| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Überprüfung nach Reinigung von Browser Hijacking und andere MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.09.2014, 18:58
| #1 |
| |  Überprüfung nach Reinigung von Browser Hijacking und andere Malware Hallo Zusammen, ich habe das private Notebook meiner Kollegin bekommen, bei dem Browser Hijacking vorlag. Mit Unterstützung aus dem Forum (andere Beiträge) hier, habe ich folgendes bisher durchgeführt: 1. Scan mit EEK Zuerst habe ich eine Scan mit Emsisoft Emergency Kit durchgeführt und die gefundenen Probleme in Quarantäne verschoben. Hier das Logfile dazu: Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 16.09.2014 15:36:08
Benutzerkonto: PATRICKTINA\Hartmut
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 16.09.2014 15:42:22
C:\PROGRA~1\SupTab\DpInterface32.dll gefunden: Application.Win32.InstallAd (A)
C:\Program Files\002\fpvoixdaog32.exe gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SupTab.dll gefunden: Adware.Agent.OFO (B)
C:\Users\Hartmut\AppData\Local\ilvaaehj.exe gefunden: Gen:Variant.Adware.Symmi.11285 (B)
C:\Users\Hartmut\AppData\Local\Temp\APN-Stub gefunden: Application.Win32.WebToolbar (A)
C:\Users\Hartmut\AppData\Local\Temp\APN-Stub gefunden: Application.Win32.WebToolbar (A)
C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mypc backup gefunden: Application.AdStart (A)
C:\Users\Hartmut\AppData\Roaming\dvdvideosoftiehelpers gefunden: Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\software4u gefunden: Application.AppInstall (A)
C:\ProgramData\iminent gefunden: Application.AppInstall (A)
C:\ProgramData\partner gefunden: Application.AppInstall (A)
C:\Program Files\mypc backup gefunden: Application.AppInstall (A)
C:\Program Files\software4u gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1 gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1 gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1 gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1 gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1 gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1 gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD.1 gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK gefunden: Application.AdServ (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\IMINENT gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\SOFTONIC gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\IMINENT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MYPC BACKUP gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MYPC BACKUP gefunden: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} gefunden: Application.AdShort (A)
C:\Users\Hartmut\AppData\Roaming\SupTab gefunden: Application.AdShort (A)
C:\Program Files\SupTab gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WEBSSEARCHESSOFTWARE gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WPM gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} gefunden: Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534} gefunden: Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5} gefunden: Application.AdBrowse (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\TUTOTAG gefunden: Adware.Win32.Ozore (A)
C:\ProgramData\IePluginServices gefunden: Application.AdPlug (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP gefunden: Application.InstallTab (A)
C:\Users\Hartmut\AppData\Roaming\completescan gefunden: Rogue.Win32.TPoint (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\FLVTUBEPLAYER.EXE gefunden: Adware.Win32.FlashPlay (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} gefunden: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\YAHOOPARTNERTOOLBAR gefunden: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32 gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS gefunden: Application.Win32.InstallExt (A)
C:\Program Files\002\fpvoixdaog32.exe gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\DpInterface32.dll gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SearchProtect32.dll gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SearchProtect64.dll gefunden: Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SpAPPSv64.dll gefunden: Adware.Generic.958938 (B)
C:\Program Files\SupTab\SupTab.dll gefunden: Adware.Agent.OFO (B)
C:\Users\Hartmut\AppData\Local\ilvaaehj.exe gefunden: Gen:Variant.Adware.Symmi.11285 (B)
C:\Users\Hartmut\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe gefunden: Application.Win32.InstallMon (A)
C:\Users\Hartmut\AppData\Local\Temp\nsbFA69.exe gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsc1202.exe gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsm1721.exe gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsrDA4C.exe gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nswD5D8.exe gefunden: Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\PreExe_ID_13667.exe gefunden: Application.Win32.AdLoad (A)
C:\Users\Hartmut\AppData\Local\Temp\UpdateCheckerSetup.exe gefunden: Application.Win32.InstallAd (A)
C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}\chrome\content\overlay.xul gefunden: Trojan.JS.Redirector.LE (B)
C:\Users\Public\Documents\Patrick\Downloads\Downloads\FlashPlayer__4587_i810617247_il7939.exe gefunden: Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\Users\Public\Documents\Patrick\Downloads\Downloads\Groovestream.exe gefunden: Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)
Gescannt 379195
Gefunden 80
Scan Ende: 16.09.2014 19:20:50
Scan Zeit: 3:38:28
C:\Users\Public\Documents\Patrick\Downloads\Downloads\Groovestream.exe Quarantäne Gen:Variant.Application.Bundler.OptimumInstaller.3 (B)
C:\Users\Public\Documents\Patrick\Downloads\Downloads\FlashPlayer__4587_i810617247_il7939.exe Quarantäne Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}\chrome\content\overlay.xul Quarantäne Trojan.JS.Redirector.LE (B)
C:\Users\Hartmut\AppData\Local\Temp\UpdateCheckerSetup.exe Quarantäne Application.Win32.InstallAd (A)
C:\Users\Hartmut\AppData\Local\Temp\PreExe_ID_13667.exe Quarantäne Application.Win32.AdLoad (A)
C:\Users\Hartmut\AppData\Local\Temp\nswD5D8.exe Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsrDA4C.exe Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsm1721.exe Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsc1202.exe Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\nsbFA69.exe Quarantäne Application.Win32.InstallTool (A)
C:\Users\Hartmut\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe Quarantäne Application.Win32.InstallMon (A)
C:\Program Files\SupTab\SpAPPSv64.dll Quarantäne Adware.Generic.958938 (B)
C:\Program Files\SupTab\SearchProtect64.dll Quarantäne Application.Win32.InstallAd (A)
C:\Program Files\SupTab\SearchProtect32.dll Quarantäne Application.Win32.InstallAd (A)
C:\Program Files\002\fpvoixdaog32.exe Quarantäne Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32 Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Quarantäne Application.Win32.YTool (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Quarantäne Application.Win32.WSearch (A)
Value: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\FLVTUBEPLAYER.EXE Quarantäne Adware.Win32.FlashPlay (A)
C:\Users\Hartmut\AppData\Roaming\completescan Quarantäne Rogue.Win32.TPoint (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP Quarantäne Application.InstallTab (A)
C:\ProgramData\IePluginServices Quarantäne Application.AdPlug (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\TUTOTAG Quarantäne Adware.Win32.Ozore (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5} Quarantäne Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Quarantäne Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} Quarantäne Application.AdBrowse (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WPM Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WEBSSEARCHESSOFTWARE Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB Quarantäne Application.AdShort (A)
C:\Users\Hartmut\AppData\Roaming\SupTab Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Quarantäne Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MYPC BACKUP Quarantäne Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MYPC BACKUP Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\IMINENT Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\SOFTONIC Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\IMINENT Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK Quarantäne Application.AdServ (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD.1 Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1 Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1 Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1 Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1 Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1 Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1 Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Quarantäne Application.AdReg (A)
C:\Program Files\software4u Quarantäne Application.AppInstall (A)
C:\ProgramData\partner Quarantäne Application.AppInstall (A)
C:\ProgramData\iminent Quarantäne Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\software4u Quarantäne Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\dvdvideosoftiehelpers Quarantäne Application.AppInstall (A)
C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mypc backup Quarantäne Application.AdStart (A)
C:\Users\Hartmut\AppData\Local\Temp\APN-Stub Quarantäne Application.Win32.WebToolbar (A)
Quarantäne 66
Leider habe ich gerade das Logfile nicht zur Hand. 3.Scan mit F-Secure Rettungsdisk Hier wurde nichts gefunden. 4.Scan mit Adware und Bereinigung Das Browser Hijacking ist verschwunden 5. FRST: Hier die beiden Logfiles: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Hartmut (administrator) on PATRICKTINA on 17-09-2014 16:37:17 Running from C:\Users\Hartmut\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe () C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe" HKLM\...\Run: [ Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.) HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilvaaehj.lnk ShortcutTarget: ilvaaehj.lnk -> C:\Users\Hartmut\AppData\Local\ilvaaehj.exe (No File) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365 BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.123.60 FireFox: ======== FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-23] FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05] FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17] FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG) R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider) S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH) S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO) S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO) R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO) R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH) S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed] R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed] S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed] R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed] S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed] R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed] S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] () S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U3 a6p4ii14; C:\windows\system32\Drivers\a6p4ii14.