB) (Free:36.82 GB) NTFS
Drive d: (Fotos und Bilder) (Fixed) (Total:152.82 GB) (Free:67.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 0E0EF5DF)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=130.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=152.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Ich glaube ich habe noch nicht alles erwischt, vor allem passiert folgendes, wenn ich das Notebook an unsere Netzwerk stöpsle: Andere PC´s melden über die Firewall einen Eindringversuch, der geblockt wird.
Ich habe auch in Erwägung gezogen, den Rechner platt zu machen und frisch aufzusetzen, falls die Reinigung nicht erfolgreich ist.

Vielen Dank.

Jürgen

Geändert von MotoG (17.09.2014 um 20:04 Uhr) Grund: Detail vergessen

Alt 17.09.2014, 20:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Hi,

du klemmst diesen PC ans Netzwerk und andere PC im gleichen Netz melden dann Eindringversuche?


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 18.09.2014, 12:09   #3
MotoG
 
Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Hallo Schrauber,

vielen Dank für Deine Unterstützung.
Das mit der Firewallmeldung könnte auch ein Tool von Buffalo sein, das da schaut, ob eine NAS da ist.

TDSSKiller hat nichts gefunden. Das Logfile:

Code:
ATTFilter
07:25:06.0357 0x102c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
07:25:11.0374 0x102c  ============================================================
07:25:11.0374 0x102c  Current date / time: 2014/09/18 07:25:11.0374
07:25:11.0375 0x102c  SystemInfo:
07:25:11.0375 0x102c  
07:25:11.0375 0x102c  OS Version: 6.1.7601 ServicePack: 1.0
07:25:11.0375 0x102c  Product type: Workstation
07:25:11.0375 0x102c  ComputerName: PATRICKTINA
07:25:11.0376 0x102c  UserName: Hartmut
07:25:11.0376 0x102c  Windows directory: C:\windows
07:25:11.0376 0x102c  System windows directory: C:\windows
07:25:11.0376 0x102c  Processor architecture: Intel x86
07:25:11.0376 0x102c  Number of processors: 2
07:25:11.0376 0x102c  Page size: 0x1000
07:25:11.0376 0x102c  Boot type: Normal boot
07:25:11.0376 0x102c  ============================================================
07:25:12.0164 0x102c  KLMD registered as C:\windows\system32\drivers\26586430.sys
07:25:13.0016 0x102c  System UUID: {B5947FF5-B7C1-918B-D5D2-B4DEE35140F0}
07:25:13.0785 0x102c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:25:13.0788 0x102c  Drive \Device\Harddisk1\DR1 - Size: 0x3BC400000 ( 14.94 Gb ), SectorSize: 0x200, Cylinders: 0x79E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:25:13.0789 0x102c  ============================================================
07:25:13.0789 0x102c  \Device\Harddisk0\DR0:
07:25:13.0789 0x102c  MBR partitions:
07:25:13.0789 0x102c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
07:25:13.0789 0x102c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x10459800
07:25:13.0789 0x102c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1228C000, BlocksNum 0x131A2000
07:25:13.0789 0x102c  \Device\Harddisk1\DR1:
07:25:13.0789 0x102c  MBR partitions:
07:25:13.0789 0x102c  ============================================================
07:25:13.0830 0x102c  C: <-> \Device\Harddisk0\DR0\Partition2
07:25:13.0905 0x102c  D: <-> \Device\Harddisk0\DR0\Partition3
07:25:13.0905 0x102c  ============================================================
07:25:13.0905 0x102c  Initialize success
07:25:13.0905 0x102c  ============================================================
07:28:16.0864 0x1780  ============================================================
07:28:16.0864 0x1780  Scan started
07:28:16.0864 0x1780  Mode: Manual; SigCheck; TDLFS; 
07:28:16.0864 0x1780  ============================================================
07:28:16.0864 0x1780  KSN ping started
07:28:22.0920 0x1780  KSN ping finished: true
07:28:23.0663 0x1780  ================ Scan system memory ========================
07:28:23.0663 0x1780  System memory - ok
07:28:23.0664 0x1780  ================ Scan services =============================
07:28:23.0905 0x1780  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
07:28:24.0038 0x1780  1394ohci - ok
07:28:24.0144 0x1780  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
07:28:24.0191 0x1780  ACDaemon - ok
07:28:24.0244 0x1780  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
07:28:24.0268 0x1780  ACPI - ok
07:28:24.0314 0x1780  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
07:28:24.0367 0x1780  AcpiPmi - ok
07:28:24.0503 0x1780  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:28:24.0535 0x1780  AdobeARMservice - ok
07:28:24.0643 0x1780  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:28:24.0673 0x1780  AdobeFlashPlayerUpdateSvc - ok
07:28:24.0734 0x1780  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
07:28:24.0772 0x1780  adp94xx - ok
07:28:24.0798 0x1780  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
07:28:24.0823 0x1780  adpahci - ok
07:28:24.0844 0x1780  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
07:28:24.0865 0x1780  adpu320 - ok
07:28:24.0912 0x1780  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
07:28:24.0971 0x1780  AeLookupSvc - ok
07:28:24.0998 0x1780  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc             C:\windows\system32\drivers\Afc.sys
07:28:25.0015 0x1780  Afc - ok
07:28:25.0076 0x1780  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\windows\system32\drivers\afd.sys
07:28:25.0135 0x1780  AFD - ok
07:28:25.0182 0x1780  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
07:28:25.0210 0x1780  agp440 - ok
07:28:25.0238 0x1780  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
07:28:25.0259 0x1780  aic78xx - ok
07:28:25.0305 0x1780  [ 5604B131100881E0B8E40FE85454189B, DFAD5ACAF4D86E70A903EFD1B9B129AE63C1C5061AA5689F819DDD2FBC3F3004 ] AirDisplay      C:\windows\system32\DRIVERS\AVVideoCard.sys
07:28:25.0353 0x1780  AirDisplay - ok
07:28:25.0377 0x1780  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\windows\System32\alg.exe
07:28:25.0421 0x1780  ALG - ok
07:28:25.0455 0x1780  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
07:28:25.0473 0x1780  aliide - ok
07:28:25.0493 0x1780  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
07:28:25.0513 0x1780  amdagp - ok
07:28:25.0524 0x1780  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
07:28:25.0542 0x1780  amdide - ok
07:28:25.0570 0x1780  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
07:28:25.0604 0x1780  AmdK8 - ok
07:28:25.0658 0x1780  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
07:28:25.0711 0x1780  AmdPPM - ok
07:28:25.0754 0x1780  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\windows\system32\drivers\amdsata.sys
07:28:25.0774 0x1780  amdsata - ok
07:28:25.0792 0x1780  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
07:28:25.0814 0x1780  amdsbs - ok
07:28:25.0838 0x1780  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\windows\system32\drivers\amdxata.sys
07:28:25.0857 0x1780  amdxata - ok
07:28:25.0901 0x1780  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\windows\system32\drivers\appid.sys
07:28:25.0962 0x1780  AppID - ok
07:28:26.0013 0x1780  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\windows\System32\appidsvc.dll
07:28:26.0075 0x1780  AppIDSvc - ok
07:28:26.0124 0x1780  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\windows\System32\appinfo.dll
07:28:26.0164 0x1780  Appinfo - ok
07:28:26.0190 0x1780  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\windows\system32\DRIVERS\arc.sys
07:28:26.0210 0x1780  arc - ok
07:28:26.0238 0x1780  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
07:28:26.0257 0x1780  arcsas - ok
07:28:26.0407 0x1780  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:28:26.0436 0x1780  aspnet_state - ok
07:28:26.0456 0x1780  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
07:28:26.0504 0x1780  AsyncMac - ok
07:28:26.0543 0x1780  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\windows\system32\drivers\atapi.sys
07:28:26.0561 0x1780  atapi - ok
07:28:26.0711 0x1780  [ EE32C0A39B6D3D0834C4D46D8C45E1D0, 439088EBF92D86BE05E3CB106E3208DFD1583F7E81DC120021EB36F564F2A91C ] athr            C:\windows\system32\DRIVERS\athr.sys
07:28:26.0787 0x1780  athr - ok
07:28:26.0844 0x1780  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
07:28:26.0891 0x1780  AudioEndpointBuilder - ok
07:28:26.0909 0x1780  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\windows\System32\Audiosrv.dll
07:28:26.0954 0x1780  Audiosrv - ok
07:28:27.0060 0x1780  [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
07:28:27.0097 0x1780  AVP - ok
07:28:27.0137 0x1780  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
07:28:27.0225 0x1780  AxInstSV - ok
07:28:27.0273 0x1780  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
07:28:27.0315 0x1780  b06bdrv - ok
07:28:27.0347 0x1780  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
07:28:27.0394 0x1780  b57nd60x - ok
07:28:27.0431 0x1780  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
07:28:27.0469 0x1780  BDESVC - ok
07:28:27.0498 0x1780  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
07:28:27.0544 0x1780  Beep - ok
07:28:27.0619 0x1780  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\windows\System32\bfe.dll
07:28:27.0719 0x1780  BFE - ok
07:28:27.0785 0x1780  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\System32\qmgr.dll
07:28:27.0856 0x1780  BITS - ok
07:28:27.0878 0x1780  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
07:28:27.0915 0x1780  blbdrive - ok
07:28:27.0963 0x1780  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
07:28:28.0009 0x1780  bowser - ok
07:28:28.0043 0x1780  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
07:28:28.0084 0x1780  BrFiltLo - ok
07:28:28.0109 0x1780  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
07:28:28.0170 0x1780  BrFiltUp - ok
07:28:28.0208 0x1780  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\windows\System32\browser.dll
07:28:28.0285 0x1780  Browser - ok
07:28:28.0317 0x1780  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\windows\System32\Drivers\Brserid.sys
07:28:28.0384 0x1780  Brserid - ok
07:28:28.0402 0x1780  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
07:28:28.0440 0x1780  BrSerWdm - ok
07:28:28.0467 0x1780  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
07:28:28.0499 0x1780  BrUsbMdm - ok
07:28:28.0514 0x1780  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
07:28:28.0561 0x1780  BrUsbSer - ok
07:28:28.0588 0x1780  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
07:28:28.0623 0x1780  BTHMODEM - ok
07:28:28.0688 0x1780  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\windows\system32\bthserv.dll
07:28:28.0742 0x1780  bthserv - ok
07:28:28.0764 0x1780  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
07:28:28.0815 0x1780  cdfs - ok
07:28:28.0875 0x1780  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
07:28:28.0918 0x1780  cdrom - ok
07:28:28.0957 0x1780  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\windows\System32\certprop.dll
07:28:29.0023 0x1780  CertPropSvc - ok
07:28:29.0069 0x1780  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
07:28:29.0137 0x1780  circlass - ok
07:28:29.0259 0x1780  [ DBC8CDAFC84E96E894C3BAAED9B30F47, A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp        C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys
07:28:29.0321 0x1780  cleanhlp - ok
07:28:29.0352 0x1780  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\windows\system32\CLFS.sys
07:28:29.0376 0x1780  CLFS - ok
07:28:29.0429 0x1780  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:28:29.0449 0x1780  clr_optimization_v2.0.50727_32 - ok
