Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Überprüfung nach Reinigung von Browser Hijacking und andere Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 17.09.2014, 18:58   #1
MotoG
 
Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Standard

Überprüfung nach Reinigung von Browser Hijacking und andere Malware



Hallo Zusammen,

ich habe das private Notebook meiner Kollegin bekommen, bei dem Browser Hijacking vorlag.
Mit Unterstützung aus dem Forum (andere Beiträge) hier, habe ich folgendes bisher durchgeführt:

1. Scan mit EEK

Zuerst habe ich eine Scan mit Emsisoft Emergency Kit durchgeführt und die gefundenen Probleme in Quarantäne verschoben. Hier das Logfile dazu:

Code:
ATTFilter
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 16.09.2014 15:36:08
Benutzerkonto: PATRICKTINA\Hartmut

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	16.09.2014 15:42:22
C:\PROGRA~1\SupTab\DpInterface32.dll 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\002\fpvoixdaog32.exe 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SupTab.dll 	gefunden: Adware.Agent.OFO (B)
C:\Users\Hartmut\AppData\Local\ilvaaehj.exe 	gefunden: Gen:Variant.Adware.Symmi.11285 (B)
C:\Users\Hartmut\AppData\Local\Temp\APN-Stub 	gefunden: Application.Win32.WebToolbar (A)
C:\Users\Hartmut\AppData\Local\Temp\APN-Stub 	gefunden: Application.Win32.WebToolbar (A)
C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mypc backup 	gefunden: Application.AdStart (A)
C:\Users\Hartmut\AppData\Roaming\dvdvideosoftiehelpers 	gefunden: Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\software4u 	gefunden: Application.AppInstall (A)
C:\ProgramData\iminent 	gefunden: Application.AppInstall (A)
C:\ProgramData\partner 	gefunden: Application.AppInstall (A)
C:\Program Files\mypc backup 	gefunden: Application.AppInstall (A)
C:\Program Files\software4u 	gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD.1 	gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK 	gefunden: Application.AdServ (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\IMINENT 	gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\SOFTONIC 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\IMINENT 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MYPC BACKUP 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} 	gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MYPC BACKUP 	gefunden: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	gefunden: Application.AdShort (A)
C:\Users\Hartmut\AppData\Roaming\SupTab 	gefunden: Application.AdShort (A)
C:\Program Files\SupTab 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WEBSSEARCHESSOFTWARE 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WPM 	gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} 	gefunden: Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534} 	gefunden: Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5} 	gefunden: Application.AdBrowse (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\TUTOTAG 	gefunden: Adware.Win32.Ozore (A)
C:\ProgramData\IePluginServices 	gefunden: Application.AdPlug (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP 	gefunden: Application.InstallTab (A)
C:\Users\Hartmut\AppData\Roaming\completescan 	gefunden: Rogue.Win32.TPoint (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\FLVTUBEPLAYER.EXE 	gefunden: Adware.Win32.FlashPlay (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	gefunden: Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} 	gefunden: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\YAHOOPARTNERTOOLBAR 	gefunden: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} 	gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32 	gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS 	gefunden: Application.Win32.InstallExt (A)
C:\Program Files\002\fpvoixdaog32.exe 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\DpInterface32.dll 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SearchProtect32.dll 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SearchProtect64.dll 	gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SpAPPSv64.dll 	gefunden: Adware.Generic.958938 (B)
C:\Program Files\SupTab\SupTab.dll 	gefunden: Adware.Agent.OFO (B)
C:\Users\Hartmut\AppData\Local\ilvaaehj.exe 	gefunden: Gen:Variant.Adware.Symmi.11285 (B)
C:\Users\Hartmut\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe 	gefunden: Application.Win32.InstallMon (A)
C:\Users\Hartmut\AppData\Local\Temp\nsbFA69.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsc1202.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsm1721.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsrDA4C.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nswD5D8.exe 	gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\PreExe_ID_13667.exe 	gefunden: Application.Win32.AdLoad (A)
C:\Users\Hartmut\AppData\Local\Temp\UpdateCheckerSetup.exe 	gefunden: Application.Win32.InstallAd (A)
C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}\chrome\content\overlay.xul 	gefunden: Trojan.JS.Redirector.LE (B)
C:\Users\Public\Documents\Patrick\Downloads\Downloads\FlashPlayer__4587_i810617247_il7939.exe 	gefunden: Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\Users\Public\Documents\Patrick\Downloads\Downloads\Groovestream.exe 	gefunden: Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)