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 16:37 - 2014-09-17 16:38 - 00021470 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-17 16:37 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:23 - 2014-09-17 16:29 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 12:19 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2014-08-18 17:52 - 2014-08-18 17:52 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Wondershare 2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Program Files\Common Files\Wondershare 2014-08-18 17:37 - 2014-08-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2014-08-18 17:36 - 2014-08-18 17:37 - 00000000 ___HD () C:\Program Files\DrFoneAndroid_Temp 2014-08-18 17:36 - 2014-08-18 17:37 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Wondershare 2014-08-18 17:36 - 2014-08-18 17:36 - 00000000 ____D () C:\Program Files\Wondershare 2014-08-18 17:33 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2014-08-18 17:18 - 2014-08-18 17:18 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2014-08-18 17:16 - 2014-08-18 17:16 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Android 2014-08-18 16:56 - 2014-08-18 17:02 - 00000000 ____D () C:\Program Files\Recuva 2014-08-18 16:56 - 2014-08-18 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2014-08-18 16:30 - 2014-08-18 16:30 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-08-18 15:55 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2014-08-18 15:55 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2014-08-18 15:55 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2014-08-18 15:55 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 16:38 - 2014-09-17 16:37 - 00021470 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-17 16:38 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-17 16:38 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-17 16:37 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:34 - 2009-12-05 04:40 - 01847762 _____ () C:\windows\WindowsUpdate.log 2014-09-17 16:31 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-09-17 16:31 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub 2014-09-17 16:31 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-09-17 16:30 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-17 16:30 - 2011-02-22 21:38 - 00135547 _____ () C:\windows\setupact.log 2014-09-17 16:30 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-09-17 16:30 - 2009-12-05 05:19 - 01041244 _____ () C:\windows\PFRO.log 2014-09-17 16:30 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-17 16:29 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew 2014-09-17 12:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-17 12:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-17 12:19 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT 2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore 2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-13 13:02 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-13 13:02 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-09-09 19:31 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps 2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina 2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\tmp 2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\hps 2014-08-19 20:56 - 2013-10-08 14:52 - 00001120 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk 2014-08-19 20:56 - 2013-10-08 14:52 - 00001105 _____ () C:\Users\Public\Desktop\dm-Fotowelt.lnk 2014-08-19 19:39 - 2014-09-13 13:17 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-08-19 00:26 - 2014-09-13 13:17 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-08-19 00:08 - 2014-09-13 13:17 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-08-18 23:57 - 2014-09-13 13:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-08-18 23:57 - 2014-09-13 13:17 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-08-18 23:46 - 2014-09-13 13:17 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-08-18 23:45 - 2014-09-13 13:17 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-08-18 23:44 - 2014-09-13 13:17 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-13 13:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-13 13:17 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-08-18 23:39 - 2014-09-13 13:17 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-08-18 23:39 - 2014-09-13 13:17 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-08-18 23:37 - 2014-09-13 13:17 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-08-18 23:36 - 2014-09-13 13:17 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-08-18 23:36 - 2014-09-13 13:17 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-08-18 23:35 - 2014-09-13 13:17 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-08-18 23:30 - 2014-09-13 13:17 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:27 - 2014-09-13 13:17 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-08-18 23:22 - 2014-09-13 13:17 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-13 13:17 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-08-18 23:17 - 2014-09-13 13:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-08-18 23:17 - 2014-09-13 13:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-08-18 23:15 - 2014-09-13 13:17 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-08-18 23:09 - 2014-09-13 13:17 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-08-18 23:08 - 2014-09-13 13:17 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-08-18 23:08 - 2014-09-13 13:17 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-08-18 23:07 - 2014-09-13 13:17 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-08-18 22:46 - 2014-09-13 13:17 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-08-18 22:38 - 2014-09-13 13:17 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-08-18 22:36 - 2014-09-13 13:17 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-08-18 17:52 - 2014-08-18 17:52 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-08-18 17:41 - 2014-01-04 12:16 - 00000000 ____D () C:\Users\Hartmut\.android 2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Wondershare 2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Program Files\Common Files\Wondershare 2014-08-18 17:37 - 2014-08-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2014-08-18 17:37 - 2014-08-18 17:36 - 00000000 ___HD () C:\Program Files\DrFoneAndroid_Temp 2014-08-18 17:37 - 2014-08-18 17:36 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Wondershare 2014-08-18 17:36 - 2014-08-18 17:36 - 00000000 ____D () C:\Program Files\Wondershare 2014-08-18 17:35 - 2014-08-18 17:33 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2014-08-18 17:18 - 2014-08-18 17:18 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2014-08-18 17:16 - 2014-08-18 17:16 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Android 2014-08-18 17:02 - 2014-08-18 16:56 - 00000000 ____D () C:\Program Files\Recuva 2014-08-18 16:56 - 2014-08-18 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2014-08-18 16:45 - 2010-01-31 18:39 - 00088320 _____ () C:\Users\Hartmut\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-18 16:35 - 2014-01-04 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-08-18 16:34 - 2010-02-11 19:13 - 00000000 ____D () C:\Program Files\Common Files\Nero 2014-08-18 16:31 - 2009-12-05 04:44 - 00064962 _____ () C:\windows\DPINST.LOG 2014-08-18 16:30 - 2014-08-18 16:30 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-08-18 16:30 - 2014-01-04 12:16 - 00000000 ____D () C:\Program Files\HTC 2014-08-18 16:28 - 2011-02-20 21:12 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Downloaded Installations Files to move or delete: ==================== C:\windows\temp\DFI-0833TN.exe Some content of TEMP: ==================== C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe C:\Users\Hartmut\AppData\Local\Temp\f.exe C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 20:11 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Hartmut at 2014-09-17 16:38:51
Running from C:\Users\Hartmut\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ArcSoft MediaConverter 3 (HKLM\...\{EE27AA87-8593-4B8A-A595-29E289C5520F}) (Version: 3.1.8.81 - ArcSoft)
ArcSoft Panorama Maker 4 (HKLM\...\{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}) (Version: 4.5.0.112 - ArcSoft)
ArcSoft Photo Book Screen Saver (HKLM\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM\...\{F03EC055-F34E-4F6B-A684-8A370E11A304}) (Version: 3.0.255.500 - ArcSoft)
ArcSoft RAW Thumbnail Viewer (HKLM\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM\...\{363188E4-1A27-4DE6-BA48-823D2E205385}) (Version: 1.1.0.17 - ArcSoft)
ArcSoft Video Downloader (HKLM\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
BUFFALO LinkStation(LS-CHL) Setup Guide (HKLM\...\UN090415) (Version: - )
BUFFALO NAS Navigator2 (HKLM\...\UN060501) (Version: - )
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MG6200 series Benutzerregistrierung (HKLM\...\Canon MG6200 series Benutzerregistrierung) (Version: - )
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - )
Canon MG6200 series On-screen Manual (HKLM\...\Canon MG6200 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3304 - CyberLink Corp.) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 3.2.0.0 - devolo AG)
dLAN Cockpit (Version: 3.2.28 - devolo AG) Hidden
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DVAPTray (HKLM\...\{30D1B542-44E0-44F0-8A31-2A101CB626B5}) (Version: 2.3.2.31 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A5675A9E-F073-414A-9A04-F9BCD50459D7}) (Version: 4.2.6 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Emsisoft HiJackFree 4.5 (HKLM\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
Genesis (HKCU\...\ilvaaehj) (Version: - ) <==== ATTENTION
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
iCare Data Recovery Standard (HKLM\...\{F110DF75-A7A2-4641-A569-8D15F7AC7087}_is1) (Version: 6.0 - iCare Recovery)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{ea46649a-0ad3-47e6-8e81-ee599ce55b3b}) (Version: - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.12.100 - Nero AG) Hidden
Nero Disc Copy Gadget (Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero PhotoSnap (Version: 2.4.28.0 - Nero AG) Hidden
Nero Recode (Version: 4.4.38.1 - Nero AG) Hidden
Nero Rescue Agent (Version: 2.4.14.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.21.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.19.100 - Nero AG) Hidden
Nero Vision (Version: 6.4.16.100 - Nero AG) Hidden
Nero WaveEditor (Version: 5.4.37.1 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.26.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.26.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundTrax (Version: 4.4.37.1 - Nero AG) Hidden
Stellar Phoenix Photo Recovery (HKLM\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.9895 - TeamViewer GmbH)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 4.8.0.135) (HKLM\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.0.135 - Wondershare Software Co.,Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
==================== Restore Points =========================
13-09-2014 09:35:51 Windows Update
17-09-2014 05:38:09 Windows Update
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {203A0F5F-3436-462D-A70E-2898EE779A1D} - System32\Tasks\{3FDE1250-FCE9-479F-8E09-F3B709E73AA4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsMain
Task: {2D577A20-059C-43FE-B6C0-1FB82EC956F8} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {48A6287D-9267-44E7-99FD-21FCA0982FF8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {4C14D940-64FD-4462-B964-2371058E5BE0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {57678265-526C-442F-AF80-DC7E2EB0CEEF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: {6700FBE9-7BE9-4262-B6B6-DE9D03166726} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {88A49655-48B3-4C5D-8CD2-9B43A4A79D2F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {8D4D5684-8FAB-4077-95EB-C9C0BBB68E80} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {9A171F4D-432A-42AF-A3CC-EBCB4A1C5430} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {9AFF92F3-6909-4FE1-83FE-1D9E9E6015F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {9E874946-B293-4597-B515-99F274BAF2DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {AC5777FD-2872-4C74-BB5E-883113CCDDE5} - System32\Tasks\{4B44AE94-0578-406A-B88B-9BBE0D4FA6FC} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {CC0D875C-93E1-46F8-B7B7-80E0B3BCFA41} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2014-08-06 13:40 - 2014-08-06 13:40 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 13:44 - 2014-08-06 13:44 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 13:46 - 2014-08-06 13:46 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2012-06-25 13:31 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2009-12-05 04:45 - 2010-04-20 14:26 - 00300912 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
2009-12-05 04:45 - 2010-04-16 14:11 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
2009-12-05 04:54 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2009-12-05 04:50 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-23 22:52 - 2014-07-23 22:52 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-27 10:35 - 2014-08-27 10:35 - 17048240 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/17/2014 07:38:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service Computer Backup (MyPC Backup) since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (09/17/2014 00:32:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/17/2014 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2014 08:14:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2014 08:11:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/09/2014 07:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d26078
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000fcf32
ID des fehlerhaften Prozesses: 0x18a0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
System errors:
=============
Error: (09/17/2014 04:31:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/17/2014 04:31:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01
sfsync02
Error: (09/17/2014 04:30:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/17/2014 04:30:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/17/2014 04:30:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/17/2014 04:30:18 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01.sys konnte nicht geladen werden.
Error: (09/17/2014 04:30:17 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.