07:28:29.0534 0x1780  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:28:29.0560 0x1780  clr_optimization_v4.0.30319_32 - ok
07:28:29.0575 0x1780  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
07:28:29.0610 0x1780  CmBatt - ok
07:28:29.0668 0x1780  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
07:28:29.0686 0x1780  cmdide - ok
07:28:29.0746 0x1780  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\windows\system32\Drivers\cng.sys
07:28:29.0788 0x1780  CNG - ok
07:28:29.0820 0x1780  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
07:28:29.0838 0x1780  Compbatt - ok
07:28:29.0912 0x1780  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
07:28:29.0953 0x1780  CompositeBus - ok
07:28:29.0959 0x1780  COMSysApp - ok
07:28:29.0987 0x1780  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
07:28:30.0005 0x1780  crcdisk - ok
07:28:30.0045 0x1780  [ C914D18AB66B132E9C73F19F8F805F1F, EA62EBD030587653F65403EE272D04E47392AB9DF6F33D8B9ECE0A105A6AB328 ] CryptOSD        C:\windows\system32\DRIVERS\CryptOSD.sys
07:28:30.0077 0x1780  CryptOSD - ok
07:28:30.0130 0x1780  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\windows\system32\cryptsvc.dll
07:28:30.0203 0x1780  CryptSvc - ok
07:28:30.0275 0x1780  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\windows\system32\rpcss.dll
07:28:30.0332 0x1780  DcomLaunch - ok
07:28:30.0365 0x1780  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\windows\System32\defragsvc.dll
07:28:30.0417 0x1780  defragsvc - ok
07:28:30.0618 0x1780  [ 141673E69CFDCF0B1531616343223EE4, 7A4872FDC1A3570B44595C0B8C671C2EB15702A1DF652BF91A4BCFF8FD446025 ] DevoloNetworkService C:\Program Files\devolo\dlan\devolonetsvc.exe
07:28:30.0802 0x1780  DevoloNetworkService - ok
07:28:30.0843 0x1780  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
07:28:30.0891 0x1780  DfsC - ok
07:28:30.0938 0x1780  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
07:28:31.0007 0x1780  Dhcp - ok
07:28:31.0034 0x1780  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
07:28:31.0090 0x1780  discache - ok
07:28:31.0111 0x1780  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\windows\system32\DRIVERS\disk.sys
07:28:31.0130 0x1780  Disk - ok
07:28:31.0174 0x1780  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
07:28:31.0231 0x1780  Dnscache - ok
07:28:31.0274 0x1780  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\windows\System32\dot3svc.dll
07:28:31.0330 0x1780  dot3svc - ok
07:28:31.0371 0x1780  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\windows\system32\dps.dll
07:28:31.0432 0x1780  DPS - ok
07:28:31.0480 0x1780  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
07:28:31.0518 0x1780  drmkaud - ok
07:28:31.0595 0x1780  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
07:28:31.0634 0x1780  DXGKrnl - ok
07:28:31.0693 0x1780  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\windows\System32\eapsvc.dll
07:28:31.0746 0x1780  EapHost - ok
07:28:31.0908 0x1780  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
07:28:32.0098 0x1780  ebdrv - ok
07:28:32.0140 0x1780  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\windows\System32\lsass.exe
07:28:32.0199 0x1780  EFS - ok
07:28:32.0303 0x1780  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\windows\ehome\ehRecvr.exe
07:28:32.0396 0x1780  ehRecvr - ok
07:28:32.0423 0x1780  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\windows\ehome\ehsched.exe
07:28:32.0479 0x1780  ehSched - ok
07:28:32.0530 0x1780  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
07:28:32.0560 0x1780  elxstor - ok
07:28:32.0579 0x1780  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
07:28:32.0615 0x1780  ErrDev - ok
07:28:32.0683 0x1780  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\windows\system32\es.dll
07:28:32.0747 0x1780  EventSystem - ok
07:28:32.0774 0x1780  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\windows\system32\drivers\exfat.sys
07:28:32.0832 0x1780  exfat - ok
07:28:32.0861 0x1780  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\windows\system32\drivers\fastfat.sys
07:28:32.0917 0x1780  fastfat - ok
07:28:32.0964 0x1780  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\windows\system32\fxssvc.exe
07:28:33.0031 0x1780  Fax - ok
07:28:33.0055 0x1780  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
07:28:33.0076 0x1780  fdc - ok
07:28:33.0101 0x1780  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\windows\system32\fdPHost.dll
07:28:33.0148 0x1780  fdPHost - ok
07:28:33.0172 0x1780  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
07:28:33.0222 0x1780  FDResPub - ok
07:28:33.0262 0x1780  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
07:28:33.0281 0x1780  FileInfo - ok
07:28:33.0297 0x1780  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
07:28:33.0345 0x1780  Filetrace - ok
07:28:33.0366 0x1780  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
07:28:33.0397 0x1780  flpydisk - ok
07:28:33.0421 0x1780  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
07:28:33.0444 0x1780  FltMgr - ok
07:28:33.0536 0x1780  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\windows\system32\FntCache.dll
07:28:33.0640 0x1780  FontCache - ok
07:28:33.0699 0x1780  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:28:33.0725 0x1780  FontCache3.0.0.0 - ok
07:28:33.0768 0x1780  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
07:28:33.0786 0x1780  FsDepends - ok
07:28:33.0817 0x1780  [ B74B0578FD1D3F897E95F2A2B69EA051, 64FCA8452CB37D55679AC8BEF221D6BA1D91E50680D37FFCFB81619ADAA5889C ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
07:28:33.0833 0x1780  fssfltr - ok
07:28:33.0928 0x1780  [ 206AD9A89BF05DFA1621F1FC7B82592D, EAEE557535D865232237898858F5AE35F868065A1F79BBB48A2173124E2B6F63 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
07:28:33.0977 0x1780  fsssvc - ok
07:28:34.0015 0x1780  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
07:28:34.0034 0x1780  Fs_Rec - ok
07:28:34.0105 0x1780  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
07:28:34.0147 0x1780  fvevol - ok
07:28:34.0182 0x1780  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
07:28:34.0201 0x1780  gagp30kx - ok
07:28:34.0260 0x1780  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:28:34.0275 0x1780  GEARAspiWDM - ok
07:28:34.0430 0x1780  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\windows\System32\gpsvc.dll
07:28:34.0502 0x1780  gpsvc - ok
07:28:34.0655 0x1780  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
07:28:34.0683 0x1780  gupdate - ok
07:28:34.0691 0x1780  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
07:28:34.0706 0x1780  gupdatem - ok
07:28:34.0743 0x1780  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
07:28:34.0792 0x1780  hcw85cir - ok
07:28:34.0857 0x1780  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
07:28:34.0906 0x1780  HdAudAddService - ok
07:28:34.0942 0x1780  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
07:28:34.0977 0x1780  HDAudBus - ok
07:28:35.0002 0x1780  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
07:28:35.0035 0x1780  HidBatt - ok
07:28:35.0055 0x1780  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
07:28:35.0089 0x1780  HidBth - ok
07:28:35.0108 0x1780  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
07:28:35.0130 0x1780  HidIr - ok
07:28:35.0164 0x1780  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\windows\system32\hidserv.dll
07:28:35.0222 0x1780  hidserv - ok
07:28:35.0266 0x1780  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
07:28:35.0309 0x1780  HidUsb - ok
07:28:35.0362 0x1780  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
07:28:35.0434 0x1780  hkmsvc - ok
07:28:35.0471 0x1780  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
07:28:35.0547 0x1780  HomeGroupListener - ok
07:28:35.0601 0x1780  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
07:28:35.0686 0x1780  HomeGroupProvider - ok
07:28:35.0713 0x1780  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
07:28:35.0732 0x1780  HpSAMD - ok
07:28:35.0788 0x1780  [ 950CC1E6AE3A6CD23E0945CDE089B02C, C242AE9F21FE7FBC269BD11BDD3346936626DA15596561B527EF20CFAEF77055 ] HTCAND32        C:\windows\system32\Drivers\ANDROIDUSB.sys
07:28:35.0826 0x1780  HTCAND32 - ok
07:28:35.0952 0x1780  [ 5C8BC8A28798FD010E7ABC4E0D588CAA, 622CAFD3DCBB05E15539589FDD4002DA6F24790FC55BDF05AA3D043E8A34E53E ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
07:28:35.0968 0x1780  HTCMonitorService - ok
07:28:35.0983 0x1780  [ 339ADEFAD60353F960E3CA67CE468C24, AF0953ACBE2CA6466595A31349DBF96452DEF2633FD279E8F2B59A3767B89AFC ] htcnprot        C:\windows\system32\DRIVERS\htcnprot.sys
07:28:36.0029 0x1780  htcnprot - ok
07:28:36.0074 0x1780  [ 89E2296561FCE84AC9F34EE7243D78AC, 9643FB3A99EC94E3F2A6332970D0D68C77CA8AB3B4F688004EC0BFC2881D5A38 ] HtcVCom32       C:\windows\system32\DRIVERS\HtcVComV32.sys
07:28:36.0132 0x1780  HtcVCom32 - ok
07:28:36.0192 0x1780  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\windows\system32\drivers\HTTP.sys
07:28:36.0242 0x1780  HTTP - ok
07:28:36.0289 0x1780  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
07:28:36.0307 0x1780  hwpolicy - ok
07:28:36.0362 0x1780  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
07:28:36.0411 0x1780  i8042prt - ok
07:28:36.0467 0x1780  [ 0BAA4115DFFFD6A6D809A89D65E1281A, FE524C9AFD31780F9E05765A49FFEA7B5EB0C0C9C6222080B50032BB3643A21B ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
07:28:36.0490 0x1780  iaStor - ok
07:28:36.0530 0x1780  [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
07:28:36.0557 0x1780  iaStorV - ok
07:28:36.0640 0x1780  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:28:36.0685 0x1780  idsvc - ok
07:28:36.0751 0x1780  IEEtwCollectorService - ok
07:28:37.0120 0x1780  [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
07:28:37.0663 0x1780  igfx - ok
07:28:37.0725 0x1780  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
07:28:37.0744 0x1780  iirsp - ok
07:28:37.0887 0x1780  [ CE1EE31FFF730CA975A5535D8A71AF61, A1808EB92EC2444F9309C93F5724A7A374F4B983862829BF9B076C8D3B2427DE ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
07:28:37.0917 0x1780  IJPLMSVC - ok
07:28:37.0980 0x1780  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\windows\System32\ikeext.dll
07:28:38.0035 0x1780  IKEEXT - ok
07:28:38.0185 0x1780  [ 96282FBCE4534C9BF147CFFE9E1FA8DB, 91801002545FFF336A46A6D8B365491D2A21DD561DC8C7FA1EF6A1D9CFE1893C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
07:28:38.0343 0x1780  IntcAzAudAddService - ok
07:28:38.0387 0x1780  [ 264632ADE8127B7BAA2190CF6FAD435B, 5D558FEB9D25B271E0A29C7C20BCEE343E8370F8BE194E1AA505B692E799C2FF ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys
07:28:38.0428 0x1780  IntcHdmiAddService - ok
07:28:38.0446 0x1780  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
07:28:38.0464 0x1780  intelide - ok
07:28:38.0501 0x1780  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
07:28:38.0523 0x1780  intelppm - ok
07:28:38.0541 0x1780  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
07:28:38.0603 0x1780  IPBusEnum - ok
07:28:38.0657 0x1780  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
07:28:38.0720 0x1780  IpFilterDriver - ok
07:28:38.0784 0x1780  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
07:28:38.0850 0x1780  iphlpsvc - ok
07:28:38.0896 0x1780  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
07:28:38.0926 0x1780  IPMIDRV - ok
07:28:38.0956 0x1780  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
07:28:39.0010 0x1780  IPNAT - ok