Gescannt	379195
Gefunden	80

Scan Ende:	16.09.2014 19:20:50
Scan Zeit:	3:38:28

C:\Users\Public\Documents\Patrick\Downloads\Downloads\Groovestream.exe	Quarantäne Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)
C:\Users\Public\Documents\Patrick\Downloads\Downloads\FlashPlayer__4587_i810617247_il7939.exe	Quarantäne Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}\chrome\content\overlay.xul	Quarantäne Trojan.JS.Redirector.LE (B)
C:\Users\Hartmut\AppData\Local\Temp\UpdateCheckerSetup.exe	Quarantäne Application.Win32.InstallAd (A)
C:\Users\Hartmut\AppData\Local\Temp\PreExe_ID_13667.exe	Quarantäne Application.Win32.AdLoad (A)
C:\Users\Hartmut\AppData\Local\Temp\nswD5D8.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsrDA4C.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsm1721.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsc1202.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsbFA69.exe	Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe	Quarantäne Application.Win32.InstallMon (A)
C:\Program Files\SupTab\SpAPPSv64.dll	Quarantäne Adware.Generic.958938 (B)
C:\Program Files\SupTab\SearchProtect64.dll	Quarantäne Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SearchProtect32.dll	Quarantäne Application.Win32.InstallAd (A)
C:\Program Files\002\fpvoixdaog32.exe	Quarantäne Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS	Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32	Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}	Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\YAHOOPARTNERTOOLBAR	Quarantäne Application.Win32.YTool (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}	Quarantäne Application.Win32.WSearch (A)
Value: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR	Quarantäne Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR	Quarantäne Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\FLVTUBEPLAYER.EXE	Quarantäne Adware.Win32.FlashPlay (A)
C:\Users\Hartmut\AppData\Roaming\completescan	Quarantäne Rogue.Win32.TPoint (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP	Quarantäne Application.InstallTab (A)
C:\ProgramData\IePluginServices	Quarantäne Application.AdPlug (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\TUTOTAG	Quarantäne Adware.Win32.Ozore (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}	Quarantäne Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}	Quarantäne Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}	Quarantäne Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WPM	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WEBSSEARCHESSOFTWARE	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB	Quarantäne Application.AdShort (A)
C:\Users\Hartmut\AppData\Roaming\SupTab	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}	Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MYPC BACKUP	Quarantäne Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MYPC BACKUP	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\IMINENT	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\SOFTONIC	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\IMINENT	Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK	Quarantäne Application.AdServ (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}	Quarantäne Application.AdReg (A)
C:\Program Files\software4u	Quarantäne Application.AppInstall (A)
C:\ProgramData\partner	Quarantäne Application.AppInstall (A)
C:\ProgramData\iminent	Quarantäne Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\software4u	Quarantäne Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\dvdvideosoftiehelpers	Quarantäne Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mypc backup	Quarantäne Application.AdStart (A)
C:\Users\Hartmut\AppData\Local\Temp\APN-Stub	Quarantäne Application.Win32.WebToolbar (A)

Quarantäne	66
         
2. Scan mit Malwarebytes.

Leider habe ich gerade das Logfile nicht zur Hand.

3.Scan mit F-Secure Rettungsdisk

Hier wurde nichts gefunden.