Error: (09/17/2014 04:17:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01
sfsync02
Error: (09/17/2014 04:17:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/17/2014 04:17:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (09/17/2014 07:38:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Computer Backup (MyPC Backup) since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (09/17/2014 00:32:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe
Error: (09/17/2014 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe
Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest
Error: (09/16/2014 08:14:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe
Error: (09/16/2014 08:11:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe
Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest
Error: (09/09/2014 07:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1723953d22946MSHTML.dll11.0.9600.1723953d26078c0000005000fcf3218a001cfcc53b7ef389fC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll0b79d4f0-3847-11e4-a75d-002454583452
CodeIntegrity Errors:
===================================
Date: 2014-09-17 00:32:24.060
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-17 00:32:24.057
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-17 00:32:24.044
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-17 00:32:24.034
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-17 00:32:24.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-17 00:32:24.027
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-17 00:32:23.992
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-17 00:32:23.989
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-17 00:32:23.985
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-17 00:32:23.975
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 43%
Total physical RAM: 3032.61 MB
Available physical RAM: 1707.39 MB
Total Pagefile: 6061.45 MB
Available Pagefile: 4370.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.73 MB
==================== Drives ================================
Drive c: (Windows/Programme) (Fixed) (Total:130.17 GB) (Free:36.82 GB) NTFS
Drive d: (Fotos und Bilder) (Fixed) (Total:152.82 GB) (Free:67.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 0E0EF5DF)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=130.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=152.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich habe auch in Erwägung gezogen, den Rechner platt zu machen und frisch aufzusetzen, falls die Reinigung nicht erfolgreich ist. Vielen Dank. Jürgen Geändert von MotoG (17.09.2014 um 19:04 Uhr) Grund: Detail vergessen |
|
17.09.2014, 19:58
| #2 |
| /// the machine /// TB-Ausbilder    | Überprüfung nach Reinigung von Browser Hijacking und andere Malware Hi,
__________________du klemmst diesen PC ans Netzwerk und andere PC im gleichen Netz melden dann Eindringversuche?  Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
18.09.2014, 11:09
| #3 |
| | Überprüfung nach Reinigung von Browser Hijacking und andere Malware Hallo Schrauber,
__________________vielen Dank für Deine Unterstützung. Das mit der Firewallmeldung könnte auch ein Tool von Buffalo sein, das da schaut, ob eine NAS da ist. TDSSKiller hat nichts gefunden. Das Logfile: Code:
ATTFilter 07:25:06.0357 0x102c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
07:25:11.0374 0x102c ============================================================
07:25:11.0374 0x102c Current date / time: 2014/09/18 07:25:11.0374
07:25:11.0375 0x102c SystemInfo:
07:25:11.0375 0x102c
07:25:11.0375 0x102c OS Version: 6.1.7601 ServicePack: 1.0
07:25:11.0375 0x102c Product type: Workstation
07:25:11.0375 0x102c ComputerName: PATRICKTINA
07:25:11.0376 0x102c UserName: Hartmut
07:25:11.0376 0x102c Windows directory: C:\windows
07:25:11.0376 0x102c System windows directory: C:\windows
07:25:11.0376 0x102c Processor architecture: Intel x86
07:25:11.0376 0x102c Number of processors: 2
07:25:11.0376 0x102c Page size: 0x1000
07:25:11.0376 0x102c Boot type: Normal boot
07:25:11.0376 0x102c ============================================================
07:25:12.0164 0x102c KLMD registered as C:\windows\system32\drivers\26586430.sys
07:25:13.0016 0x102c System UUID: {B5947FF5-B7C1-918B-D5D2-B4DEE35140F0}
07:25:13.0785 0x102c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:25:13.0788 0x102c Drive \Device\Harddisk1\DR1 - Size: 0x3BC400000 ( 14.94 Gb ), SectorSize: 0x200, Cylinders: 0x79E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:25:13.0789 0x102c ============================================================
07:25:13.0789 0x102c \Device\Harddisk0\DR0:
07:25:13.0789 0x102c MBR partitions:
07:25:13.0789 0x102c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
07:25:13.0789 0x102c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x10459800
07:25:13.0789 0x102c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1228C000, BlocksNum 0x131A2000
07:25:13.0789 0x102c \Device\Harddisk1\DR1:
07:25:13.0789 0x102c MBR partitions:
07:25:13.0789 0x102c ============================================================
07:25:13.0830 0x102c C: <-> \Device\Harddisk0\DR0\Partition2
07:25:13.0905 0x102c D: <-> \Device\Harddisk0\DR0\Partition3
07:25:13.0905 0x102c ============================================================
07:25:13.0905 0x102c Initialize success
07:25:13.0905 0x102c ============================================================
07:28:16.0864 0x1780 ============================================================
07:28:16.0864 0x1780 Scan started
07:28:16.0864 0x1780 Mode: Manual; SigCheck; TDLFS;
07:28:16.0864 0x1780 ============================================================
07:28:16.0864 0x1780 KSN ping started
07:28:22.0920 0x1780 KSN ping finished: true
07:28:23.0663 0x1780 ================ Scan system memory ========================
07:28:23.0663 0x1780 System memory - ok
07:28:23.0664 0x1780 ================ Scan services =============================
07:28:23.0905 0x1780 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
07:28:24.0038 0x1780 1394ohci - ok
07:28:24.0144 0x1780 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
07:28:24.0191 0x1780 ACDaemon - ok
07:28:24.0244 0x1780 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\windows\system32\drivers\ACPI.sys
07:28:24.0268 0x1780 ACPI - ok
07:28:24.0314 0x1780 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
07:28:24.0367 0x1780 AcpiPmi - ok
07:28:24.0503 0x1780 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:28:24.0535 0x1780 AdobeARMservice - ok
07:28:24.0643 0x1780 [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:28:24.0673 0x1780 AdobeFlashPlayerUpdateSvc - ok
07:28:24.0734 0x1780 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
07:28:24.0772 0x1780 adp94xx - ok
07:28:24.0798 0x1780 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
07:28:24.0823 0x1780 adpahci - ok
07:28:24.0844 0x1780 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
07:28:24.0865 0x1780 adpu320 - ok
07:28:24.0912 0x1780 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\windows\System32\aelupsvc.dll
07:28:24.0971 0x1780 AeLookupSvc - ok
07:28:24.0998 0x1780 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc C:\windows\system32\drivers\Afc.sys
07:28:25.0015 0x1780 Afc - ok
07:28:25.0076 0x1780 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\windows\system32\drivers\afd.sys
07:28:25.0135 0x1780 AFD - ok
07:28:25.0182 0x1780 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\windows\system32\drivers\agp440.sys
07:28:25.0210 0x1780 agp440 - ok
07:28:25.0238 0x1780 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
07:28:25.0259 0x1780 aic78xx - ok
07:28:25.0305 0x1780 [ 5604B131100881E0B8E40FE85454189B, DFAD5ACAF4D86E70A903EFD1B9B129AE63C1C5061AA5689F819DDD2FBC3F3004 ] AirDisplay C:\windows\system32\DRIVERS\AVVideoCard.sys
07:28:25.0353 0x1780 AirDisplay - ok
07:28:25.0377 0x1780 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\windows\System32\alg.exe
07:28:25.0421 0x1780 ALG - ok
07:28:25.0455 0x1780 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\windows\system32\drivers\aliide.sys
07:28:25.0473 0x1780 aliide - ok
07:28:25.0493 0x1780 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\windows\system32\drivers\amdagp.sys
07:28:25.0513 0x1780 amdagp - ok
07:28:25.0524 0x1780 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\windows\system32\drivers\amdide.sys
07:28:25.0542 0x1780 amdide - ok
07:28:25.0570 0x1780 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
07:28:25.0604 0x1780 AmdK8 - ok
07:28:25.0658 0x1780 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
07:28:25.0711 0x1780 AmdPPM - ok
07:28:25.0754 0x1780 [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata C:\windows\system32\drivers\amdsata.sys
07:28:25.0774 0x1780 amdsata - ok
07:28:25.0792 0x1780 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
07:28:25.0814 0x1780 amdsbs - ok
07:28:25.0838 0x1780 [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata C:\windows\system32\drivers\amdxata.sys
07:28:25.0857 0x1780 amdxata - ok
07:28:25.0901 0x1780 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\windows\system32\drivers\appid.sys
07:28:25.0962 0x1780 AppID - ok
07:28:26.0013 0x1780 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\windows\System32\appidsvc.dll
07:28:26.0075 0x1780 AppIDSvc - ok
07:28:26.0124 0x1780 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\windows\System32\appinfo.dll
07:28:26.0164 0x1780 Appinfo - ok
07:28:26.0190 0x1780 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\windows\system32\DRIVERS\arc.sys
07:28:26.0210 0x1780 arc - ok
07:28:26.0238 0x1780 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
07:28:26.0257 0x1780 arcsas - ok
07:28:26.0407 0x1780 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:28:26.0436 0x1780 aspnet_state - ok
07:28:26.0456 0x1780 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
07:28:26.0504 0x1780 AsyncMac - ok
07:28:26.0543 0x1780 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\windows\system32\drivers\atapi.sys
07:28:26.0561 0x1780 atapi - ok
07:28:26.0711 0x1780 [ EE32C0A39B6D3D0834C4D46D8C45E1D0, 439088EBF92D86BE05E3CB106E3208DFD1583F7E81DC120021EB36F564F2A91C ] athr C:\windows\system32\DRIVERS\athr.sys
07:28:26.0787 0x1780 athr - ok
07:28:26.0844 0x1780 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
07:28:26.0891 0x1780 AudioEndpointBuilder - ok
07:28:26.0909 0x1780 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\windows\System32\Audiosrv.dll
07:28:26.0954 0x1780 Audiosrv - ok
07:28:27.0060 0x1780 [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
07:28:27.0097 0x1780 AVP - ok
07:28:27.0137 0x1780 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\windows\System32\AxInstSV.dll
07:28:27.0225 0x1780 AxInstSV - ok
07:28:27.0273 0x1780 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
07:28:27.0315 0x1780 b06bdrv - ok
07:28:27.0347 0x1780 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
07:28:27.0394 0x1780 b57nd60x - ok
07:28:27.0431 0x1780 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\windows\System32\bdesvc.dll