07:28:39.0033 0x1780  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
07:28:39.0075 0x1780  IRENUM - ok
07:28:39.0095 0x1780  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
07:28:39.0114 0x1780  isapnp - ok
07:28:39.0164 0x1780  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
07:28:39.0196 0x1780  iScsiPrt - ok
07:28:39.0217 0x1780  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
07:28:39.0236 0x1780  kbdclass - ok
07:28:39.0296 0x1780  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
07:28:39.0351 0x1780  kbdhid - ok
07:28:39.0375 0x1780  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\windows\system32\lsass.exe
07:28:39.0394 0x1780  KeyIso - ok
07:28:39.0477 0x1780  [ 871C226234A48C24DFE7478F36C0050C, 657CAB49387E0E40311D4DEC93D9860B2DAC2C05F223698CFA2F9BB50B5F3022 ] kl1             C:\windows\system32\DRIVERS\kl1.sys
07:28:39.0509 0x1780  kl1 - ok
07:28:39.0558 0x1780  [ 7C731AA78B9FB5B197A4506B63D5A248, 5E96458A1097E84581EBE10CE4CB7F73949F3B6E99F96D405B040B6733488765 ] klflt           C:\windows\system32\DRIVERS\klflt.sys
07:28:39.0576 0x1780  klflt - ok
07:28:39.0693 0x1780  [ 72D91384E7E0A8F6C559AA87D81F4DE2, 7269B08DC25B2A7F285E005B9E52BDE5005D78A2B4ADE79F39B5174C0455AFB7 ] KLIF            C:\windows\system32\DRIVERS\klif.sys
07:28:39.0725 0x1780  KLIF - ok
07:28:39.0769 0x1780  [ 039FB019C92A16A54FE527D93B0CFB96, 080897B377511FD2439EB651086390CD72B822E8222C79AB0569FAFAA14BA0AE ] KLIM6           C:\windows\system32\DRIVERS\klim6.sys
07:28:39.0786 0x1780  KLIM6 - ok
07:28:39.0874 0x1780  [ CC0909694768C302B89CC040436ECABC, AA93530F8E15B45BC403364612B67A1537924A87BD762B89921C494666341AC6 ] klkbdflt        C:\windows\system32\DRIVERS\klkbdflt.sys
07:28:39.0901 0x1780  klkbdflt - ok
07:28:39.0954 0x1780  [ 035724BA6D5676B76FD3AFB66AB4F1E3, 81B30112B96DD3E7250420EEFF2ACECD424A2BE155E83C44434321CEA7DBE117 ] klmouflt        C:\windows\system32\DRIVERS\klmouflt.sys
07:28:39.0971 0x1780  klmouflt - ok
07:28:40.0001 0x1780  [ EB0D72D2844C57F5F146D7A15B04FBF9, 3DFEDA024AD5D54EEAF7D4411153CFA8AD95FCF217E09F2B7AFD2D91EE623BF2 ] klpd            C:\windows\system32\DRIVERS\klpd.sys
07:28:40.0018 0x1780  klpd - ok
07:28:40.0033 0x1780  [ 040A3BC4AF5A0430A1D9A758F076465E, D371BC29283AA645CF31D6EDB7D4562B7CF8D664D681B9033B948D71F4CC3EE6 ] kltdi           C:\windows\system32\DRIVERS\kltdi.sys
07:28:40.0051 0x1780  kltdi - ok
07:28:40.0108 0x1780  [ 4D19D96447E160A7E4B479037761BBC1, AD34C9C678030744ADD00B09A96C368167AA303DDC39BE74B1538E7AF8A82CB8 ] kneps           C:\windows\system32\DRIVERS\kneps.sys
07:28:40.0128 0x1780  kneps - ok
07:28:40.0170 0x1780  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
07:28:40.0189 0x1780  KSecDD - ok
07:28:40.0210 0x1780  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
07:28:40.0233 0x1780  KSecPkg - ok
07:28:40.0271 0x1780  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\windows\system32\msdtckrm.dll
07:28:40.0332 0x1780  KtmRm - ok
07:28:40.0362 0x1780  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\system32\srvsvc.dll
07:28:40.0416 0x1780  LanmanServer - ok
07:28:40.0455 0x1780  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
07:28:40.0492 0x1780  LanmanWorkstation - ok
07:28:40.0522 0x1780  [ DD83DC92463FCE6324FD30A13D17D0DA, 505AEFDD07DD17FD6D88478F0951CA1287F867669E7F078D8562657A13C32862 ] LHidFilt        C:\windows\system32\DRIVERS\LHidFilt.Sys
07:28:40.0539 0x1780  LHidFilt - ok
07:28:40.0576 0x1780  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
07:28:40.0630 0x1780  lltdio - ok
07:28:40.0699 0x1780  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\windows\System32\lltdsvc.dll
07:28:40.0748 0x1780  lltdsvc - ok
07:28:40.0760 0x1780  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\windows\System32\lmhsvc.dll
07:28:40.0808 0x1780  lmhosts - ok
07:28:40.0837 0x1780  [ 8FE0008E183FF0293A925B78A5581C5F, CA99379DD3C44F1522197B0FAA7F8E0EF4403C008701284BC3A7775E6E2BEDA7 ] LMouFilt        C:\windows\system32\DRIVERS\LMouFilt.Sys
07:28:40.0853 0x1780  LMouFilt - ok
07:28:40.0869 0x1780  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
07:28:40.0890 0x1780  LSI_FC - ok
07:28:40.0922 0x1780  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
07:28:40.0943 0x1780  LSI_SAS - ok
07:28:40.0958 0x1780  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
07:28:40.0978 0x1780  LSI_SAS2 - ok
07:28:40.0995 0x1780  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
07:28:41.0016 0x1780  LSI_SCSI - ok
07:28:41.0035 0x1780  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\windows\system32\drivers\luafv.sys
07:28:41.0093 0x1780  luafv - ok
07:28:41.0137 0x1780  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
07:28:41.0172 0x1780  Mcx2Svc - ok
07:28:41.0195 0x1780  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
07:28:41.0214 0x1780  megasas - ok
07:28:41.0242 0x1780  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
07:28:41.0268 0x1780  MegaSR - ok
07:28:41.0304 0x1780  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\windows\system32\mmcss.dll
07:28:41.0354 0x1780  MMCSS - ok
07:28:41.0384 0x1780  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\windows\system32\drivers\modem.sys
07:28:41.0424 0x1780  Modem - ok
07:28:41.0465 0x1780  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
07:28:41.0515 0x1780  monitor - ok
07:28:41.0539 0x1780  [ 111A023266532C621EE69AE96E47081E, D933340AF838D94F25C74F9D46A74DE3B45F29B896AFA49A03676BAB8CD400CF ] MonitorFunction C:\windows\system32\DRIVERS\TVMonitor.sys
07:28:41.0555 0x1780  MonitorFunction - ok
07:28:41.0590 0x1780  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
07:28:41.0609 0x1780  mouclass - ok
07:28:41.0652 0x1780  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
07:28:41.0699 0x1780  mouhid - ok
07:28:41.0739 0x1780  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
07:28:41.0759 0x1780  mountmgr - ok
07:28:41.0841 0x1780  [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:28:41.0874 0x1780  MozillaMaintenance - ok
07:28:41.0925 0x1780  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\windows\system32\drivers\mpio.sys
07:28:41.0957 0x1780  mpio - ok
07:28:41.0983 0x1780  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
07:28:42.0038 0x1780  mpsdrv - ok
07:28:42.0111 0x1780  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\windows\system32\mpssvc.dll
07:28:42.0189 0x1780  MpsSvc - ok
07:28:42.0244 0x1780  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
07:28:42.0292 0x1780  MRxDAV - ok
07:28:42.0349 0x1780  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
07:28:42.0407 0x1780  mrxsmb - ok
07:28:42.0473 0x1780  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
07:28:42.0553 0x1780  mrxsmb10 - ok
07:28:42.0606 0x1780  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
07:28:42.0667 0x1780  mrxsmb20 - ok
07:28:42.0702 0x1780  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\windows\system32\drivers\msahci.sys
07:28:42.0721 0x1780  msahci - ok
07:28:42.0744 0x1780  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\windows\system32\drivers\msdsm.sys
07:28:42.0765 0x1780  msdsm - ok
07:28:42.0783 0x1780  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\windows\System32\msdtc.exe
07:28:42.0837 0x1780  MSDTC - ok
07:28:42.0888 0x1780  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\windows\system32\drivers\Msfs.sys
07:28:42.0935 0x1780  Msfs - ok
07:28:42.0953 0x1780  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
07:28:42.0987 0x1780  mshidkmdf - ok
07:28:43.0021 0x1780  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
07:28:43.0039 0x1780  msisadrv - ok
07:28:43.0059 0x1780  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\windows\system32\iscsiexe.dll
07:28:43.0114 0x1780  MSiSCSI - ok
07:28:43.0120 0x1780  msiserver - ok
07:28:43.0141 0x1780  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
07:28:43.0176 0x1780  MSKSSRV - ok
07:28:43.0192 0x1780  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
07:28:43.0239 0x1780  MSPCLOCK - ok
07:28:43.0264 0x1780  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
07:28:43.0318 0x1780  MSPQM - ok
07:28:43.0355 0x1780  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
07:28:43.0389 0x1780  MsRPC - ok
07:28:43.0434 0x1780  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
07:28:43.0452 0x1780  mssmbios - ok
07:28:43.0472 0x1780  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
07:28:43.0508 0x1780  MSTEE - ok
07:28:43.0523 0x1780  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
07:28:43.0559 0x1780  MTConfig - ok
07:28:43.0579 0x1780  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\windows\system32\Drivers\mup.sys
07:28:43.0598 0x1780  Mup - ok
07:28:43.0664 0x1780  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\windows\system32\qagentRT.dll
07:28:43.0728 0x1780  napagent - ok
07:28:43.0817 0x1780  NasPmService - ok
07:28:43.0855 0x1780  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
07:28:43.0886 0x1780  NativeWifiP - ok
07:28:43.0958 0x1780  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\windows\system32\drivers\ndis.sys
07:28:43.0998 0x1780  NDIS - ok
07:28:44.0030 0x1780  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
07:28:44.0086 0x1780  NdisCap - ok
07:28:44.0108 0x1780  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
07:28:44.0162 0x1780  NdisTapi - ok
07:28:44.0195 0x1780  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
07:28:44.0243 0x1780  Ndisuio - ok
07:28:44.0285 0x1780  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
07:28:44.0336 0x1780  NdisWan - ok
07:28:44.0380 0x1780  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
07:28:44.0446 0x1780  NDProxy - ok
07:28:44.0558 0x1780  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
07:28:44.0600 0x1780  Nero BackItUp Scheduler 4.0 - ok
07:28:44.0647 0x1780  [ 1352E1648213551923A0A822E441553C, F9BCA299249D8E1ADF88F54554F72428E267E39911143F4C99DFF562F0EE4E70 ] Netaapl         C:\windows\system32\DRIVERS\netaapl.sys
07:28:44.0708 0x1780  Netaapl - detected UnsignedFile.Multi.Generic ( 1 )
07:28:47.0066 0x1780  Detect skipped due to KSN trusted
07:28:47.0066 0x1780  Netaapl - ok
07:28:47.0098 0x1780  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
07:28:47.0171 0x1780  NetBIOS - ok
07:28:47.0206 0x1780  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
07:28:47.0264 0x1780  NetBT - ok
07:28:47.0286 0x1780  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\windows\system32\lsass.exe
07:28:47.0308 0x1780  Netlogon - ok
07:28:47.0353 0x1780  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\windows\System32\netman.dll
07:28:47.0420 0x1780  Netman - ok
07:28:47.0465 0x1780  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:28:47.0496 0x1780  NetMsmqActivator - ok
07:28:47.0503 0x1780  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:28:47.0521 0x1780  NetPipeActivator - ok
07:28:47.0557 0x1780  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\windows\System32\netprofm.dll
07:28:47.0617 0x1780  netprofm - ok
07:28:47.0625 0x1780  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:28:47.0642 0x1780  NetTcpActivator - ok
07:28:47.0649 0x1780  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:28:47.0666 0x1780  NetTcpPortSharing - ok
07:28:47.0705 0x1780  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
07:28:47.0735 0x1780  nfrd960 - ok
07:28:47.0784 0x1780  [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc          C:\windows\System32\nlasvc.dll
07:28:47.0845 0x1780  NlaSvc - ok
07:28:47.0872 0x1780  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\windows\system32\drivers\Npfs.sys