4.Scan mit Adware und Bereinigung

Das Browser Hijacking ist verschwunden

5. FRST:

Hier die beiden Logfiles:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Hartmut (administrator) on PATRICKTINA on 17-09-2014 16:37:17
Running from C:\Users\Hartmut\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.)
HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilvaaehj.lnk
ShortcutTarget: ilvaaehj.lnk -> C:\Users\Hartmut\AppData\Local\ilvaaehj.exe (No File)
Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.123.60

FireFox:
========
FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-23]
FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17]
FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}
FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider)
S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH)
S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO)
R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH)
S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed]
S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed]
R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed]
S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] ()
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 a6p4ii14; C:\windows\system32\Drivers\a6p4ii14.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 16:37 - 2014-09-17 16:38 - 00021470 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-17 16:37 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:23 - 2014-09-17 16:29 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 12:19 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-18 17:52 - 2014-08-18 17:52 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Wondershare
2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2014-08-18 17:37 - 2014-08-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-08-18 17:36 - 2014-08-18 17:37 - 00000000 ___HD () C:\Program Files\DrFoneAndroid_Temp
2014-08-18 17:36 - 2014-08-18 17:37 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Wondershare
2014-08-18 17:36 - 2014-08-18 17:36 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-18 17:33 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-18 17:18 - 2014-08-18 17:18 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2014-08-18 17:16 - 2014-08-18 17:16 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Android
2014-08-18 16:56 - 2014-08-18 17:02 - 00000000 ____D () C:\Program Files\Recuva
2014-08-18 16:56 - 2014-08-18 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-08-18 16:30 - 2014-08-18 16:30 - 00000000 ____D () C:\Program Files\Spirent Communications
2014-08-18 15:55 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-18 15:55 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-18 15:55 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-18 15:55 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 16:38 - 2014-09-17 16:37 - 00021470 _____ () C:\Users\Hartmut\Desktop\FRST.txt
2014-09-17 16:38 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 16:38 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 16:37 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST
2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe
2014-09-17 16:34 - 2009-12-05 04:40 - 01847762 _____ () C:\windows\WindowsUpdate.log
2014-09-17 16:31 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-17 16:31 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub
2014-09-17 16:31 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-09-17 16:30 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 16:30 - 2011-02-22 21:38 - 00135547 _____ () C:\windows\setupact.log
2014-09-17 16:30 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-09-17 16:30 - 2009-12-05 05:19 - 01041244 _____ () C:\windows\PFRO.log
2014-09-17 16:30 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-17 16:29 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner
2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew
2014-09-17 12:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 12:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 12:19 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit
2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log
2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss
2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb
2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore
2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-13 13:02 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-13 13:02 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-09-09 19:31 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps
2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe
2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina
2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\tmp
2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\hps
2014-08-19 20:56 - 2013-10-08 14:52 - 00001120 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2014-08-19 20:56 - 2013-10-08 14:52 - 00001105 _____ () C:\Users\Public\Desktop\dm-Fotowelt.lnk
2014-08-19 19:39 - 2014-09-13 13:17 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-13 13:17 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-13 13:17 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-13 13:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-13 13:17 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-13 13:17 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-13 13:17 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-13 13:17 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-13 13:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-13 13:17 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-13 13:17 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-13 13:17 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-13 13:17 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-13 13:17 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-13 13:17 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-13 13:17 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-13 13:17 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-13 13:17 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-13 13:17 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-13 13:17 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-13 13:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-13 13:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-13 13:17 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-13 13:17 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-13 13:17 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-13 13:17 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-13 13:17 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-13 13:17 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-13 13:17 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-13 13:17 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-18 17:52 - 2014-08-18 17:52 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2014-08-18 17:41 - 2014-01-04 12:16 - 00000000 ____D () C:\Users\Hartmut\.android
2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Wondershare
2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2014-08-18 17:37 - 2014-08-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-08-18 17:37 - 2014-08-18 17:36 - 00000000 ___HD () C:\Program Files\DrFoneAndroid_Temp
2014-08-18 17:37 - 2014-08-18 17:36 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Wondershare
2014-08-18 17:36 - 2014-08-18 17:36 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-18 17:35 - 2014-08-18 17:33 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-18 17:18 - 2014-08-18 17:18 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2014-08-18 17:16 - 2014-08-18 17:16 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Android
2014-08-18 17:02 - 2014-08-18 16:56 - 00000000 ____D () C:\Program Files\Recuva
2014-08-18 16:56 - 2014-08-18 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-08-18 16:45 - 2010-01-31 18:39 - 00088320 _____ () C:\Users\Hartmut\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 16:35 - 2014-01-04 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-08-18 16:34 - 2010-02-11 19:13 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-08-18 16:31 - 2009-12-05 04:44 - 00064962 _____ () C:\windows\DPINST.LOG
2014-08-18 16:30 - 2014-08-18 16:30 - 00000000 ____D () C:\Program Files\Spirent Communications
2014-08-18 16:30 - 2014-01-04 12:16 - 00000000 ____D () C:\Program Files\HTC
2014-08-18 16:28 - 2011-02-20 21:12 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Downloaded Installations