07:28:27.0469 0x1780 BDESVC - ok
07:28:27.0498 0x1780 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\windows\system32\drivers\Beep.sys
07:28:27.0544 0x1780 Beep - ok
07:28:27.0619 0x1780 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\windows\System32\bfe.dll
07:28:27.0719 0x1780 BFE - ok
07:28:27.0785 0x1780 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\windows\System32\qmgr.dll
07:28:27.0856 0x1780 BITS - ok
07:28:27.0878 0x1780 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
07:28:27.0915 0x1780 blbdrive - ok
07:28:27.0963 0x1780 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\windows\system32\DRIVERS\bowser.sys
07:28:28.0009 0x1780 bowser - ok
07:28:28.0043 0x1780 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
07:28:28.0084 0x1780 BrFiltLo - ok
07:28:28.0109 0x1780 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
07:28:28.0170 0x1780 BrFiltUp - ok
07:28:28.0208 0x1780 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\windows\System32\browser.dll
07:28:28.0285 0x1780 Browser - ok
07:28:28.0317 0x1780 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\windows\System32\Drivers\Brserid.sys
07:28:28.0384 0x1780 Brserid - ok
07:28:28.0402 0x1780 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
07:28:28.0440 0x1780 BrSerWdm - ok
07:28:28.0467 0x1780 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
07:28:28.0499 0x1780 BrUsbMdm - ok
07:28:28.0514 0x1780 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
07:28:28.0561 0x1780 BrUsbSer - ok
07:28:28.0588 0x1780 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
07:28:28.0623 0x1780 BTHMODEM - ok
07:28:28.0688 0x1780 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\windows\system32\bthserv.dll
07:28:28.0742 0x1780 bthserv - ok
07:28:28.0764 0x1780 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
07:28:28.0815 0x1780 cdfs - ok
07:28:28.0875 0x1780 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
07:28:28.0918 0x1780 cdrom - ok
07:28:28.0957 0x1780 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\windows\System32\certprop.dll
07:28:29.0023 0x1780 CertPropSvc - ok
07:28:29.0069 0x1780 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\windows\system32\DRIVERS\circlass.sys
07:28:29.0137 0x1780 circlass - ok
07:28:29.0259 0x1780 [ DBC8CDAFC84E96E894C3BAAED9B30F47, A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys
07:28:29.0321 0x1780 cleanhlp - ok
07:28:29.0352 0x1780 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\windows\system32\CLFS.sys
07:28:29.0376 0x1780 CLFS - ok
07:28:29.0429 0x1780 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:28:29.0449 0x1780 clr_optimization_v2.0.50727_32 - ok
07:28:29.0534 0x1780 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:28:29.0560 0x1780 clr_optimization_v4.0.30319_32 - ok
07:28:29.0575 0x1780 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
07:28:29.0610 0x1780 CmBatt - ok
07:28:29.0668 0x1780 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\windows\system32\drivers\cmdide.sys
07:28:29.0686 0x1780 cmdide - ok
07:28:29.0746 0x1780 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\windows\system32\Drivers\cng.sys
07:28:29.0788 0x1780 CNG - ok
07:28:29.0820 0x1780 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
07:28:29.0838 0x1780 Compbatt - ok
07:28:29.0912 0x1780 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
07:28:29.0953 0x1780 CompositeBus - ok
07:28:29.0959 0x1780 COMSysApp - ok
07:28:29.0987 0x1780 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
07:28:30.0005 0x1780 crcdisk - ok
07:28:30.0045 0x1780 [ C914D18AB66B132E9C73F19F8F805F1F, EA62EBD030587653F65403EE272D04E47392AB9DF6F33D8B9ECE0A105A6AB328 ] CryptOSD C:\windows\system32\DRIVERS\CryptOSD.sys
07:28:30.0077 0x1780 CryptOSD - ok
07:28:30.0130 0x1780 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\windows\system32\cryptsvc.dll
07:28:30.0203 0x1780 CryptSvc - ok
07:28:30.0275 0x1780 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\windows\system32\rpcss.dll
07:28:30.0332 0x1780 DcomLaunch - ok
07:28:30.0365 0x1780 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\windows\System32\defragsvc.dll
07:28:30.0417 0x1780 defragsvc - ok
07:28:30.0618 0x1780 [ 141673E69CFDCF0B1531616343223EE4, 7A4872FDC1A3570B44595C0B8C671C2EB15702A1DF652BF91A4BCFF8FD446025 ] DevoloNetworkService C:\Program Files\devolo\dlan\devolonetsvc.exe
07:28:30.0802 0x1780 DevoloNetworkService - ok
07:28:30.0843 0x1780 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\windows\system32\Drivers\dfsc.sys
07:28:30.0891 0x1780 DfsC - ok
07:28:30.0938 0x1780 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\windows\system32\dhcpcore.dll
07:28:31.0007 0x1780 Dhcp - ok
07:28:31.0034 0x1780 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\windows\system32\drivers\discache.sys
07:28:31.0090 0x1780 discache - ok
07:28:31.0111 0x1780 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\windows\system32\DRIVERS\disk.sys
07:28:31.0130 0x1780 Disk - ok
07:28:31.0174 0x1780 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\windows\System32\dnsrslvr.dll
07:28:31.0231 0x1780 Dnscache - ok
07:28:31.0274 0x1780 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\windows\System32\dot3svc.dll
07:28:31.0330 0x1780 dot3svc - ok
07:28:31.0371 0x1780 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\windows\system32\dps.dll
07:28:31.0432 0x1780 DPS - ok
07:28:31.0480 0x1780 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\windows\system32\drivers\drmkaud.sys
07:28:31.0518 0x1780 drmkaud - ok
07:28:31.0595 0x1780 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
07:28:31.0634 0x1780 DXGKrnl - ok
07:28:31.0693 0x1780 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\windows\System32\eapsvc.dll
07:28:31.0746 0x1780 EapHost - ok
07:28:31.0908 0x1780 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
07:28:32.0098 0x1780 ebdrv - ok
07:28:32.0140 0x1780 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\windows\System32\lsass.exe
07:28:32.0199 0x1780 EFS - ok
07:28:32.0303 0x1780 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\windows\ehome\ehRecvr.exe
07:28:32.0396 0x1780 ehRecvr - ok
07:28:32.0423 0x1780 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\windows\ehome\ehsched.exe
07:28:32.0479 0x1780 ehSched - ok
07:28:32.0530 0x1780 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
07:28:32.0560 0x1780 elxstor - ok
07:28:32.0579 0x1780 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\windows\system32\drivers\errdev.sys
07:28:32.0615 0x1780 ErrDev - ok
07:28:32.0683 0x1780 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\windows\system32\es.dll
07:28:32.0747 0x1780 EventSystem - ok
07:28:32.0774 0x1780 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\windows\system32\drivers\exfat.sys
07:28:32.0832 0x1780 exfat - ok
07:28:32.0861 0x1780 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\windows\system32\drivers\fastfat.sys
07:28:32.0917 0x1780 fastfat - ok
07:28:32.0964 0x1780 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\windows\system32\fxssvc.exe
07:28:33.0031 0x1780 Fax - ok
07:28:33.0055 0x1780 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\windows\system32\DRIVERS\fdc.sys
07:28:33.0076 0x1780 fdc - ok
07:28:33.0101 0x1780 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\windows\system32\fdPHost.dll
07:28:33.0148 0x1780 fdPHost - ok
07:28:33.0172 0x1780 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\windows\system32\fdrespub.dll
07:28:33.0222 0x1780 FDResPub - ok
07:28:33.0262 0x1780 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
07:28:33.0281 0x1780 FileInfo - ok
07:28:33.0297 0x1780 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\windows\system32\drivers\filetrace.sys
07:28:33.0345 0x1780 Filetrace - ok
07:28:33.0366 0x1780 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
07:28:33.0397 0x1780 flpydisk - ok
07:28:33.0421 0x1780 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
07:28:33.0444 0x1780 FltMgr - ok
07:28:33.0536 0x1780 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\windows\system32\FntCache.dll
07:28:33.0640 0x1780 FontCache - ok
07:28:33.0699 0x1780 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:28:33.0725 0x1780 FontCache3.0.0.0 - ok
07:28:33.0768 0x1780 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
07:28:33.0786 0x1780 FsDepends - ok
07:28:33.0817 0x1780 [ B74B0578FD1D3F897E95F2A2B69EA051, 64FCA8452CB37D55679AC8BEF221D6BA1D91E50680D37FFCFB81619ADAA5889C ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
07:28:33.0833 0x1780 fssfltr - ok
07:28:33.0928 0x1780 [ 206AD9A89BF05DFA1621F1FC7B82592D, EAEE557535D865232237898858F5AE35F868065A1F79BBB48A2173124E2B6F63 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
07:28:33.0977 0x1780 fsssvc - ok
07:28:34.0015 0x1780 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
07:28:34.0034 0x1780 Fs_Rec - ok
07:28:34.0105 0x1780 [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
07:28:34.0147 0x1780 fvevol - ok
07:28:34.0182 0x1780 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
07:28:34.0201 0x1780 gagp30kx - ok
07:28:34.0260 0x1780 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:28:34.0275 0x1780 GEARAspiWDM - ok
07:28:34.0430 0x1780 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\windows\System32\gpsvc.dll
07:28:34.0502 0x1780 gpsvc - ok
07:28:34.0655 0x1780 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:28:34.0683 0x1780 gupdate - ok
07:28:34.0691 0x1780 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:28:34.0706 0x1780 gupdatem - ok
07:28:34.0743 0x1780 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
07:28:34.0792 0x1780 hcw85cir - ok
07:28:34.0857 0x1780 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
07:28:34.0906 0x1780 HdAudAddService - ok
07:28:34.0942 0x1780 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
07:28:34.0977 0x1780 HDAudBus - ok
07:28:35.0002 0x1780 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
07:28:35.0035 0x1780 HidBatt - ok
07:28:35.0055 0x1780 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
07:28:35.0089 0x1780 HidBth - ok
07:28:35.0108 0x1780 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\windows\system32\DRIVERS\hidir.sys
07:28:35.0130 0x1780 HidIr - ok
07:28:35.0164 0x1780 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\windows\system32\hidserv.dll
07:28:35.0222 0x1780 hidserv - ok
07:28:35.0266 0x1780 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\windows\system32\drivers\hidusb.sys
07:28:35.0309 0x1780 HidUsb - ok
07:28:35.0362 0x1780 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\windows\system32\kmsvc.dll
07:28:35.0434 0x1780 hkmsvc - ok
07:28:35.0471 0x1780 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
07:28:35.0547 0x1780 HomeGroupListener - ok
07:28:35.0601 0x1780 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
07:28:35.0686 0x1780 HomeGroupProvider - ok
07:28:35.0713 0x1780 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
07:28:35.0732 0x1780 HpSAMD - ok