07:28:47.0908 0x1780  Npfs - ok
07:28:47.0986 0x1780  [ 75AC610A7481CB1F343DC971249BCB19, F1DC7478F0219D88DEA5BAC95D11A6C3CA418D5BCB730EB0BC2D80247C39AC67 ] NPF_devolo      C:\windows\system32\drivers\npf_devolo.sys
07:28:48.0019 0x1780  NPF_devolo - detected UnsignedFile.Multi.Generic ( 1 )
07:28:50.0383 0x1780  Detect skipped due to KSN trusted
07:28:50.0383 0x1780  NPF_devolo - ok
07:28:50.0429 0x1780  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\windows\system32\nsisvc.dll
07:28:50.0479 0x1780  nsi - ok
07:28:50.0488 0x1780  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
07:28:50.0539 0x1780  nsiproxy - ok
07:28:50.0646 0x1780  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
07:28:50.0700 0x1780  Ntfs - ok
07:28:50.0740 0x1780  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\windows\system32\drivers\Null.sys
07:28:50.0793 0x1780  Null - ok
07:28:50.0840 0x1780  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\windows\system32\drivers\nvraid.sys
07:28:50.0860 0x1780  nvraid - ok
07:28:50.0882 0x1780  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\windows\system32\drivers\nvstor.sys
07:28:50.0903 0x1780  nvstor - ok
07:28:50.0922 0x1780  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
07:28:50.0943 0x1780  nv_agp - ok
07:28:50.0966 0x1780  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
07:28:51.0004 0x1780  ohci1394 - ok
07:28:51.0042 0x1780  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
07:28:51.0115 0x1780  p2pimsvc - ok
07:28:51.0155 0x1780  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\windows\system32\p2psvc.dll
07:28:51.0187 0x1780  p2psvc - ok
07:28:51.0214 0x1780  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\windows\system32\DRIVERS\parport.sys
07:28:51.0247 0x1780  Parport - ok
07:28:51.0270 0x1780  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\windows\system32\drivers\partmgr.sys
07:28:51.0290 0x1780  partmgr - ok
07:28:51.0317 0x1780  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
07:28:51.0359 0x1780  Parvdm - ok
07:28:51.0444 0x1780  [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
07:28:51.0462 0x1780  PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
07:28:53.0820 0x1780  Detect skipped due to KSN trusted
07:28:53.0820 0x1780  PassThru Service - ok
07:28:53.0851 0x1780  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\windows\System32\pcasvc.dll
07:28:53.0892 0x1780  PcaSvc - ok
07:28:53.0950 0x1780  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\windows\system32\drivers\pci.sys
07:28:53.0981 0x1780  pci - ok
07:28:54.0001 0x1780  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\windows\system32\drivers\pciide.sys
07:28:54.0019 0x1780  pciide - ok
07:28:54.0060 0x1780  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
07:28:54.0083 0x1780  pcmcia - ok
07:28:54.0102 0x1780  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\windows\system32\drivers\pcw.sys
07:28:54.0121 0x1780  pcw - ok
07:28:54.0161 0x1780  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
07:28:54.0249 0x1780  PEAUTH - ok
07:28:54.0430 0x1780  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\windows\system32\pla.dll
07:28:54.0570 0x1780  pla - ok
07:28:54.0642 0x1780  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\windows\system32\umpnpmgr.dll
07:28:54.0734 0x1780  PlugPlay - ok
07:28:54.0763 0x1780  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
07:28:54.0798 0x1780  PNRPAutoReg - ok
07:28:54.0831 0x1780  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
07:28:54.0858 0x1780  PNRPsvc - ok
07:28:54.0913 0x1780  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
07:28:54.0965 0x1780  PolicyAgent - ok
07:28:55.0008 0x1780  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\windows\system32\umpo.dll
07:28:55.0047 0x1780  Power - ok
07:28:55.0075 0x1780  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
07:28:55.0112 0x1780  PptpMiniport - ok
07:28:55.0132 0x1780  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\windows\system32\DRIVERS\processr.sys
07:28:55.0154 0x1780  Processor - ok
07:28:55.0198 0x1780  [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc         C:\windows\system32\profsvc.dll
07:28:55.0241 0x1780  ProfSvc - ok
07:28:55.0254 0x1780  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\windows\system32\lsass.exe
07:28:55.0274 0x1780  ProtectedStorage - ok
07:28:55.0288 0x1780  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
07:28:55.0345 0x1780  Psched - ok
07:28:55.0420 0x1780  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
07:28:55.0481 0x1780  ql2300 - ok
07:28:55.0530 0x1780  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
07:28:55.0550 0x1780  ql40xx - ok
07:28:55.0587 0x1780  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\windows\system32\qwave.dll
07:28:55.0636 0x1780  QWAVE - ok
07:28:55.0686 0x1780  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
07:28:55.0737 0x1780  QWAVEdrv - ok
07:28:55.0761 0x1780  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
07:28:55.0796 0x1780  RasAcd - ok
07:28:55.0826 0x1780  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
07:28:55.0876 0x1780  RasAgileVpn - ok
07:28:55.0914 0x1780  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\windows\System32\rasauto.dll
07:28:55.0953 0x1780  RasAuto - ok
07:28:55.0978 0x1780  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
07:28:56.0028 0x1780  Rasl2tp - ok
07:28:56.0077 0x1780  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\windows\System32\rasmans.dll
07:28:56.0121 0x1780  RasMan - ok
07:28:56.0142 0x1780  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
07:28:56.0197 0x1780  RasPppoe - ok
07:28:56.0223 0x1780  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
07:28:56.0270 0x1780  RasSstp - ok
07:28:56.0298 0x1780  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
07:28:56.0341 0x1780  rdbss - ok
07:28:56.0363 0x1780  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
07:28:56.0385 0x1780  rdpbus - ok
07:28:56.0423 0x1780  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
07:28:56.0506 0x1780  RDPCDD - ok
07:28:56.0529 0x1780  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
07:28:56.0579 0x1780  RDPENCDD - ok
07:28:56.0604 0x1780  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
07:28:56.0680 0x1780  RDPREFMP - ok
07:28:56.0723 0x1780  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
07:28:56.0778 0x1780  RDPWD - ok
07:28:56.0829 0x1780  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
07:28:56.0851 0x1780  rdyboost - ok
07:28:56.0893 0x1780  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\windows\System32\mprdim.dll
07:28:56.0946 0x1780  RemoteAccess - ok
07:28:56.0987 0x1780  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\windows\system32\regsvc.dll
07:28:57.0046 0x1780  RemoteRegistry - ok
07:28:57.0112 0x1780  [ 7CCAEBCAB6FC1ED0206C07E083E79207, 40BFA1BEDFF093652279494EDD397FC094794B76916C2681D0544D6793314DFE ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
07:28:57.0138 0x1780  RichVideo - ok
07:28:57.0154 0x1780  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
07:28:57.0214 0x1780  RpcEptMapper - ok
07:28:57.0241 0x1780  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\windows\system32\locator.exe
07:28:57.0275 0x1780  RpcLocator - ok
07:28:57.0307 0x1780  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\windows\system32\rpcss.dll
07:28:57.0352 0x1780  RpcSs - ok
07:28:57.0383 0x1780  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
07:28:57.0430 0x1780  rspndr - ok
07:28:57.0456 0x1780  [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
07:28:57.0509 0x1780  RTL8167 - ok
07:28:57.0543 0x1780  [ 6E5FBB7CBAEC47038B945D5E9B144A64, B2AA2F39DAA841FCA470846CC07C580464E2F07C3EFAA64AF783144718F09C13 ] SABI            C:\windows\system32\Drivers\SABI.sys
07:28:57.0581 0x1780  SABI - ok
07:28:57.0599 0x1780  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\windows\system32\lsass.exe
07:28:57.0619 0x1780  SamSs - ok
07:28:57.0702 0x1780  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
07:28:57.0731 0x1780  sbp2port - ok
07:28:57.0761 0x1780  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\windows\System32\SCardSvr.dll
07:28:57.0821 0x1780  SCardSvr - ok
07:28:57.0834 0x1780  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
07:28:57.0867 0x1780  scfilter - ok
07:28:57.0945 0x1780  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\windows\system32\schedsvc.dll
07:28:58.0025 0x1780  Schedule - ok
07:28:58.0060 0x1780  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\windows\System32\certprop.dll
07:28:58.0095 0x1780  SCPolicySvc - ok
07:28:58.0119 0x1780  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\windows\System32\SDRSVC.dll
07:28:58.0151 0x1780  SDRSVC - ok
07:28:58.0175 0x1780  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\windows\system32\drivers\secdrv.sys
07:28:58.0229 0x1780  secdrv - ok
07:28:58.0251 0x1780  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\windows\system32\seclogon.dll
07:28:58.0289 0x1780  seclogon - ok
07:28:58.0310 0x1780  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\windows\System32\sens.dll
07:28:58.0367 0x1780  SENS - ok
07:28:58.0394 0x1780  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\windows\system32\sensrsvc.dll
07:28:58.0433 0x1780  SensrSvc - ok
07:28:58.0452 0x1780  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
07:28:58.0492 0x1780  Serenum - ok
07:28:58.0510 0x1780  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\windows\system32\DRIVERS\serial.sys
07:28:58.0542 0x1780  Serial - ok
07:28:58.0585 0x1780  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
07:28:58.0619 0x1780  sermouse - ok
07:28:58.0682 0x1780  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\windows\system32\sessenv.dll
07:28:58.0739 0x1780  SessionEnv - ok
07:28:58.0790 0x1780  [ 0B179A959FF6B6CA5927D4F255AB9F90, 686EB1F79614E6F63EDA2D9D13D19BA2518ACC0BB319458BC0CF891F75BA1ED6 ] sfdrv01         C:\windows\system32\drivers\sfdrv01.sys
07:28:58.0822 0x1780  sfdrv01 - detected UnsignedFile.Multi.Generic ( 1 )
07:29:01.0255 0x1780  Detect skipped due to KSN trusted
07:29:01.0255 0x1780  sfdrv01 - ok
07:29:01.0298 0x1780  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
07:29:01.0347 0x1780  sffdisk - ok
07:29:01.0375 0x1780  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
07:29:01.0415 0x1780  sffp_mmc - ok
07:29:01.0431 0x1780  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
07:29:01.0472 0x1780  sffp_sd - ok
07:29:01.0496 0x1780  [ 15BE2B5E4DC5B8623CF167720682ABC9, FAECDC0DCB6EACE8130B278E2FB84B9523AB10329A00B24043B9C76867B917F0 ] sfhlp02         C:\windows\system32\drivers\sfhlp02.sys
07:29:01.0522 0x1780  sfhlp02 - detected UnsignedFile.Multi.Generic ( 1 )
07:29:04.0034 0x1780  Detect skipped due to KSN trusted
07:29:04.0034 0x1780  sfhlp02 - ok
07:29:04.0075 0x1780  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
07:29:04.0109 0x1780  sfloppy - ok
07:29:04.0139 0x1780  [ A62EFE6AA55C6A599DDBB6BD00E8FB9C, 7636E1DA504A698E0E6E4DEDCEF568C9E6A3B184F9CA18A5D648FBEDC54B5FDC ] sfsync02        C:\windows\system32\drivers\sfsync02.sys
07:29:04.0169 0x1780  sfsync02 - detected UnsignedFile.Multi.Generic ( 1 )
07:29:06.0521 0x1780  Detect skipped due to KSN trusted
07:29:06.0521 0x1780  sfsync02 - ok
07:29:06.0583 0x1780  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\windows\System32\ipnathlp.dll
07:29:06.0680 0x1780  SharedAccess - ok
07:29:06.0713 0x1780  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