Files to move or delete:
====================
C:\windows\temp\DFI-0833TN.exe


Some content of TEMP:
====================
C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe
C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll
C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\f.exe
C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe
C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe
C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe
C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe
C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 20:11

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Hartmut at 2014-09-17 16:38:51
Running from C:\Users\Hartmut\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ArcSoft MediaConverter 3 (HKLM\...\{EE27AA87-8593-4B8A-A595-29E289C5520F}) (Version: 3.1.8.81 - ArcSoft)
ArcSoft Panorama Maker 4 (HKLM\...\{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}) (Version: 4.5.0.112 - ArcSoft)
ArcSoft Photo Book Screen Saver (HKLM\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version:  - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM\...\{F03EC055-F34E-4F6B-A684-8A370E11A304}) (Version: 3.0.255.500 - ArcSoft)
ArcSoft RAW Thumbnail Viewer (HKLM\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM\...\{363188E4-1A27-4DE6-BA48-823D2E205385}) (Version: 1.1.0.17 - ArcSoft)
ArcSoft Video Downloader (HKLM\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
BUFFALO LinkStation(LS-CHL) Setup Guide (HKLM\...\UN090415) (Version:  - )
BUFFALO NAS Navigator2 (HKLM\...\UN060501) (Version:  - )
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MG6200 series Benutzerregistrierung (HKLM\...\Canon MG6200 series Benutzerregistrierung) (Version:  - )
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version:  - )
Canon MG6200 series On-screen Manual (HKLM\...\Canon MG6200 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3304 - CyberLink Corp.) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version:  - )
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 3.2.0.0 - devolo AG)
dLAN Cockpit (Version: 3.2.28 - devolo AG) Hidden
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DVAPTray (HKLM\...\{30D1B542-44E0-44F0-8A31-2A101CB626B5}) (Version: 2.3.2.31 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A5675A9E-F073-414A-9A04-F9BCD50459D7}) (Version: 4.2.6 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Emsisoft HiJackFree 4.5 (HKLM\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
Genesis (HKCU\...\ilvaaehj) (Version:  - ) <==== ATTENTION
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
iCare Data Recovery Standard (HKLM\...\{F110DF75-A7A2-4641-A569-8D15F7AC7087}_is1) (Version: 6.0 - iCare Recovery)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{ea46649a-0ad3-47e6-8e81-ee599ce55b3b}) (Version:  - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.12.100 - Nero AG) Hidden
Nero Disc Copy Gadget (Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero PhotoSnap (Version: 2.4.28.0 - Nero AG) Hidden
Nero Recode (Version: 4.4.38.1 - Nero AG) Hidden
Nero Rescue Agent (Version: 2.4.14.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.21.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.19.100 - Nero AG) Hidden
Nero Vision (Version: 6.4.16.100 - Nero AG) Hidden
Nero WaveEditor (Version: 5.4.37.1 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.26.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.26.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundTrax (Version: 4.4.37.1 - Nero AG) Hidden
Stellar Phoenix Photo Recovery (HKLM\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.9895 - TeamViewer GmbH)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 4.8.0.135) (HKLM\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.0.135 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