07:28:35.0788 0x1780 [ 950CC1E6AE3A6CD23E0945CDE089B02C, C242AE9F21FE7FBC269BD11BDD3346936626DA15596561B527EF20CFAEF77055 ] HTCAND32 C:\windows\system32\Drivers\ANDROIDUSB.sys
07:28:35.0826 0x1780 HTCAND32 - ok
07:28:35.0952 0x1780 [ 5C8BC8A28798FD010E7ABC4E0D588CAA, 622CAFD3DCBB05E15539589FDD4002DA6F24790FC55BDF05AA3D043E8A34E53E ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
07:28:35.0968 0x1780 HTCMonitorService - ok
07:28:35.0983 0x1780 [ 339ADEFAD60353F960E3CA67CE468C24, AF0953ACBE2CA6466595A31349DBF96452DEF2633FD279E8F2B59A3767B89AFC ] htcnprot C:\windows\system32\DRIVERS\htcnprot.sys
07:28:36.0029 0x1780 htcnprot - ok
07:28:36.0074 0x1780 [ 89E2296561FCE84AC9F34EE7243D78AC, 9643FB3A99EC94E3F2A6332970D0D68C77CA8AB3B4F688004EC0BFC2881D5A38 ] HtcVCom32 C:\windows\system32\DRIVERS\HtcVComV32.sys
07:28:36.0132 0x1780 HtcVCom32 - ok
07:28:36.0192 0x1780 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\windows\system32\drivers\HTTP.sys
07:28:36.0242 0x1780 HTTP - ok
07:28:36.0289 0x1780 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
07:28:36.0307 0x1780 hwpolicy - ok
07:28:36.0362 0x1780 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
07:28:36.0411 0x1780 i8042prt - ok
07:28:36.0467 0x1780 [ 0BAA4115DFFFD6A6D809A89D65E1281A, FE524C9AFD31780F9E05765A49FFEA7B5EB0C0C9C6222080B50032BB3643A21B ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
07:28:36.0490 0x1780 iaStor - ok
07:28:36.0530 0x1780 [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV C:\windows\system32\drivers\iaStorV.sys
07:28:36.0557 0x1780 iaStorV - ok
07:28:36.0640 0x1780 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:28:36.0685 0x1780 idsvc - ok
07:28:36.0751 0x1780 IEEtwCollectorService - ok
07:28:37.0120 0x1780 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
07:28:37.0663 0x1780 igfx - ok
07:28:37.0725 0x1780 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
07:28:37.0744 0x1780 iirsp - ok
07:28:37.0887 0x1780 [ CE1EE31FFF730CA975A5535D8A71AF61, A1808EB92EC2444F9309C93F5724A7A374F4B983862829BF9B076C8D3B2427DE ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
07:28:37.0917 0x1780 IJPLMSVC - ok
07:28:37.0980 0x1780 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\windows\System32\ikeext.dll
07:28:38.0035 0x1780 IKEEXT - ok
07:28:38.0185 0x1780 [ 96282FBCE4534C9BF147CFFE9E1FA8DB, 91801002545FFF336A46A6D8B365491D2A21DD561DC8C7FA1EF6A1D9CFE1893C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
07:28:38.0343 0x1780 IntcAzAudAddService - ok
07:28:38.0387 0x1780 [ 264632ADE8127B7BAA2190CF6FAD435B, 5D558FEB9D25B271E0A29C7C20BCEE343E8370F8BE194E1AA505B692E799C2FF ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys
07:28:38.0428 0x1780 IntcHdmiAddService - ok
07:28:38.0446 0x1780 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\windows\system32\drivers\intelide.sys
07:28:38.0464 0x1780 intelide - ok
07:28:38.0501 0x1780 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
07:28:38.0523 0x1780 intelppm - ok
07:28:38.0541 0x1780 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\windows\system32\ipbusenum.dll
07:28:38.0603 0x1780 IPBusEnum - ok
07:28:38.0657 0x1780 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
07:28:38.0720 0x1780 IpFilterDriver - ok
07:28:38.0784 0x1780 [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
07:28:38.0850 0x1780 iphlpsvc - ok
07:28:38.0896 0x1780 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
07:28:38.0926 0x1780 IPMIDRV - ok
07:28:38.0956 0x1780 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\windows\system32\drivers\ipnat.sys
07:28:39.0010 0x1780 IPNAT - ok
07:28:39.0033 0x1780 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\windows\system32\drivers\irenum.sys
07:28:39.0075 0x1780 IRENUM - ok
07:28:39.0095 0x1780 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\windows\system32\drivers\isapnp.sys
07:28:39.0114 0x1780 isapnp - ok
07:28:39.0164 0x1780 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
07:28:39.0196 0x1780 iScsiPrt - ok
07:28:39.0217 0x1780 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
07:28:39.0236 0x1780 kbdclass - ok
07:28:39.0296 0x1780 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\windows\system32\drivers\kbdhid.sys
07:28:39.0351 0x1780 kbdhid - ok
07:28:39.0375 0x1780 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\windows\system32\lsass.exe
07:28:39.0394 0x1780 KeyIso - ok
07:28:39.0477 0x1780 [ 871C226234A48C24DFE7478F36C0050C, 657CAB49387E0E40311D4DEC93D9860B2DAC2C05F223698CFA2F9BB50B5F3022 ] kl1 C:\windows\system32\DRIVERS\kl1.sys
07:28:39.0509 0x1780 kl1 - ok
07:28:39.0558 0x1780 [ 7C731AA78B9FB5B197A4506B63D5A248, 5E96458A1097E84581EBE10CE4CB7F73949F3B6E99F96D405B040B6733488765 ] klflt C:\windows\system32\DRIVERS\klflt.sys
07:28:39.0576 0x1780 klflt - ok
07:28:39.0693 0x1780 [ 72D91384E7E0A8F6C559AA87D81F4DE2, 7269B08DC25B2A7F285E005B9E52BDE5005D78A2B4ADE79F39B5174C0455AFB7 ] KLIF C:\windows\system32\DRIVERS\klif.sys
07:28:39.0725 0x1780 KLIF - ok
07:28:39.0769 0x1780 [ 039FB019C92A16A54FE527D93B0CFB96, 080897B377511FD2439EB651086390CD72B822E8222C79AB0569FAFAA14BA0AE ] KLIM6 C:\windows\system32\DRIVERS\klim6.sys
07:28:39.0786 0x1780 KLIM6 - ok
07:28:39.0874 0x1780 [ CC0909694768C302B89CC040436ECABC, AA93530F8E15B45BC403364612B67A1537924A87BD762B89921C494666341AC6 ] klkbdflt C:\windows\system32\DRIVERS\klkbdflt.sys
07:28:39.0901 0x1780 klkbdflt - ok
07:28:39.0954 0x1780 [ 035724BA6D5676B76FD3AFB66AB4F1E3, 81B30112B96DD3E7250420EEFF2ACECD424A2BE155E83C44434321CEA7DBE117 ] klmouflt C:\windows\system32\DRIVERS\klmouflt.sys
07:28:39.0971 0x1780 klmouflt - ok
07:28:40.0001 0x1780 [ EB0D72D2844C57F5F146D7A15B04FBF9, 3DFEDA024AD5D54EEAF7D4411153CFA8AD95FCF217E09F2B7AFD2D91EE623BF2 ] klpd C:\windows\system32\DRIVERS\klpd.sys
07:28:40.0018 0x1780 klpd - ok
07:28:40.0033 0x1780 [ 040A3BC4AF5A0430A1D9A758F076465E, D371BC29283AA645CF31D6EDB7D4562B7CF8D664D681B9033B948D71F4CC3EE6 ] kltdi C:\windows\system32\DRIVERS\kltdi.sys
07:28:40.0051 0x1780 kltdi - ok
07:28:40.0108 0x1780 [ 4D19D96447E160A7E4B479037761BBC1, AD34C9C678030744ADD00B09A96C368167AA303DDC39BE74B1538E7AF8A82CB8 ] kneps C:\windows\system32\DRIVERS\kneps.sys
07:28:40.0128 0x1780 kneps - ok
07:28:40.0170 0x1780 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
07:28:40.0189 0x1780 KSecDD - ok
07:28:40.0210 0x1780 [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
07:28:40.0233 0x1780 KSecPkg - ok
07:28:40.0271 0x1780 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\windows\system32\msdtckrm.dll
07:28:40.0332 0x1780 KtmRm - ok
07:28:40.0362 0x1780 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\windows\system32\srvsvc.dll
07:28:40.0416 0x1780 LanmanServer - ok
07:28:40.0455 0x1780 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
07:28:40.0492 0x1780 LanmanWorkstation - ok
07:28:40.0522 0x1780 [ DD83DC92463FCE6324FD30A13D17D0DA, 505AEFDD07DD17FD6D88478F0951CA1287F867669E7F078D8562657A13C32862 ] LHidFilt C:\windows\system32\DRIVERS\LHidFilt.Sys
07:28:40.0539 0x1780 LHidFilt - ok
07:28:40.0576 0x1780 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
07:28:40.0630 0x1780 lltdio - ok
07:28:40.0699 0x1780 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\windows\System32\lltdsvc.dll
07:28:40.0748 0x1780 lltdsvc - ok
07:28:40.0760 0x1780 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\windows\System32\lmhsvc.dll
07:28:40.0808 0x1780 lmhosts - ok
07:28:40.0837 0x1780 [ 8FE0008E183FF0293A925B78A5581C5F, CA99379DD3C44F1522197B0FAA7F8E0EF4403C008701284BC3A7775E6E2BEDA7 ] LMouFilt C:\windows\system32\DRIVERS\LMouFilt.Sys
07:28:40.0853 0x1780 LMouFilt - ok
07:28:40.0869 0x1780 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
07:28:40.0890 0x1780 LSI_FC - ok
07:28:40.0922 0x1780 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
07:28:40.0943 0x1780 LSI_SAS - ok
07:28:40.0958 0x1780 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
07:28:40.0978 0x1780 LSI_SAS2 - ok
07:28:40.0995 0x1780 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
07:28:41.0016 0x1780 LSI_SCSI - ok
07:28:41.0035 0x1780 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\windows\system32\drivers\luafv.sys
07:28:41.0093 0x1780 luafv - ok
07:28:41.0137 0x1780 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
07:28:41.0172 0x1780 Mcx2Svc - ok
07:28:41.0195 0x1780 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\windows\system32\DRIVERS\megasas.sys
07:28:41.0214 0x1780 megasas - ok
07:28:41.0242 0x1780 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
07:28:41.0268 0x1780 MegaSR - ok
07:28:41.0304 0x1780 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\windows\system32\mmcss.dll
07:28:41.0354 0x1780 MMCSS - ok
07:28:41.0384 0x1780 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\windows\system32\drivers\modem.sys
07:28:41.0424 0x1780 Modem - ok
07:28:41.0465 0x1780 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\windows\system32\DRIVERS\monitor.sys
07:28:41.0515 0x1780 monitor - ok
07:28:41.0539 0x1780 [ 111A023266532C621EE69AE96E47081E, D933340AF838D94F25C74F9D46A74DE3B45F29B896AFA49A03676BAB8CD400CF ] MonitorFunction C:\windows\system32\DRIVERS\TVMonitor.sys
07:28:41.0555 0x1780 MonitorFunction - ok
07:28:41.0590 0x1780 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
07:28:41.0609 0x1780 mouclass - ok
07:28:41.0652 0x1780 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
07:28:41.0699 0x1780 mouhid - ok
07:28:41.0739 0x1780 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\windows\system32\drivers\mountmgr.sys
07:28:41.0759 0x1780 mountmgr - ok
07:28:41.0841 0x1780 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:28:41.0874 0x1780 MozillaMaintenance - ok
07:28:41.0925 0x1780 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\windows\system32\drivers\mpio.sys
07:28:41.0957 0x1780 mpio - ok
07:28:41.0983 0x1780 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
07:28:42.0038 0x1780 mpsdrv - ok
07:28:42.0111 0x1780 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\windows\system32\mpssvc.dll
07:28:42.0189 0x1780 MpsSvc - ok
07:28:42.0244 0x1780 [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
07:28:42.0292 0x1780 MRxDAV - ok
07:28:42.0349 0x1780 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
07:28:42.0407 0x1780 mrxsmb - ok
07:28:42.0473 0x1780 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
07:28:42.0553 0x1780 mrxsmb10 - ok
07:28:42.0606 0x1780 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
07:28:42.0667 0x1780 mrxsmb20 - ok
07:28:42.0702 0x1780 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\windows\system32\drivers\msahci.sys
07:28:42.0721 0x1780 msahci - ok
07:28:42.0744 0x1780 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\windows\system32\drivers\msdsm.sys
07:28:42.0765 0x1780 msdsm - ok
07:28:42.0783 0x1780 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\windows\System32\msdtc.exe
07:28:42.0837 0x1780 MSDTC - ok
07:28:42.0888 0x1780 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\windows\system32\drivers\Msfs.sys
07:28:42.0935 0x1780 Msfs - ok
07:28:42.0953 0x1780 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
07:28:42.0987 0x1780 mshidkmdf - ok
07:28:43.0021 0x1780 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