07:29:06.0778 0x1780  ShellHWDetection - ok
07:29:06.0819 0x1780  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\windows\system32\drivers\sisagp.sys
07:29:06.0848 0x1780  sisagp - ok
07:29:06.0876 0x1780  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
07:29:06.0895 0x1780  SiSRaid2 - ok
07:29:06.0908 0x1780  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
07:29:06.0928 0x1780  SiSRaid4 - ok
07:29:06.0988 0x1780  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
07:29:07.0013 0x1780  SkypeUpdate - ok
07:29:07.0028 0x1780  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\windows\system32\DRIVERS\smb.sys
07:29:07.0064 0x1780  Smb - ok
07:29:07.0088 0x1780  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
07:29:07.0129 0x1780  SNMPTRAP - ok
07:29:07.0149 0x1780  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\windows\system32\drivers\spldr.sys
07:29:07.0167 0x1780  spldr - ok
07:29:07.0230 0x1780  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\windows\System32\spoolsv.exe
07:29:07.0288 0x1780  Spooler - ok
07:29:07.0454 0x1780  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\windows\system32\sppsvc.exe
07:29:07.0646 0x1780  sppsvc - ok
07:29:07.0695 0x1780  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\windows\system32\sppuinotify.dll
07:29:07.0730 0x1780  sppuinotify - ok
07:29:07.0784 0x1780  [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd            C:\windows\system32\Drivers\sptd.sys
07:29:07.0785 0x1780  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
07:29:07.0797 0x1780  sptd - detected LockedFile.Multi.Generic ( 1 )
07:29:10.0151 0x1780  Detect skipped due to KSN trusted
07:29:10.0151 0x1780  sptd - ok
07:29:10.0270 0x1780  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\windows\system32\DRIVERS\srv.sys
07:29:10.0322 0x1780  srv - ok
07:29:10.0349 0x1780  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
07:29:10.0395 0x1780  srv2 - ok
07:29:10.0416 0x1780  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
07:29:10.0459 0x1780  srvnet - ok
07:29:10.0502 0x1780  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
07:29:10.0560 0x1780  SSDPSRV - ok
07:29:10.0589 0x1780  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\windows\system32\sstpsvc.dll
07:29:10.0628 0x1780  SstpSvc - ok
07:29:10.0665 0x1780  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
07:29:10.0683 0x1780  stexstor - ok
07:29:10.0733 0x1780  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\windows\System32\wiaservc.dll
07:29:10.0785 0x1780  StiSvc - ok
07:29:10.0844 0x1780  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\windows\system32\drivers\swenum.sys
07:29:10.0870 0x1780  swenum - ok
07:29:10.0907 0x1780  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\windows\System32\swprv.dll
07:29:10.0969 0x1780  swprv - ok
07:29:11.0010 0x1780  [ 069E5728E565BD401347CB94732C4733, 16D6F0DE070E0A00FEE2512A9F238DA8175C4C44D76FBC5DD49CAF2EBB779C1F ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
07:29:11.0033 0x1780  SynTP - ok
07:29:11.0113 0x1780  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\windows\system32\sysmain.dll
07:29:11.0196 0x1780  SysMain - ok
07:29:11.0247 0x1780  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
07:29:11.0294 0x1780  TabletInputService - ok
07:29:11.0341 0x1780  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\windows\System32\tapisrv.dll
07:29:11.0396 0x1780  TapiSrv - ok
07:29:11.0425 0x1780  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\windows\System32\tbssvc.dll
07:29:11.0475 0x1780  TBS - ok
07:29:11.0564 0x1780  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
07:29:11.0620 0x1780  Tcpip - ok
07:29:11.0663 0x1780  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
07:29:11.0712 0x1780  TCPIP6 - ok
07:29:11.0752 0x1780  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
07:29:11.0785 0x1780  tcpipreg - ok
07:29:11.0826 0x1780  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
07:29:11.0878 0x1780  TDPIPE - ok
07:29:11.0914 0x1780  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
07:29:11.0954 0x1780  TDTCP - ok
07:29:11.0994 0x1780  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
07:29:12.0050 0x1780  tdx - ok
07:29:12.0233 0x1780  [ 0835A6C3C951A440AD03FB3DAB953D16, 7F26998938112360279AF4A5809B18EBC3E7F59D40558C149C6F865C15240779 ] TeamViewer6     C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
07:29:12.0317 0x1780  TeamViewer6 - ok
07:29:12.0367 0x1780  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\windows\system32\drivers\termdd.sys
07:29:12.0387 0x1780  TermDD - ok
07:29:12.0450 0x1780  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\windows\System32\termsrv.dll
07:29:12.0512 0x1780  TermService - ok
07:29:12.0539 0x1780  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\windows\system32\themeservice.dll
07:29:12.0565 0x1780  Themes - ok
07:29:12.0585 0x1780  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\windows\system32\mmcss.dll
07:29:12.0621 0x1780  THREADORDER - ok
07:29:12.0731 0x1780  [ 8DC050D1558E0CC1593B63765C5C5FCF, 3DD7E3E347EAC60893510006A82CED3E26BD64CD512F73EF0F6397883CC266CB ] Tq_91Assistant  C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys
07:29:12.0755 0x1780  Tq_91Assistant - ok
07:29:12.0788 0x1780  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\windows\System32\trkwks.dll
07:29:12.0841 0x1780  TrkWks - ok
07:29:12.0914 0x1780  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
07:29:12.0981 0x1780  TrustedInstaller - ok
07:29:13.0031 0x1780  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
07:29:13.0101 0x1780  tssecsrv - ok
07:29:13.0164 0x1780  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
07:29:13.0229 0x1780  TsUsbFlt - ok
07:29:13.0285 0x1780  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
07:29:13.0336 0x1780  tunnel - ok
07:29:13.0364 0x1780  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
07:29:13.0383 0x1780  uagp35 - ok
07:29:13.0405 0x1780  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
07:29:13.0461 0x1780  udfs - ok
07:29:13.0491 0x1780  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\windows\system32\UI0Detect.exe
07:29:13.0530 0x1780  UI0Detect - ok
07:29:13.0547 0x1780  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
07:29:13.0567 0x1780  uliagpkx - ok
07:29:13.0622 0x1780  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
07:29:13.0657 0x1780  umbus - ok
07:29:13.0691 0x1780  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
07:29:13.0727 0x1780  UmPass - ok
07:29:13.0768 0x1780  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\windows\System32\upnphost.dll
07:29:13.0835 0x1780  upnphost - ok
07:29:13.0890 0x1780  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
07:29:13.0921 0x1780  USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
07:29:16.0281 0x1780  Detect skipped due to KSN trusted
07:29:16.0281 0x1780  USBAAPL - ok
07:29:16.0332 0x1780  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
07:29:16.0391 0x1780  usbccgp - ok
07:29:16.0420 0x1780  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\windows\system32\drivers\usbcir.sys
07:29:16.0455 0x1780  usbcir - ok
07:29:16.0512 0x1780  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
07:29:16.0557 0x1780  usbehci - ok
07:29:16.0608 0x1780  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
07:29:16.0671 0x1780  usbhub - ok
07:29:16.0694 0x1780  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\windows\system32\drivers\usbohci.sys
07:29:16.0714 0x1780  usbohci - ok
07:29:16.0751 0x1780  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
07:29:16.0791 0x1780  usbprint - ok
07:29:16.0852 0x1780  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\windows\system32\drivers\usbscan.sys
07:29:16.0916 0x1780  usbscan - ok
07:29:16.0963 0x1780  [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
07:29:16.0985 0x1780  USBSTOR - ok
07:29:17.0032 0x1780  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
07:29:17.0092 0x1780  usbuhci - ok
07:29:17.0123 0x1780  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
07:29:17.0148 0x1780  usbvideo - ok
07:29:17.0217 0x1780  [ AF77716205C97E902E6C5B78DECE2CCA, ED99EABED1C7F323EE2A76413E2B260F8EE1D76FDF1E60EE35136D060E756735 ] usb_rndisx      C:\windows\system32\DRIVERS\usb8023x.sys
07:29:17.0277 0x1780  usb_rndisx - ok
07:29:17.0307 0x1780  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\windows\System32\uxsms.dll
07:29:17.0342 0x1780  UxSms - ok
07:29:17.0357 0x1780  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\windows\system32\lsass.exe
07:29:17.0378 0x1780  VaultSvc - ok
07:29:17.0393 0x1780  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
07:29:17.0412 0x1780  vdrvroot - ok
07:29:17.0481 0x1780  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\windows\System32\vds.exe
07:29:17.0536 0x1780  vds - ok
07:29:17.0570 0x1780  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
07:29:17.0593 0x1780  vga - ok
07:29:17.0599 0x1780  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\windows\System32\drivers\vga.sys
07:29:17.0635 0x1780  VgaSave - ok
07:29:17.0669 0x1780  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
07:29:17.0691 0x1780  vhdmp - ok
07:29:17.0705 0x1780  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\windows\system32\drivers\viaagp.sys
07:29:17.0725 0x1780  viaagp - ok
07:29:17.0740 0x1780  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
07:29:17.0772 0x1780  ViaC7 - ok
07:29:17.0805 0x1780  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\windows\system32\drivers\viaide.sys
07:29:17.0823 0x1780  viaide - ok
07:29:17.0839 0x1780  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\windows\system32\drivers\volmgr.sys
07:29:17.0859 0x1780  volmgr - ok
07:29:17.0888 0x1780  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
07:29:17.0914 0x1780  volmgrx - ok
07:29:17.0942 0x1780  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\windows\system32\drivers\volsnap.sys
07:29:17.0966 0x1780  volsnap - ok
07:29:17.0983 0x1780  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
07:29:18.0005 0x1780  vsmraid - ok
07:29:18.0076 0x1780  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\windows\system32\vssvc.exe
07:29:18.0157 0x1780  VSS - ok
07:29:18.0183 0x1780  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
07:29:18.0223 0x1780  vwifibus - ok
07:29:18.0247 0x1780  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
07:29:18.0284 0x1780  vwififlt - ok
07:29:18.0311 0x1780  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
07:29:18.0336 0x1780  vwifimp - ok
07:29:18.0375 0x1780  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\windows\system32\w32time.dll
07:29:18.0438 0x1780  W32Time - ok
07:29:18.0458 0x1780  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
07:29:18.0495 0x1780  WacomPen - ok
07:29:18.0543 0x1780  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
07:29:18.0608 0x1780  WANARP - ok
07:29:18.0614 0x1780  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
07:29:18.0647 0x1780  Wanarpv6 - ok
07:29:18.0728 0x1780  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\windows\system32\wbengine.exe
07:29:18.0834 0x1780  wbengine - ok
07:29:18.0864 0x1780  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
07:29:18.0896 0x1780  WbioSrvc - ok
07:29:18.0938 0x1780  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\windows\System32\wcncsvc.dll
07:29:18.0986 0x1780  wcncsvc - ok
07:29:19.0003 0x1780  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