13-09-2014 09:35:51 Windows Update
17-09-2014 05:38:09 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {203A0F5F-3436-462D-A70E-2898EE779A1D} - System32\Tasks\{3FDE1250-FCE9-479F-8E09-F3B709E73AA4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsMain
Task: {2D577A20-059C-43FE-B6C0-1FB82EC956F8} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {48A6287D-9267-44E7-99FD-21FCA0982FF8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {4C14D940-64FD-4462-B964-2371058E5BE0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {57678265-526C-442F-AF80-DC7E2EB0CEEF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: {6700FBE9-7BE9-4262-B6B6-DE9D03166726} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {88A49655-48B3-4C5D-8CD2-9B43A4A79D2F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {8D4D5684-8FAB-4077-95EB-C9C0BBB68E80} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {9A171F4D-432A-42AF-A3CC-EBCB4A1C5430} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {9AFF92F3-6909-4FE1-83FE-1D9E9E6015F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {9E874946-B293-4597-B515-99F274BAF2DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {AC5777FD-2872-4C74-BB5E-883113CCDDE5} - System32\Tasks\{4B44AE94-0578-406A-B88B-9BBE0D4FA6FC} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {CC0D875C-93E1-46F8-B7B7-80E0B3BCFA41} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2014-08-06 13:40 - 2014-08-06 13:40 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 13:44 - 2014-08-06 13:44 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 13:46 - 2014-08-06 13:46 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2012-06-25 13:31 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2009-12-05 04:45 - 2010-04-20 14:26 - 00300912 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
2009-12-05 04:45 - 2010-04-16 14:11 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
2009-12-05 04:54 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2009-12-05 04:50 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-23 22:52 - 2014-07-23 22:52 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-27 10:35 - 2014-08-27 10:35 - 17048240 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2014 07:38:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Computer Backup (MyPC Backup) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/17/2014 00:32:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/17/2014 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2014 08:14:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2014 08:11:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/09/2014 07:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d26078
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000fcf32
ID des fehlerhaften Prozesses: 0x18a0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3


System errors:
=============
Error: (09/17/2014 04:31:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/17/2014 04:31:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01
sfsync02

Error: (09/17/2014 04:30:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (09/17/2014 04:30:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (09/17/2014 04:30:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (09/17/2014 04:30:18 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01.sys konnte nicht geladen werden.

Error: (09/17/2014 04:30:17 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.

Error: (09/17/2014 04:17:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01
sfsync02

Error: (09/17/2014 04:17:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/17/2014 04:17:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/17/2014 07:38:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Computer Backup (MyPC Backup) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (09/17/2014 00:32:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe

Error: (09/17/2014 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe

Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (09/16/2014 08:14:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe

Error: (09/16/2014 08:11:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe

Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (09/09/2014 07:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1723953d22946MSHTML.dll11.0.9600.1723953d26078c0000005000fcf3218a001cfcc53b7ef389fC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll0b79d4f0-3847-11e4-a75d-002454583452


CodeIntegrity Errors:
===================================
  Date: 2014-09-17 00:32:24.060
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.057
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.034
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.030
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:24.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:23.992
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:23.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:23.985
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-17 00:32:23.975
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 43%
Total physical RAM: 3032.61 MB
Available physical RAM: 1707.39 MB
Total Pagefile: 6061.45 MB
Available Pagefile: 4370.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.73 MB

==================== Drives ================================

Drive c: (Windows/Programme) (Fixed) (Total:130.17 GB) (Free:36.82 GB) NTFS
Drive d: (Fotos und Bilder) (Fixed) (Total:152.82 GB) (Free:67.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 0E0EF5DF)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=130.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=152.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Ich glaube ich habe noch nicht alles erwischt, vor allem passiert folgendes, wenn ich das Notebook an unsere Netzwerk stöpsle: Andere PC´s melden über die Firewall einen Eindringversuch, der geblockt wird.
Ich habe auch in Erwägung gezogen, den Rechner platt zu machen und frisch aufzusetzen, falls die Reinigung nicht erfolgreich ist.