07:28:43.0039 0x1780 msisadrv - ok
07:28:43.0059 0x1780 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\windows\system32\iscsiexe.dll
07:28:43.0114 0x1780 MSiSCSI - ok
07:28:43.0120 0x1780 msiserver - ok
07:28:43.0141 0x1780 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
07:28:43.0176 0x1780 MSKSSRV - ok
07:28:43.0192 0x1780 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
07:28:43.0239 0x1780 MSPCLOCK - ok
07:28:43.0264 0x1780 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
07:28:43.0318 0x1780 MSPQM - ok
07:28:43.0355 0x1780 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
07:28:43.0389 0x1780 MsRPC - ok
07:28:43.0434 0x1780 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\windows\system32\drivers\mssmbios.sys
07:28:43.0452 0x1780 mssmbios - ok
07:28:43.0472 0x1780 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\windows\system32\drivers\MSTEE.sys
07:28:43.0508 0x1780 MSTEE - ok
07:28:43.0523 0x1780 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
07:28:43.0559 0x1780 MTConfig - ok
07:28:43.0579 0x1780 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\windows\system32\Drivers\mup.sys
07:28:43.0598 0x1780 Mup - ok
07:28:43.0664 0x1780 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\windows\system32\qagentRT.dll
07:28:43.0728 0x1780 napagent - ok
07:28:43.0817 0x1780 NasPmService - ok
07:28:43.0855 0x1780 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
07:28:43.0886 0x1780 NativeWifiP - ok
07:28:43.0958 0x1780 [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS C:\windows\system32\drivers\ndis.sys
07:28:43.0998 0x1780 NDIS - ok
07:28:44.0030 0x1780 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
07:28:44.0086 0x1780 NdisCap - ok
07:28:44.0108 0x1780 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
07:28:44.0162 0x1780 NdisTapi - ok
07:28:44.0195 0x1780 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
07:28:44.0243 0x1780 Ndisuio - ok
07:28:44.0285 0x1780 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
07:28:44.0336 0x1780 NdisWan - ok
07:28:44.0380 0x1780 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\windows\system32\drivers\NDProxy.sys
07:28:44.0446 0x1780 NDProxy - ok
07:28:44.0558 0x1780 [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
07:28:44.0600 0x1780 Nero BackItUp Scheduler 4.0 - ok
07:28:44.0647 0x1780 [ 1352E1648213551923A0A822E441553C, F9BCA299249D8E1ADF88F54554F72428E267E39911143F4C99DFF562F0EE4E70 ] Netaapl C:\windows\system32\DRIVERS\netaapl.sys
07:28:44.0708 0x1780 Netaapl - detected UnsignedFile.Multi.Generic ( 1 )
07:28:47.0066 0x1780 Detect skipped due to KSN trusted
07:28:47.0066 0x1780 Netaapl - ok
07:28:47.0098 0x1780 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
07:28:47.0171 0x1780 NetBIOS - ok
07:28:47.0206 0x1780 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
07:28:47.0264 0x1780 NetBT - ok
07:28:47.0286 0x1780 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\windows\system32\lsass.exe
07:28:47.0308 0x1780 Netlogon - ok
07:28:47.0353 0x1780 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\windows\System32\netman.dll
07:28:47.0420 0x1780 Netman - ok
07:28:47.0465 0x1780 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:28:47.0496 0x1780 NetMsmqActivator - ok
07:28:47.0503 0x1780 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:28:47.0521 0x1780 NetPipeActivator - ok
07:28:47.0557 0x1780 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\windows\System32\netprofm.dll
07:28:47.0617 0x1780 netprofm - ok
07:28:47.0625 0x1780 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:28:47.0642 0x1780 NetTcpActivator - ok
07:28:47.0649 0x1780 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:28:47.0666 0x1780 NetTcpPortSharing - ok
07:28:47.0705 0x1780 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
07:28:47.0735 0x1780 nfrd960 - ok
07:28:47.0784 0x1780 [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc C:\windows\System32\nlasvc.dll
07:28:47.0845 0x1780 NlaSvc - ok
07:28:47.0872 0x1780 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\windows\system32\drivers\Npfs.sys
07:28:47.0908 0x1780 Npfs - ok
07:28:47.0986 0x1780 [ 75AC610A7481CB1F343DC971249BCB19, F1DC7478F0219D88DEA5BAC95D11A6C3CA418D5BCB730EB0BC2D80247C39AC67 ] NPF_devolo C:\windows\system32\drivers\npf_devolo.sys
07:28:48.0019 0x1780 NPF_devolo - detected UnsignedFile.Multi.Generic ( 1 )
07:28:50.0383 0x1780 Detect skipped due to KSN trusted
07:28:50.0383 0x1780 NPF_devolo - ok
07:28:50.0429 0x1780 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\windows\system32\nsisvc.dll
07:28:50.0479 0x1780 nsi - ok
07:28:50.0488 0x1780 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
07:28:50.0539 0x1780 nsiproxy - ok
07:28:50.0646 0x1780 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\windows\system32\drivers\Ntfs.sys
07:28:50.0700 0x1780 Ntfs - ok
07:28:50.0740 0x1780 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\windows\system32\drivers\Null.sys
07:28:50.0793 0x1780 Null - ok
07:28:50.0840 0x1780 [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid C:\windows\system32\drivers\nvraid.sys
07:28:50.0860 0x1780 nvraid - ok
07:28:50.0882 0x1780 [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor C:\windows\system32\drivers\nvstor.sys
07:28:50.0903 0x1780 nvstor - ok
07:28:50.0922 0x1780 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
07:28:50.0943 0x1780 nv_agp - ok
07:28:50.0966 0x1780 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
07:28:51.0004 0x1780 ohci1394 - ok
07:28:51.0042 0x1780 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
07:28:51.0115 0x1780 p2pimsvc - ok
07:28:51.0155 0x1780 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\windows\system32\p2psvc.dll
07:28:51.0187 0x1780 p2psvc - ok
07:28:51.0214 0x1780 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\windows\system32\DRIVERS\parport.sys
07:28:51.0247 0x1780 Parport - ok
07:28:51.0270 0x1780 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\windows\system32\drivers\partmgr.sys
07:28:51.0290 0x1780 partmgr - ok
07:28:51.0317 0x1780 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
07:28:51.0359 0x1780 Parvdm - ok
07:28:51.0444 0x1780 [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
07:28:51.0462 0x1780 PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
07:28:53.0820 0x1780 Detect skipped due to KSN trusted
07:28:53.0820 0x1780 PassThru Service - ok
07:28:53.0851 0x1780 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\windows\System32\pcasvc.dll
07:28:53.0892 0x1780 PcaSvc - ok
07:28:53.0950 0x1780 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\windows\system32\drivers\pci.sys
07:28:53.0981 0x1780 pci - ok
07:28:54.0001 0x1780 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\windows\system32\drivers\pciide.sys
07:28:54.0019 0x1780 pciide - ok
07:28:54.0060 0x1780 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
07:28:54.0083 0x1780 pcmcia - ok
07:28:54.0102 0x1780 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\windows\system32\drivers\pcw.sys
07:28:54.0121 0x1780 pcw - ok
07:28:54.0161 0x1780 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\windows\system32\drivers\peauth.sys
07:28:54.0249 0x1780 PEAUTH - ok
07:28:54.0430 0x1780 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\windows\system32\pla.dll
07:28:54.0570 0x1780 pla - ok
07:28:54.0642 0x1780 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\windows\system32\umpnpmgr.dll
07:28:54.0734 0x1780 PlugPlay - ok
07:28:54.0763 0x1780 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
07:28:54.0798 0x1780 PNRPAutoReg - ok
07:28:54.0831 0x1780 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
07:28:54.0858 0x1780 PNRPsvc - ok
07:28:54.0913 0x1780 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
07:28:54.0965 0x1780 PolicyAgent - ok
07:28:55.0008 0x1780 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\windows\system32\umpo.dll
07:28:55.0047 0x1780 Power - ok
07:28:55.0075 0x1780 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
07:28:55.0112 0x1780 PptpMiniport - ok
07:28:55.0132 0x1780 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\windows\system32\DRIVERS\processr.sys
07:28:55.0154 0x1780 Processor - ok
07:28:55.0198 0x1780 [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc C:\windows\system32\profsvc.dll
07:28:55.0241 0x1780 ProfSvc - ok
07:28:55.0254 0x1780 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\windows\system32\lsass.exe
07:28:55.0274 0x1780 ProtectedStorage - ok
07:28:55.0288 0x1780 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\windows\system32\DRIVERS\pacer.sys
07:28:55.0345 0x1780 Psched - ok
07:28:55.0420 0x1780 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
07:28:55.0481 0x1780 ql2300 - ok
07:28:55.0530 0x1780 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
07:28:55.0550 0x1780 ql40xx - ok
07:28:55.0587 0x1780 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\windows\system32\qwave.dll
07:28:55.0636 0x1780 QWAVE - ok
07:28:55.0686 0x1780 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
07:28:55.0737 0x1780 QWAVEdrv - ok
07:28:55.0761 0x1780 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
07:28:55.0796 0x1780 RasAcd - ok
07:28:55.0826 0x1780 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
07:28:55.0876 0x1780 RasAgileVpn - ok
07:28:55.0914 0x1780 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\windows\System32\rasauto.dll
07:28:55.0953 0x1780 RasAuto - ok
07:28:55.0978 0x1780 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
07:28:56.0028 0x1780 Rasl2tp - ok
07:28:56.0077 0x1780 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\windows\System32\rasmans.dll
07:28:56.0121 0x1780 RasMan - ok
07:28:56.0142 0x1780 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
07:28:56.0197 0x1780 RasPppoe - ok
07:28:56.0223 0x1780 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
07:28:56.0270 0x1780 RasSstp - ok
07:28:56.0298 0x1780 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
07:28:56.0341 0x1780 rdbss - ok
07:28:56.0363 0x1780 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
07:28:56.0385 0x1780 rdpbus - ok
07:28:56.0423 0x1780 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
07:28:56.0506 0x1780 RDPCDD - ok
07:28:56.0529 0x1780 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
07:28:56.0579 0x1780 RDPENCDD - ok
07:28:56.0604 0x1780 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
07:28:56.0680 0x1780 RDPREFMP - ok
07:28:56.0723 0x1780 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
07:28:56.0778 0x1780 RDPWD - ok
07:28:56.0829 0x1780 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
07:28:56.0851 0x1780 rdyboost - ok
07:28:56.0893 0x1780 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\windows\System32\mprdim.dll
07:28:56.0946 0x1780 RemoteAccess - ok
07:28:56.0987 0x1780 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\windows\system32\regsvc.dll
07:28:57.0046 0x1780 RemoteRegistry - ok
07:28:57.0112 0x1780 [ 7CCAEBCAB6FC1ED0206C07E083E79207, 40BFA1BEDFF093652279494EDD397FC094794B76916C2681D0544D6793314DFE ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