07:29:19.0057 0x1780  WcsPlugInService - ok
07:29:19.0085 0x1780  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\windows\system32\DRIVERS\wd.sys
07:29:19.0103 0x1780  Wd - ok
07:29:19.0167 0x1780  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
07:29:19.0204 0x1780  Wdf01000 - ok
07:29:19.0227 0x1780  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\windows\system32\wdi.dll
07:29:19.0288 0x1780  WdiServiceHost - ok
07:29:19.0294 0x1780  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\windows\system32\wdi.dll
07:29:19.0320 0x1780  WdiSystemHost - ok
07:29:19.0373 0x1780  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\windows\System32\webclnt.dll
07:29:19.0440 0x1780  WebClient - ok
07:29:19.0493 0x1780  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\windows\system32\wecsvc.dll
07:29:19.0551 0x1780  Wecsvc - ok
07:29:19.0567 0x1780  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\windows\System32\wercplsupport.dll
07:29:19.0624 0x1780  wercplsupport - ok
07:29:19.0664 0x1780  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\windows\System32\WerSvc.dll
07:29:19.0719 0x1780  WerSvc - ok
07:29:19.0737 0x1780  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
07:29:19.0772 0x1780  WfpLwf - ok
07:29:19.0788 0x1780  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\windows\system32\drivers\wimmount.sys
07:29:19.0806 0x1780  WIMMount - ok
07:29:19.0881 0x1780  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
07:29:19.0958 0x1780  WinDefend - ok
07:29:19.0987 0x1780  WinHttpAutoProxySvc - ok
07:29:20.0058 0x1780  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
07:29:20.0122 0x1780  Winmgmt - ok
07:29:20.0208 0x1780  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\windows\system32\WsmSvc.dll
07:29:20.0283 0x1780  WinRM - ok
07:29:20.0368 0x1780  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
07:29:20.0423 0x1780  WinUsb - ok
07:29:20.0496 0x1780  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\windows\System32\wlansvc.dll
07:29:20.0565 0x1780  Wlansvc - ok
07:29:20.0605 0x1780  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
07:29:20.0636 0x1780  WmiAcpi - ok
07:29:20.0698 0x1780  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
07:29:20.0737 0x1780  wmiApSrv - ok
07:29:20.0853 0x1780  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:29:20.0936 0x1780  WMPNetworkSvc - ok
07:29:20.0970 0x1780  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\windows\System32\wpcsvc.dll
07:29:21.0026 0x1780  WPCSvc - ok
07:29:21.0073 0x1780  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
07:29:21.0123 0x1780  WPDBusEnum - ok
07:29:21.0153 0x1780  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
07:29:21.0206 0x1780  ws2ifsl - ok
07:29:21.0238 0x1780  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\windows\System32\wscsvc.dll
07:29:21.0266 0x1780  wscsvc - ok
07:29:21.0297 0x1780  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
07:29:21.0320 0x1780  WSDPrintDevice - ok
07:29:21.0339 0x1780  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\windows\system32\drivers\WSDScan.sys
07:29:21.0359 0x1780  WSDScan - ok
07:29:21.0365 0x1780  WSearch - ok
07:29:21.0483 0x1780  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\windows\system32\wuaueng.dll
07:29:21.0563 0x1780  wuauserv - ok
07:29:21.0611 0x1780  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
07:29:21.0655 0x1780  WudfPf - ok
07:29:21.0703 0x1780  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
07:29:21.0749 0x1780  WUDFRd - ok
07:29:21.0792 0x1780  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
07:29:21.0837 0x1780  wudfsvc - ok
07:29:21.0862 0x1780  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\windows\System32\wwansvc.dll
07:29:21.0895 0x1780  WwanSvc - ok
07:29:21.0939 0x1780  [ 30B73EB97218A16CBC6DE535782A1B35, 5B034F39FA5B902BD6899717F7696871CDAFB8698B48BB0E95DAE51234715A28 ] yukonw7         C:\windows\system32\DRIVERS\yk62x86.sys
07:29:21.0991 0x1780  yukonw7 - ok
07:29:22.0030 0x1780  ================ Scan global ===============================
07:29:22.0116 0x1780  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
07:29:22.0186 0x1780  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
07:29:22.0210 0x1780  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
07:29:22.0253 0x1780  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
07:29:22.0291 0x1780  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\windows\system32\services.exe
07:29:22.0300 0x1780  [ Global ] - ok
07:29:22.0300 0x1780  ================ Scan MBR ==================================
07:29:22.0318 0x1780  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
07:29:22.0650 0x1780  \Device\Harddisk0\DR0 - ok
07:29:22.0656 0x1780  [ 7F318C46118EFB90A21202C5F1447206 ] \Device\Harddisk1\DR1
08:42:26.0598 0x1780  \Device\Harddisk1\DR1 - ok
08:42:26.0599 0x1780  ================ Scan VBR ==================================
08:42:26.0936 0x1780  [ 80F1F6505F4F7557F37C3705680228DC ] \Device\Harddisk0\DR0\Partition1
08:42:26.0938 0x1780  \Device\Harddisk0\DR0\Partition1 - ok
08:42:26.0956 0x1780  [ 9D752003ADB75FE309237FC971A97107 ] \Device\Harddisk0\DR0\Partition2
08:42:26.0958 0x1780  \Device\Harddisk0\DR0\Partition2 - ok
08:42:26.0983 0x1780  [ C2649F0AFB8E2550A43C158D02D666BD ] \Device\Harddisk0\DR0\Partition3
08:42:26.0985 0x1780  \Device\Harddisk0\DR0\Partition3 - ok
08:42:26.0986 0x1780  ================ Scan generic autorun ======================
08:42:27.0366 0x1780  [ 97101B7CCCFA2BDFEFC2E0B84205D144, 10C6EC4903DB85A1517F788049E726B22FF87C012A936CBF26EF0F2222C9251B ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
08:42:27.0737 0x1780  RtHDVCpl - ok
08:42:27.0882 0x1780  [ E4A94D17436B4E9F53CD64D08E53D964, E3B2D336A1E90C1C520B834FA986AE2CFBD2807664C35E8AB9059CC899E58CFC ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
08:42:27.0941 0x1780  SynTPEnh - ok
08:42:28.0006 0x1780  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
08:42:28.0027 0x1780  UpdateLBPShortCut - ok
08:42:28.0076 0x1780  [ 54FA8528EDA1B6B34615F4EA3FCB35E6, B078821475D6FDED19579A487484D0752DC6E1AA0D1ACA71353C743B00291C61 ] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
08:42:28.0091 0x1780  CLMLServer - ok
08:42:28.0133 0x1780  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
08:42:28.0153 0x1780  UpdateP2GoShortCut - ok
08:42:28.0212 0x1780  [ AAD52179D4A526AD4A705B87C6E4F72A, 0015F316DD2E73D5D2434DAC7CAB47050B21BF8CAE23482302A0E1982EF8A3BD ] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
08:42:28.0232 0x1780  UpdatePDRShortCut - ok
08:42:28.0283 0x1780  [ 28FD28A29C637C9AFEFE0A26E27C6DFE, A490ADCD7BC9863B6E8773CADFDE6CA58A0743CD64C39D14AF380B18ABDEC003 ] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
08:42:28.0308 0x1780  RemoteControl8 - ok
08:42:28.0329 0x1780  [ F8270CFD51F9D6BF42140FA4071C83FE, B7AAF6B13C01CB6B94DEABBDD40249A6D298DD4BCBE2921D8E332F88ED3B754A ] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
08:42:28.0352 0x1780  PDVD8LanguageShortcut - ok
08:42:28.0414 0x1780  [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
08:42:28.0466 0x1780  UpdatePPShortCut - ok
08:42:28.0558 0x1780  [ 82A3031F7FAA61CB5E040B0D98A104AF, 5EB990BACE18112658208F517EE2E635DBD00A06380DD9DAB253556C980DEA99 ] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
08:42:28.0589 0x1780  UpdatePSTShortCut - ok
08:42:28.0655 0x1780  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
08:42:28.0686 0x1780  UCam_Menu - ok
08:42:28.0720 0x1780  [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\windows\system32\igfxtray.exe
08:42:28.0739 0x1780  IgfxTray - ok
08:42:28.0770 0x1780  [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\windows\system32\hkcmd.exe
08:42:28.0789 0x1780  HotKeysCmds - ok
08:42:28.0807 0x1780  [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\windows\system32\igfxpers.exe
08:42:28.0826 0x1780  Persistence - ok
08:42:28.0840 0x1780  WinampAgent - ok
08:42:28.0848 0x1780   Malwarebytes Anti-Malware  (reboot) - ok
08:42:28.0925 0x1780  [ A7810B302294793DE88542AAE177D1B1, F0EE3684DBEB0AAAD912DC04D060976D1EAE92489E192BAE900FA0F417AD20A7 ] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
08:42:28.0957 0x1780  ArcSoft Connection Service - ok
08:42:28.0991 0x1780  [ F3E0723C2C3A0CB180C7F4E8CCD2A28A, EAD29B76F10F4289E981355733CB590943A33E6C57588DD71AA03317DB1755C2 ] C:\windows\System32\DVAPTray.exe
08:42:29.0017 0x1780  DVAPTray - detected UnsignedFile.Multi.Generic ( 1 )
08:42:31.0541 0x1780  Detect skipped due to KSN trusted
08:42:31.0542 0x1780  DVAPTray - ok
08:42:32.0063 0x1780  [ 97B06F3361EAE2D176FEEAE96CCDFCA2, B53395633B78AAC69BB22E999E5F73C29BC64FC6B198B889C6C63D7D52B34B97 ] C:\windows\temp\DFI-0833TN.exe
08:42:32.0083 0x1780  dfmirage-Install - detected UnsignedFile.Multi.Generic ( 1 )
08:42:34.0590 0x1780  Detect skipped due to KSN trusted
08:42:34.0590 0x1780  dfmirage-Install - ok
08:42:34.0682 0x1780  [ 2E5212A0BFB98FE0167C92C76C87AFE3, 8C8ACD175A626453878154AF48760D99979C6D2836BC4816575B347C668D4F9E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
08:42:34.0717 0x1780  SunJavaUpdateSched - ok
08:42:34.0900 0x1780  [ D49C6A597814433ED6C3BF7ECF2D27BD, D792327A9D88ADACA3B855038DD87DDB0FF5A6F5B2D4ED3BC53BA98309C08FDD ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
08:42:34.0988 0x1780  CanonMyPrinter - ok
08:42:35.0146 0x1780  [ 00AB2B491C7037BB219BEB26FAD34C72, 95EDBBE07EB85EEE1376252AA975BAA61235C80FC03036357BD4786E5D6B9703 ] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
08:42:35.0210 0x1780  CanonSolutionMenuEx - ok
08:42:35.0279 0x1780  [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
08:42:35.0306 0x1780  IJNetworkScannerSelectorEX - ok
08:42:35.0434 0x1780  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
08:42:35.0477 0x1780  Adobe ARM - ok
08:42:35.0553 0x1780  [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\QTTask.exe
08:42:35.0578 0x1780  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
08:42:38.0080 0x1780  Detect skipped due to KSN trusted
08:42:38.0080 0x1780  QuickTime Task - ok
08:42:38.0203 0x1780  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:42:38.0293 0x1780  Sidebar - ok
08:42:38.0387 0x1780  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
08:42:38.0421 0x1780  mctadmin - ok
08:42:38.0483 0x1780  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:42:38.0535 0x1780  Sidebar - ok
08:42:38.0545 0x1780  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
08:42:38.0570 0x1780  mctadmin - ok
08:42:38.0607 0x1780  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
08:42:38.0661 0x1780  Sidebar - ok
08:42:38.0686 0x1780  MobileDocuments - ok
08:42:38.0687 0x1780  ApplePhotoStreams - ok
08:42:38.0690 0x1780  com.apple.dav.bookmarks.daemon - ok
08:42:38.0725 0x1780  Akamai NetSession Interface - ok
08:42:38.0725 0x1780  AppleIEDAV - ok
08:42:38.0729 0x1780  iCloudServices - ok
08:42:38.0733 0x1780  Waiting for KSN requests completion. In queue: 10
08:42:39.0734 0x1780  Waiting for KSN requests completion. In queue: 10
08:42:40.0734 0x1780  Waiting for KSN requests completion. In queue: 5
08:42:41.0784 0x1780  AV detected via SS2: Kaspersky Anti-Virus, C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
08:42:41.0791 0x1780  Win FW state via NFP2: enabled
08:42:44.0135 0x1780  ============================================================
08:42:44.0135 0x1780  Scan finished
08:42:44.0135 0x1780  ============================================================
08:42:44.0154 0x172c  Detected object count: 0
08:42:44.0154 0x172c  Actual detected object count: 0
         