Vielen Dank.

Jürgen

Geändert von MotoG (17.09.2014 um 19:04 Uhr) Grund: Detail vergessen

 

Themen zu Überprüfung nach Reinigung von Browser Hijacking und andere Malware
adware.agent.ofo, adware.win32.flashplay, adware.win32.ozore, application.adbrowse, application.adplug, application.adserv, application.adshort, application.installad, application.installtab, application.installtool, application.win32.adload, browser hijacking, canon, device driver, ebanking, emsisoft emergency kit, fehlercode 0xc0000005, rogue.win32.tpoint, trojan.js.redirector.le, win32/adware.eorezo.aw, win32/adware.ibryte.ar, win32/browsefox.c, win32/elex.au, win32/injected.f, win32/installcore.oy, win32/installcore.pd, win32/mypcbackup.a, win32/outbrowse.d, win32/outbrowse.v, win32/riskware.astori.a, win32/somoto.o, win32/sweetim.b




Ähnliche Themen: Überprüfung nach Reinigung von Browser Hijacking und andere Malware


  1. WinXP:keine Konnektivität,CD-Laufwerk blockiert,PC bootet nach Spybot reinigung mehrfach selbst,Browser hängt
    Alles rund um Windows - 04.07.2015 (11)
  2. Browser-Hijacking: FBDownloader / Deltasearch / Dealply
    Log-Analyse und Auswertung - 25.08.2013 (3)
  3. Hijackthis Logfile Auswerten; Browser Hijacking?
    Mülltonne - 02.01.2009 (0)
  4. Browser Hijacking + Trojaner? Bitte helfen...
    Mülltonne - 02.01.2009 (0)
  5. Mozilla und andere Browser verbinden nach einiger Zeit nicht mehr!!!
    Log-Analyse und Auswertung - 29.12.2006 (7)
  6. Browser Hijacking
    Log-Analyse und Auswertung - 01.01.2006 (1)
  7. Browser Hijacking - Hilfe benötigt +LogFile
    Log-Analyse und Auswertung - 19.04.2005 (8)
  8. Browser-Hijacking
    Log-Analyse und Auswertung - 03.01.2005 (1)
  9. Browser Hijacking?
    Plagegeister aller Art und deren Bekämpfung - 18.09.2004 (4)
  10. browser hijacking
    Log-Analyse und Auswertung - 07.09.2004 (1)
  11. browser hijacking allgemein
    Log-Analyse und Auswertung - 29.08.2004 (1)
  12. Problem: Browser Hijacking
    Log-Analyse und Auswertung - 18.08.2004 (23)
  13. Browser Hijacking
    Log-Analyse und Auswertung - 18.08.2004 (1)
  14. Extrem hartnäckiges Browser-Hijacking!
    Mülltonne - 20.06.2004 (2)
  15. Browser Hijacking
    Plagegeister aller Art und deren Bekämpfung - 07.06.2004 (21)
  16. Browser Hijacking mit Opera ?!
    Plagegeister aller Art und deren Bekämpfung - 01.06.2004 (2)
  17. Browser Hijacking
    Plagegeister aller Art und deren Bekämpfung - 21.03.2004 (1)

Zum Thema Überprüfung nach Reinigung von Browser Hijacking und andere Malware - Hallo Zusammen, ich habe das private Notebook meiner Kollegin bekommen, bei dem Browser Hijacking vorlag. Mit Unterstützung aus dem Forum (andere Beiträge) hier, habe ich folgendes bisher durchgeführt: 1. Scan - Überprüfung nach Reinigung von Browser Hijacking und andere Malware...
Archiv
Du betrachtest: Überprüfung nach Reinigung von Browser Hijacking und andere Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.