07:28:57.0138 0x1780 RichVideo - ok
07:28:57.0154 0x1780 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
07:28:57.0214 0x1780 RpcEptMapper - ok
07:28:57.0241 0x1780 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\windows\system32\locator.exe
07:28:57.0275 0x1780 RpcLocator - ok
07:28:57.0307 0x1780 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\windows\system32\rpcss.dll
07:28:57.0352 0x1780 RpcSs - ok
07:28:57.0383 0x1780 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
07:28:57.0430 0x1780 rspndr - ok
07:28:57.0456 0x1780 [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
07:28:57.0509 0x1780 RTL8167 - ok
07:28:57.0543 0x1780 [ 6E5FBB7CBAEC47038B945D5E9B144A64, B2AA2F39DAA841FCA470846CC07C580464E2F07C3EFAA64AF783144718F09C13 ] SABI C:\windows\system32\Drivers\SABI.sys
07:28:57.0581 0x1780 SABI - ok
07:28:57.0599 0x1780 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\windows\system32\lsass.exe
07:28:57.0619 0x1780 SamSs - ok
07:28:57.0702 0x1780 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\windows\system32\drivers\sbp2port.sys
07:28:57.0731 0x1780 sbp2port - ok
07:28:57.0761 0x1780 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\windows\System32\SCardSvr.dll
07:28:57.0821 0x1780 SCardSvr - ok
07:28:57.0834 0x1780 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
07:28:57.0867 0x1780 scfilter - ok
07:28:57.0945 0x1780 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\windows\system32\schedsvc.dll
07:28:58.0025 0x1780 Schedule - ok
07:28:58.0060 0x1780 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\windows\System32\certprop.dll
07:28:58.0095 0x1780 SCPolicySvc - ok
07:28:58.0119 0x1780 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\windows\System32\SDRSVC.dll
07:28:58.0151 0x1780 SDRSVC - ok
07:28:58.0175 0x1780 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\windows\system32\drivers\secdrv.sys
07:28:58.0229 0x1780 secdrv - ok
07:28:58.0251 0x1780 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\windows\system32\seclogon.dll
07:28:58.0289 0x1780 seclogon - ok
07:28:58.0310 0x1780 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\windows\System32\sens.dll
07:28:58.0367 0x1780 SENS - ok
07:28:58.0394 0x1780 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\windows\system32\sensrsvc.dll
07:28:58.0433 0x1780 SensrSvc - ok
07:28:58.0452 0x1780 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
07:28:58.0492 0x1780 Serenum - ok
07:28:58.0510 0x1780 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\windows\system32\DRIVERS\serial.sys
07:28:58.0542 0x1780 Serial - ok
07:28:58.0585 0x1780 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
07:28:58.0619 0x1780 sermouse - ok
07:28:58.0682 0x1780 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\windows\system32\sessenv.dll
07:28:58.0739 0x1780 SessionEnv - ok
07:28:58.0790 0x1780 [ 0B179A959FF6B6CA5927D4F255AB9F90, 686EB1F79614E6F63EDA2D9D13D19BA2518ACC0BB319458BC0CF891F75BA1ED6 ] sfdrv01 C:\windows\system32\drivers\sfdrv01.sys
07:28:58.0822 0x1780 sfdrv01 - detected UnsignedFile.Multi.Generic ( 1 )
07:29:01.0255 0x1780 Detect skipped due to KSN trusted
07:29:01.0255 0x1780 sfdrv01 - ok
07:29:01.0298 0x1780 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
07:29:01.0347 0x1780 sffdisk - ok
07:29:01.0375 0x1780 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
07:29:01.0415 0x1780 sffp_mmc - ok
07:29:01.0431 0x1780 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
07:29:01.0472 0x1780 sffp_sd - ok
07:29:01.0496 0x1780 [ 15BE2B5E4DC5B8623CF167720682ABC9, FAECDC0DCB6EACE8130B278E2FB84B9523AB10329A00B24043B9C76867B917F0 ] sfhlp02 C:\windows\system32\drivers\sfhlp02.sys
07:29:01.0522 0x1780 sfhlp02 - detected UnsignedFile.Multi.Generic ( 1 )
07:29:04.0034 0x1780 Detect skipped due to KSN trusted
07:29:04.0034 0x1780 sfhlp02 - ok
07:29:04.0075 0x1780 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
07:29:04.0109 0x1780 sfloppy - ok
07:29:04.0139 0x1780 [ A62EFE6AA55C6A599DDBB6BD00E8FB9C, 7636E1DA504A698E0E6E4DEDCEF568C9E6A3B184F9CA18A5D648FBEDC54B5FDC ] sfsync02 C:\windows\system32\drivers\sfsync02.sys
07:29:04.0169 0x1780 sfsync02 - detected UnsignedFile.Multi.Generic ( 1 )
07:29:06.0521 0x1780 Detect skipped due to KSN trusted
07:29:06.0521 0x1780 sfsync02 - ok
07:29:06.0583 0x1780 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\windows\System32\ipnathlp.dll
07:29:06.0680 0x1780 SharedAccess - ok
07:29:06.0713 0x1780 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
07:29:06.0778 0x1780 ShellHWDetection - ok
07:29:06.0819 0x1780 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\windows\system32\drivers\sisagp.sys
07:29:06.0848 0x1780 sisagp - ok
07:29:06.0876 0x1780 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
07:29:06.0895 0x1780 SiSRaid2 - ok
07:29:06.0908 0x1780 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
07:29:06.0928 0x1780 SiSRaid4 - ok
07:29:06.0988 0x1780 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:29:07.0013 0x1780 SkypeUpdate - ok
07:29:07.0028 0x1780 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\windows\system32\DRIVERS\smb.sys
07:29:07.0064 0x1780 Smb - ok
07:29:07.0088 0x1780 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\windows\System32\snmptrap.exe
07:29:07.0129 0x1780 SNMPTRAP - ok
07:29:07.0149 0x1780 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\windows\system32\drivers\spldr.sys
07:29:07.0167 0x1780 spldr - ok
07:29:07.0230 0x1780 [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler C:\windows\System32\spoolsv.exe
07:29:07.0288 0x1780 Spooler - ok
07:29:07.0454 0x1780 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\windows\system32\sppsvc.exe
07:29:07.0646 0x1780 sppsvc - ok
07:29:07.0695 0x1780 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\windows\system32\sppuinotify.dll
07:29:07.0730 0x1780 sppuinotify - ok
07:29:07.0784 0x1780 [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd C:\windows\system32\Drivers\sptd.sys
07:29:07.0785 0x1780 Suspicious file ( NoAccess ): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
07:29:07.0797 0x1780 sptd - detected LockedFile.Multi.Generic ( 1 )
07:29:10.0151 0x1780 Detect skipped due to KSN trusted
07:29:10.0151 0x1780 sptd - ok
07:29:10.0270 0x1780 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\windows\system32\DRIVERS\srv.sys
07:29:10.0322 0x1780 srv - ok
07:29:10.0349 0x1780 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
07:29:10.0395 0x1780 srv2 - ok
07:29:10.0416 0x1780 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
07:29:10.0459 0x1780 srvnet - ok
07:29:10.0502 0x1780 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\windows\System32\ssdpsrv.dll
07:29:10.0560 0x1780 SSDPSRV - ok
07:29:10.0589 0x1780 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\windows\system32\sstpsvc.dll
07:29:10.0628 0x1780 SstpSvc - ok
07:29:10.0665 0x1780 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
07:29:10.0683 0x1780 stexstor - ok
07:29:10.0733 0x1780 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\windows\System32\wiaservc.dll
07:29:10.0785 0x1780 StiSvc - ok
07:29:10.0844 0x1780 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\windows\system32\drivers\swenum.sys
07:29:10.0870 0x1780 swenum - ok
07:29:10.0907 0x1780 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\windows\System32\swprv.dll
07:29:10.0969 0x1780 swprv - ok
07:29:11.0010 0x1780 [ 069E5728E565BD401347CB94732C4733, 16D6F0DE070E0A00FEE2512A9F238DA8175C4C44D76FBC5DD49CAF2EBB779C1F ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
07:29:11.0033 0x1780 SynTP - ok
07:29:11.0113 0x1780 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\windows\system32\sysmain.dll
07:29:11.0196 0x1780 SysMain - ok
07:29:11.0247 0x1780 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
07:29:11.0294 0x1780 TabletInputService - ok
07:29:11.0341 0x1780 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\windows\System32\tapisrv.dll
07:29:11.0396 0x1780 TapiSrv - ok
07:29:11.0425 0x1780 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\windows\System32\tbssvc.dll
07:29:11.0475 0x1780 TBS - ok
07:29:11.0564 0x1780 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\windows\system32\drivers\tcpip.sys
07:29:11.0620 0x1780 Tcpip - ok
07:29:11.0663 0x1780 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
07:29:11.0712 0x1780 TCPIP6 - ok
07:29:11.0752 0x1780 [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
07:29:11.0785 0x1780 tcpipreg - ok
07:29:11.0826 0x1780 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
07:29:11.0878 0x1780 TDPIPE - ok
07:29:11.0914 0x1780 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
07:29:11.0954 0x1780 TDTCP - ok
07:29:11.0994 0x1780 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\windows\system32\DRIVERS\tdx.sys
07:29:12.0050 0x1780 tdx - ok
07:29:12.0233 0x1780 [ 0835A6C3C951A440AD03FB3DAB953D16, 7F26998938112360279AF4A5809B18EBC3E7F59D40558C149C6F865C15240779 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
07:29:12.0317 0x1780 TeamViewer6 - ok
07:29:12.0367 0x1780 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\windows\system32\drivers\termdd.sys
07:29:12.0387 0x1780 TermDD - ok
07:29:12.0450 0x1780 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\windows\System32\termsrv.dll
07:29:12.0512 0x1780 TermService - ok
07:29:12.0539 0x1780 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\windows\system32\themeservice.dll
07:29:12.0565 0x1780 Themes - ok
07:29:12.0585 0x1780 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\windows\system32\mmcss.dll
07:29:12.0621 0x1780 THREADORDER - ok
07:29:12.0731 0x1780 [ 8DC050D1558E0CC1593B63765C5C5FCF, 3DD7E3E347EAC60893510006A82CED3E26BD64CD512F73EF0F6397883CC266CB ] Tq_91Assistant C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys
07:29:12.0755 0x1780 Tq_91Assistant - ok
07:29:12.0788 0x1780 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\windows\System32\trkwks.dll
07:29:12.0841 0x1780 TrkWks - ok
07:29:12.0914 0x1780 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
07:29:12.0981 0x1780 TrustedInstaller - ok
07:29:13.0031 0x1780 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
07:29:13.0101 0x1780 tssecsrv - ok
07:29:13.0164 0x1780 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
07:29:13.0229 0x1780 TsUsbFlt - ok
07:29:13.0285 0x1780 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
07:29:13.0336 0x1780 tunnel - ok
07:29:13.0364 0x1780 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
07:29:13.0383 0x1780 uagp35 - ok
07:29:13.0405 0x1780 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\windows\system32\DRIVERS\udfs.sys
07:29:13.0461 0x1780 udfs - ok
07:29:13.0491 0x1780 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\windows\system32\UI0Detect.exe
07:29:13.0530 0x1780 UI0Detect - ok
07:29:13.0547 0x1780 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
07:29:13.0567 0x1780 uliagpkx - ok
07:29:13.0622 0x1780 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\windows\system32\DRIVERS\umbus.sys
07:29:13.0657 0x1780 umbus - ok