Vielen Dank.
__________________

Alt 18.09.2014, 16:06   #4
MotoG
 
Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



und noch frische FRST-Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Hartmut (administrator) on PATRICKTINA on 18-09-2014 16:00:58
Running from C:\Users\Hartmut\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.)
HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilvaaehj.lnk
ShortcutTarget: ilvaaehj.lnk -> C:\Users\Hartmut\AppData\Local\ilvaaehj.exe (No File)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.123.60

FireFox:
========
FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-23]
FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17]
FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}
FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider)
S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH)
S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO)
R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed]
S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed]
R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed]
S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] ()
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 acp7kcfj; C:\windows\system32\Drivers\acp7kcfj.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 07:25 - 2014-09-17 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe
2014-09-17 16:38 - 2014-09-17 16:39 - 00038373 _____ () C:\Users\Hartmut\Desktop\Addition.txt
2014-09-17 16:37 - 2014-09-18 16:01 - 00000000 ____D () C:\FRST
2014-09-17 16:37 - 2014-09-18 16:00 - 00021097 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:23 - 2014-09-17 16:29 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 12:19 - 2014-09-18 15:59 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 16:01 - 2014-09-17 16:37 - 00021097 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-18 16:01 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST
2014-09-18 15:59 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 15:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 15:55 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub
2014-09-18 15:55 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-09-18 15:54 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-18 15:54 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 15:54 - 2011-02-22 21:38 - 00135659 _____ () C:\windows\setupact.log
2014-09-18 15:54 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-09-18 15:54 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-18 12:29 - 2009-12-05 04:40 - 01879521 _____ () C:\windows\WindowsUpdate.log
2014-09-18 11:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 07:53 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-18 07:53 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-18 07:17 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 07:17 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 21:06 - 2014-09-18 07:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe
2014-09-17 16:39 - 2014-09-17 16:38 - 00038373 _____ () C:\Users\Hartmut\Desktop\Addition.txt
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:30 - 2009-12-05 05:19 - 01041244 _____ () C:\windows\PFRO.log
2014-09-17 16:29 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore
2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-09-09 19:31 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps
2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina
2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\tmp
2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\hps
2014-08-19 20:56 - 2013-10-08 14:52 - 00001120 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2014-08-19 20:56 - 2013-10-08 14:52 - 00001105 _____ () C:\Users\Public\Desktop\dm-Fotowelt.lnk
2014-08-19 19:39 - 2014-09-13 13:17 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-13 13:17 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-13 13:17 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

Files to move or delete:
====================
C:\windows\temp\DFI-0833TN.exe


Some content of TEMP:
====================
C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe
C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll
C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\f.exe
C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe
C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe
C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe
C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 20:11

==================== End Of Log ============================
         
--- --- ---

Alt 19.09.2014, 09:23   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2014, 12:15   #6
MotoG
 
Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Hallo Schrauber,

hier die Log-Dateien:

MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.09.2014
Suchlauf-Zeit: 10:34:13
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.19.02
Rootkit Datenbank: v2014.09.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Hartmut

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 338801
Verstrichene Zeit: 19 Min, 46 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
ADWCleaner:

Code:
ATTFilter
# AdwCleaner v3.310 - Bericht erstellt am 19/09/2014 um 11:50:57
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Hartmut - PATRICKTINA
# Gestartet von : C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 de)

[ Datei : C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [7983 octets] - [17/09/2014 16:24:00]
AdwCleaner[R1].txt - [971 octets] - [19/09/2014 11:35:46]
AdwCleaner[R2].txt - [1030 octets] - [19/09/2014 11:45:47]
AdwCleaner[S0].txt - [7918 octets] - [17/09/2014 16:29:38]
AdwCleaner[S1].txt - [953 octets] - [19/09/2014 11:50:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1012 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.7 (09.18.2014:2)
OS: Windows 7 Home Premium x86
Ran by Hartmut on 19.09.2014 at 11:59:01,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1871111397-3539990770-1974983793-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\Hartmut\AppData\Roaming\mozilla\firefox\profiles\9k1zs3lf.default\minidumps [222 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2014 at 12:03:42,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Hartmut (administrator) on PATRICKTINA on 19-09-2014 12:07:42
Running from C:\Users\Hartmut\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.)
HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.123.60

FireFox:
========
FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19]
FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17]
FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}
FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider)
S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH)
S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-19] (Malwarebytes Corporation)
R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed]
S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed]
R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed]
S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] ()
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 adm0jszf; C:\windows\system32\Drivers\adm0jszf.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 12:03 - 2014-09-19 12:07 - 00001022 _____ () C:\Users\Hartmut\Desktop\JRT.txt
2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe
2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT
2014-09-19 11:56 - 2014-09-19 11:56 - 00001092 _____ () C:\Users\Hartmut\Desktop\AdwCleaner[S1].txt
2014-09-19 11:34 - 2014-09-19 11:34 - 00001161 _____ () C:\Users\Hartmut\Desktop\MBAM.txt
2014-09-19 10:20 - 2014-09-19 12:07 - 00020890 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe
2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk
2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 07:25 - 2014-09-17 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe
2014-09-17 16:37 - 2014-09-19 12:07 - 00000000 ____D () C:\FRST
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:23 - 2014-09-19 11:50 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 12:19 - 2014-09-19 10:32 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 12:08 - 2014-09-19 10:20 - 00020890 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-19 12:07 - 2014-09-19 12:03 - 00001022 _____ () C:\Users\Hartmut\Desktop\JRT.txt
2014-09-19 12:07 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST
2014-09-19 12:00 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps
2014-09-19 11:59 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 11:59 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe
2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT
2014-09-19 11:56 - 2014-09-19 11:56 - 00001092 _____ () C:\Users\Hartmut\Desktop\AdwCleaner[S1].txt
2014-09-19 11:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 11:53 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-19 11:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 11:52 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub
2014-09-19 11:52 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 11:52 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-09-19 11:52 - 2011-02-22 21:38 - 00135771 _____ () C:\windows\setupact.log
2014-09-19 11:52 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-09-19 11:52 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-19 11:51 - 2012-05-03 07:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 11:51 - 2009-12-05 05:19 - 01041558 _____ () C:\windows\PFRO.log
2014-09-19 11:51 - 2009-12-05 04:40 - 01944624 _____ () C:\windows\WindowsUpdate.log
2014-09-19 11:50 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner
2014-09-19 11:34 - 2014-09-19 11:34 - 00001161 _____ () C:\Users\Hartmut\Desktop\MBAM.txt
2014-09-19 10:32 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe
2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk
2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 07:53 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-18 07:53 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-17 21:06 - 2014-09-18 07:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore
2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina
2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Files to move or delete:
====================
C:\windows\temp\DFI-0833TN.exe


Some content of TEMP:
====================
C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe
C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll
C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\f.exe
C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe
C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Hartmut\AppData\Local\Temp\Quarantine.exe
C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe
C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe
C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 20:11

==================== End Of Log ============================
         
--- --- ---

Alt 20.09.2014, 07:59   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.09.2014, 10:40   #8
MotoG
 
Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Hallo Schrauber,

das Log von Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9366aa161c7d414cae3d78bfc90987cd
# engine=20241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-22 08:08:05
# local_time=2014-09-22 10:08:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1293 16777213 100 100 10071 42851307 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 261342 163004476 0 0
# scanned=330586
# found=18
# cleaned=0
# scan_time=9306
sh=2DE909492E6A183D7AC776B639088D8EEDE0F861 ft=1 fh=21db323dc523e224 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hartmut\AppData\Local\Temp\ScanTack\ScanTack_Setup.exe.vir"
sh=CA422851421ADC99403249CC7203DEDCA0B4B3F3 ft=1 fh=7524831eeb94e3ff vn="Win32/RiskWare.Astori.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hartmut\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=B7DF45D76A749776C309DC046F5AD604700797F1 ft=1 fh=c53997367b7fb8ba vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Stellar Phoenix Photo Recovery\SITPL_SPPR.exe"
sh=3AC7D0D7C42FC23EB69F423AA3A2292EE04A2A6E ft=1 fh=53a3e9c6b5296d22 vn="Variante von Win32/ELEX.AU evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\e3fHe_OO.exe.part"
sh=6C4BEA15F2A864E8C0BB467B369C1607ADED4594 ft=1 fh=9c3c3228e1e883d9 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\f.exe"
sh=7354E02AF5BF7A4409F6CB5EF3E0074A53EF9BDE ft=1 fh=345114b85d3d68aa vn="Win32/InstallCore.OY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\nsg4B93.tmp"
sh=BC5F614146684DEFF414928080D0DCB4A5F8EAB0 ft=1 fh=b68630e74939d5ce vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\nsq1F55.tmp"
sh=1CE3D8B49D727FFA71211E2E90D7BE240C78AB5F ft=1 fh=a6922259cd4d28c2 vn="Win32/InstallCore.PD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\nsvB608.tmp"
sh=E53D41E151E994F3A5E636997C57BDE6909DCB53 ft=1 fh=d72c8a74686c29e9 vn="Win32/Somoto.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe"
sh=9FE705B0208DA1A72261264088B5666D59513C8C ft=1 fh=bf8bcabb055c335e vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-2PV24.tmp\package_secprotwhite_installer_multilang.exe"
sh=C9A4034E0D3A8395292475BEBA1302169F1A4322 ft=1 fh=26250b3a47bd8e28 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-B89EF.tmp\package_vuupc_installer_multilang.exe"
sh=BA3D48DD0CBDC6BEA02CE7ECCC8EBA51F5CB69B5 ft=1 fh=dc2ce2c0e7c3fc7c vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-RT5AN.tmp\package_scantack_installer_multilang.exe"
sh=0A714C328F3F665DDCE1D1B4BC73BC453C395D22 ft=1 fh=a8508b654afef236 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-U5RNK.tmp\package_secprotwhite_offer_multilang.exe"
sh=2CD0923C42A257EAE5A5F43A19391138A8547257 ft=1 fh=29292690883cae52 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-U5RNK.tmp\package_vuupc_offer_multilang.exe"
sh=AEA202E75EB4A7B17250E6DCA3B2470D83247036 ft=1 fh=67bcb2b84dcf5931 vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe"
sh=05B2476A8EC521FF7EC7E227B2533C964FD7CDB1 ft=1 fh=644ec3a69bb9728a vn="Variante von Win32/AdWare.iBryte.AR Anwendung" ac=I fn="C:\Users\Public\Documents\Patrick\Downloads\Downloads\Setup(2).exe"
sh=CA905EE567AFA6F11EF8E8D8F0A286681D86617C ft=1 fh=4a571560d4521978 vn="Win32/OutBrowse.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Documents\Patrick\Downloads\Downloads\setup.exe"
sh=C0BC4D5799DD692717173274328F596C75EDA20F ft=1 fh=1ebee9099e82c466 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Documents\Patrick\Downloads\Downloads\StellarPhoenixPhotoRecovery.exe"
         
Das log von Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Anti-Virus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 24  
 Java version out of Date! 
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.2) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Zum Zeitpunkt der Durchführung von Security Check war Kaspersky deaktiviert, es fehlen noch ein paar Updates (Flash,Java...)

und noch das Log von FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Hartmut (administrator) on PATRICKTINA on 22-09-2014 10:36:13
Running from C:\Users\Hartmut\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.)
HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.123.60

FireFox:
========
FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19]
FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17]
FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}
FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider)
S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH)
S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-19] (Malwarebytes Corporation)
R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed]
S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed]
R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed]
S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] ()
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 ajghkmm3; C:\windows\system32\Drivers\ajghkmm3.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 10:36 - 2014-09-22 10:36 - 00021169 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-22 10:35 - 2014-09-22 10:35 - 00000771 _____ () C:\Users\Hartmut\Desktop\checkup.txt
2014-09-22 10:28 - 2014-09-20 20:28 - 00854417 _____ () C:\Users\Hartmut\Desktop\SecurityCheck.exe
2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe
2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT
2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe
2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk
2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 07:25 - 2014-09-17 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe
2014-09-17 16:37 - 2014-09-22 10:36 - 00000000 ____D () C:\FRST
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:23 - 2014-09-19 11:50 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 12:19 - 2014-09-19 10:32 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 10:36 - 2014-09-22 10:36 - 00021169 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-22 10:36 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST
2014-09-22 10:35 - 2014-09-22 10:35 - 00000771 _____ () C:\Users\Hartmut\Desktop\checkup.txt
2014-09-22 09:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 09:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 07:56 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 07:27 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 07:27 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 07:26 - 2009-12-05 04:40 - 01976486 _____ () C:\windows\WindowsUpdate.log
2014-09-22 07:22 - 2013-06-27 17:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-22 07:20 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-22 07:20 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub
2014-09-22 07:20 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-09-22 07:20 - 2011-02-22 21:38 - 00135883 _____ () C:\windows\setupact.log
2014-09-22 07:20 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-09-22 07:20 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-20 20:28 - 2014-09-22 10:28 - 00854417 _____ () C:\Users\Hartmut\Desktop\SecurityCheck.exe
2014-09-19 12:00 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps
2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe
2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT
2014-09-19 11:51 - 2012-05-03 07:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 11:51 - 2009-12-05 05:19 - 01041558 _____ () C:\windows\PFRO.log
2014-09-19 11:50 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner
2014-09-19 10:32 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe
2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk
2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 07:53 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-18 07:53 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-17 21:06 - 2014-09-18 07:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore
2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina
2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Files to move or delete:
====================
C:\windows\temp\DFI-0833TN.exe


Some content of TEMP:
====================
C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe
C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll
C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\f.exe
C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe
C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Hartmut\AppData\Local\Temp\Quarantine.exe
C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe
C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe
C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 20:11

==================== End Of Log ============================
         
--- --- ---


Vielen Dank für Deine Mühe!

Alt 22.09.2014, 17:27   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Jop, Updates machen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.09.2014, 10:37   #10
MotoG
 
Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Hallo Schrauber,

hier das Log von FRST nach Fix:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Hartmut at 2014-09-23 10:21:30 Run:1
Running from C:\Users\Hartmut\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Emptytemp:
*****************

EmptyTemp: => Removed 1.8 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         
und das Log von FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 (ATTENTION: ====> FRST version is 11 days old and could be outdated)
Ran by Hartmut (administrator) on PATRICKTINA on 23-09-2014 10:29:12
Running from C:\Users\Hartmut\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\wmi32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.)
HKLM\...\Run: [dfmirage-Install] => "C:\windows\temp\DFI-0833TN.exe" -u2 "dfmirage" <===== ATTENTION
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.123.60

FireFox:
========
FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19]
FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17]
FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}
FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider)
S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH)
S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-19] (Malwarebytes Corporation)
R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed]
S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed]
R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed]
S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] ()
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 af0g2p1l; C:\windows\system32\Drivers\af0g2p1l.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 10:29 - 2014-09-23 10:29 - 00021394 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-22 10:28 - 2014-09-20 20:28 - 00854417 _____ () C:\Users\Hartmut\Desktop\SecurityCheck.exe
2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe
2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT
2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe
2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk
2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 07:25 - 2014-09-17 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe
2014-09-17 16:37 - 2014-09-23 10:29 - 00000000 ____D () C:\FRST
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:23 - 2014-09-19 11:50 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 12:19 - 2014-09-19 10:32 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 10:30 - 2014-09-23 10:29 - 00021394 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-23 10:29 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST
2014-09-23 10:28 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-23 10:27 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub
2014-09-23 10:27 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 10:27 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-09-23 10:27 - 2011-02-22 21:38 - 00136051 _____ () C:\windows\setupact.log
2014-09-23 10:27 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-09-23 10:27 - 2009-12-05 05:19 - 01508268 _____ () C:\windows\PFRO.log
2014-09-23 10:27 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-23 10:26 - 2009-12-05 04:40 - 02041484 _____ () C:\windows\WindowsUpdate.log
2014-09-23 10:14 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 10:14 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 10:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 10:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 07:22 - 2013-06-27 17:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-20 20:28 - 2014-09-22 10:28 - 00854417 _____ () C:\Users\Hartmut\Desktop\SecurityCheck.exe
2014-09-19 12:00 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps
2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe
2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT
2014-09-19 11:51 - 2012-05-03 07:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 11:50 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner
2014-09-19 10:32 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe
2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk
2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 07:53 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-18 07:53 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-17 21:06 - 2014-09-18 07:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-15 09:06 - 2010-10-27 23:15 - 00231568 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore
2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina
2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 20:11

==================== End Of Log ============================
         
--- --- ---


Wenn Du jetzt nichts mehr erkennen kannst, dann sieht es gut aus:-)

Gruß
MotoG

Alt 23.09.2014, 21:55   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



fertig
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.09.2014, 22:07   #12
MotoG
 
Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Vielen Dank für Deine tolle Hilfe!
Da wird sich meine Kollegin aber freuen;-)

Alt 24.09.2014, 12:40   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Überprüfung nach Reinigung von Browser Hijacking und andere Malware
adware.agent.ofo, adware.win32.flashplay, adware.win32.ozore, application.adbrowse, application.adplug, application.adserv, application.adshort, application.installad, application.installtab, application.installtool, application.win32.adload, browser hijacking, device driver, ebanking, emsisoft emergency kit, fehlercode 0xc0000005, rogue.win32.tpoint, trojan.js.redirector.le, win32/adware.eorezo.aw, win32/adware.ibryte.ar, win32/browsefox.c, win32/elex.au, win32/injected.f, win32/installcore.oy, win32/installcore.pd, win32/mypcbackup.a, win32/outbrowse.d, win32/outbrowse.v, win32/riskware.astori.a, win32/somoto.o, win32/sweetim.b



Ähnliche Themen: Überprüfung nach Reinigung von Browser Hijacking und andere Malware


  1. WinXP:keine Konnektivität,CD-Laufwerk blockiert,PC bootet nach Spybot reinigung mehrfach selbst,Browser hängt
    Alles rund um Windows - 04.07.2015 (11)
  2. Browser-Hijacking: FBDownloader / Deltasearch / Dealply
    Log-Analyse und Auswertung - 25.08.2013 (3)
  3. Hijackthis Logfile Auswerten; Browser Hijacking?
    Mülltonne - 02.01.2009 (0)
  4. Browser Hijacking + Trojaner? Bitte helfen...
    Mülltonne - 02.01.2009 (0)
  5. Mozilla und andere Browser verbinden nach einiger Zeit nicht mehr!!!
    Log-Analyse und Auswertung - 29.12.2006 (7)
  6. Browser Hijacking
    Log-Analyse und Auswertung - 01.01.2006 (1)
  7. Browser Hijacking - Hilfe benötigt +LogFile
    Log-Analyse und Auswertung - 19.04.2005 (8)
  8. Browser-Hijacking
    Log-Analyse und Auswertung - 03.01.2005 (1)
  9. Browser Hijacking?
    Plagegeister aller Art und deren Bekämpfung - 18.09.2004 (4)
  10. browser hijacking
    Log-Analyse und Auswertung - 07.09.2004 (1)
  11. browser hijacking allgemein
    Log-Analyse und Auswertung - 29.08.2004 (1)
  12. Problem: Browser Hijacking
    Log-Analyse und Auswertung - 18.08.2004 (23)
  13. Browser Hijacking
    Log-Analyse und Auswertung - 18.08.2004 (1)
  14. Extrem hartnäckiges Browser-Hijacking!
    Log-Analyse und Auswertung - 20.06.2004 (2)
  15. Browser Hijacking
    Plagegeister aller Art und deren Bekämpfung - 07.06.2004 (21)
  16. Browser Hijacking mit Opera ?!
    Plagegeister aller Art und deren Bekämpfung - 01.06.2004 (2)
  17. Browser Hijacking
    Plagegeister aller Art und deren Bekämpfung - 21.03.2004 (1)

Zum Thema Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Hallo Zusammen, ich habe das private Notebook meiner Kollegin bekommen, bei dem Browser Hijacking vorlag. Mit Unterstützung aus dem Forum (andere Beiträge) hier, habe ich folgendes bisher durchgeführt: 1. Scan - Überprüfung nach Reinigung von Browser Hijacking und andere Malware...
Archiv
Du betrachtest: Überprüfung nach Reinigung von Browser Hijacking und andere Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.