07:29:13.0691 0x1780 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
07:29:13.0727 0x1780 UmPass - ok
07:29:13.0768 0x1780 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\windows\System32\upnphost.dll
07:29:13.0835 0x1780 upnphost - ok
07:29:13.0890 0x1780 [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
07:29:13.0921 0x1780 USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
07:29:16.0281 0x1780 Detect skipped due to KSN trusted
07:29:16.0281 0x1780 USBAAPL - ok
07:29:16.0332 0x1780 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
07:29:16.0391 0x1780 usbccgp - ok
07:29:16.0420 0x1780 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\windows\system32\drivers\usbcir.sys
07:29:16.0455 0x1780 usbcir - ok
07:29:16.0512 0x1780 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
07:29:16.0557 0x1780 usbehci - ok
07:29:16.0608 0x1780 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
07:29:16.0671 0x1780 usbhub - ok
07:29:16.0694 0x1780 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\windows\system32\drivers\usbohci.sys
07:29:16.0714 0x1780 usbohci - ok
07:29:16.0751 0x1780 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
07:29:16.0791 0x1780 usbprint - ok
07:29:16.0852 0x1780 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\windows\system32\drivers\usbscan.sys
07:29:16.0916 0x1780 usbscan - ok
07:29:16.0963 0x1780 [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
07:29:16.0985 0x1780 USBSTOR - ok
07:29:17.0032 0x1780 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
07:29:17.0092 0x1780 usbuhci - ok
07:29:17.0123 0x1780 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
07:29:17.0148 0x1780 usbvideo - ok
07:29:17.0217 0x1780 [ AF77716205C97E902E6C5B78DECE2CCA, ED99EABED1C7F323EE2A76413E2B260F8EE1D76FDF1E60EE35136D060E756735 ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys
07:29:17.0277 0x1780 usb_rndisx - ok
07:29:17.0307 0x1780 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\windows\System32\uxsms.dll
07:29:17.0342 0x1780 UxSms - ok
07:29:17.0357 0x1780 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\windows\system32\lsass.exe
07:29:17.0378 0x1780 VaultSvc - ok
07:29:17.0393 0x1780 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
07:29:17.0412 0x1780 vdrvroot - ok
07:29:17.0481 0x1780 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\windows\System32\vds.exe
07:29:17.0536 0x1780 vds - ok
07:29:17.0570 0x1780 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
07:29:17.0593 0x1780 vga - ok
07:29:17.0599 0x1780 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\windows\System32\drivers\vga.sys
07:29:17.0635 0x1780 VgaSave - ok
07:29:17.0669 0x1780 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
07:29:17.0691 0x1780 vhdmp - ok
07:29:17.0705 0x1780 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\windows\system32\drivers\viaagp.sys
07:29:17.0725 0x1780 viaagp - ok
07:29:17.0740 0x1780 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
07:29:17.0772 0x1780 ViaC7 - ok
07:29:17.0805 0x1780 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\windows\system32\drivers\viaide.sys
07:29:17.0823 0x1780 viaide - ok
07:29:17.0839 0x1780 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\windows\system32\drivers\volmgr.sys
07:29:17.0859 0x1780 volmgr - ok
07:29:17.0888 0x1780 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\windows\system32\drivers\volmgrx.sys
07:29:17.0914 0x1780 volmgrx - ok
07:29:17.0942 0x1780 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\windows\system32\drivers\volsnap.sys
07:29:17.0966 0x1780 volsnap - ok
07:29:17.0983 0x1780 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
07:29:18.0005 0x1780 vsmraid - ok
07:29:18.0076 0x1780 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\windows\system32\vssvc.exe
07:29:18.0157 0x1780 VSS - ok
07:29:18.0183 0x1780 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
07:29:18.0223 0x1780 vwifibus - ok
07:29:18.0247 0x1780 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
07:29:18.0284 0x1780 vwififlt - ok
07:29:18.0311 0x1780 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
07:29:18.0336 0x1780 vwifimp - ok
07:29:18.0375 0x1780 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\windows\system32\w32time.dll
07:29:18.0438 0x1780 W32Time - ok
07:29:18.0458 0x1780 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
07:29:18.0495 0x1780 WacomPen - ok
07:29:18.0543 0x1780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
07:29:18.0608 0x1780 WANARP - ok
07:29:18.0614 0x1780 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
07:29:18.0647 0x1780 Wanarpv6 - ok
07:29:18.0728 0x1780 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\windows\system32\wbengine.exe
07:29:18.0834 0x1780 wbengine - ok
07:29:18.0864 0x1780 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
07:29:18.0896 0x1780 WbioSrvc - ok
07:29:18.0938 0x1780 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\windows\System32\wcncsvc.dll
07:29:18.0986 0x1780 wcncsvc - ok
07:29:19.0003 0x1780 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
07:29:19.0057 0x1780 WcsPlugInService - ok
07:29:19.0085 0x1780 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\windows\system32\DRIVERS\wd.sys
07:29:19.0103 0x1780 Wd - ok
07:29:19.0167 0x1780 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
07:29:19.0204 0x1780 Wdf01000 - ok
07:29:19.0227 0x1780 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\windows\system32\wdi.dll
07:29:19.0288 0x1780 WdiServiceHost - ok
07:29:19.0294 0x1780 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\windows\system32\wdi.dll
07:29:19.0320 0x1780 WdiSystemHost - ok
07:29:19.0373 0x1780 [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient C:\windows\System32\webclnt.dll
07:29:19.0440 0x1780 WebClient - ok
07:29:19.0493 0x1780 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\windows\system32\wecsvc.dll
07:29:19.0551 0x1780 Wecsvc - ok
07:29:19.0567 0x1780 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\windows\System32\wercplsupport.dll
07:29:19.0624 0x1780 wercplsupport - ok
07:29:19.0664 0x1780 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\windows\System32\WerSvc.dll
07:29:19.0719 0x1780 WerSvc - ok
07:29:19.0737 0x1780 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
07:29:19.0772 0x1780 WfpLwf - ok
07:29:19.0788 0x1780 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\windows\system32\drivers\wimmount.sys
07:29:19.0806 0x1780 WIMMount - ok
07:29:19.0881 0x1780 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:29:19.0958 0x1780 WinDefend - ok
07:29:19.0987 0x1780 WinHttpAutoProxySvc - ok
07:29:20.0058 0x1780 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
07:29:20.0122 0x1780 Winmgmt - ok
07:29:20.0208 0x1780 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\windows\system32\WsmSvc.dll
07:29:20.0283 0x1780 WinRM - ok
07:29:20.0368 0x1780 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
07:29:20.0423 0x1780 WinUsb - ok
07:29:20.0496 0x1780 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\windows\System32\wlansvc.dll
07:29:20.0565 0x1780 Wlansvc - ok
07:29:20.0605 0x1780 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
07:29:20.0636 0x1780 WmiAcpi - ok
07:29:20.0698 0x1780 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
07:29:20.0737 0x1780 wmiApSrv - ok
07:29:20.0853 0x1780 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:29:20.0936 0x1780 WMPNetworkSvc - ok
07:29:20.0970 0x1780 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\windows\System32\wpcsvc.dll
07:29:21.0026 0x1780 WPCSvc - ok
07:29:21.0073 0x1780 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
07:29:21.0123 0x1780 WPDBusEnum - ok
07:29:21.0153 0x1780 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
07:29:21.0206 0x1780 ws2ifsl - ok
07:29:21.0238 0x1780 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\windows\System32\wscsvc.dll
07:29:21.0266 0x1780 wscsvc - ok
07:29:21.0297 0x1780 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
07:29:21.0320 0x1780 WSDPrintDevice - ok
07:29:21.0339 0x1780 [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan C:\windows\system32\drivers\WSDScan.sys
07:29:21.0359 0x1780 WSDScan - ok
07:29:21.0365 0x1780 WSearch - ok
07:29:21.0483 0x1780 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\windows\system32\wuaueng.dll
07:29:21.0563 0x1780 wuauserv - ok
07:29:21.0611 0x1780 [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
07:29:21.0655 0x1780 WudfPf - ok
07:29:21.0703 0x1780 [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
07:29:21.0749 0x1780 WUDFRd - ok
07:29:21.0792 0x1780 [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc C:\windows\System32\WUDFSvc.dll
07:29:21.0837 0x1780 wudfsvc - ok
07:29:21.0862 0x1780 [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\windows\System32\wwansvc.dll
07:29:21.0895 0x1780 WwanSvc - ok
07:29:21.0939 0x1780 [ 30B73EB97218A16CBC6DE535782A1B35, 5B034F39FA5B902BD6899717F7696871CDAFB8698B48BB0E95DAE51234715A28 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys
07:29:21.0991 0x1780 yukonw7 - ok
07:29:22.0030 0x1780 ================ Scan global ===============================
07:29:22.0116 0x1780 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
07:29:22.0186 0x1780 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
07:29:22.0210 0x1780 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
07:29:22.0253 0x1780 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
07:29:22.0291 0x1780 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\windows\system32\services.exe
07:29:22.0300 0x1780 [ Global ] - ok
07:29:22.0300 0x1780 ================ Scan MBR ==================================
07:29:22.0318 0x1780 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
07:29:22.0650 0x1780 \Device\Harddisk0\DR0 - ok
07:29:22.0656 0x1780 [ 7F318C46118EFB90A21202C5F1447206 ] \Device\Harddisk1\DR1
08:42:26.0598 0x1780 \Device\Harddisk1\DR1 - ok
08:42:26.0599 0x1780 ================ Scan VBR ==================================
08:42:26.0936 0x1780 [ 80F1F6505F4F7557F37C3705680228DC ] \Device\Harddisk0\DR0\Partition1
08:42:26.0938 0x1780 \Device\Harddisk0\DR0\Partition1 - ok
08:42:26.0956 0x1780 [ 9D752003ADB75FE309237FC971A97107 ] \Device\Harddisk0\DR0\Partition2
08:42:26.0958 0x1780 \Device\Harddisk0\DR0\Partition2 - ok
08:42:26.0983 0x1780 [ C2649F0AFB8E2550A43C158D02D666BD ] \Device\Harddisk0\DR0\Partition3
08:42:26.0985 0x1780 \Device\Harddisk0\DR0\Partition3 - ok
08:42:26.0986 0x1780 ================ Scan generic autorun ======================
08:42:27.0366 0x1780 [ 97101B7CCCFA2BDFEFC2E0B84205D144, 10C6EC4903DB85A1517F788049E726B22FF87C012A936CBF26EF0F2222C9251B ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
08:42:27.0737 0x1780 RtHDVCpl - ok
08:42:27.0882 0x1780 [ E4A94D17436B4E9F53CD64D08E53D964, E3B2D336A1E90C1C520B834FA986AE2CFBD2807664C35E8AB9059CC899E58CFC ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
08:42:27.0941 0x1780 SynTPEnh - ok
08:42:28.0006 0x1780 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
08:42:28.0027 0x1780 UpdateLBPShortCut - ok
08:42:28.0076 0x1780 [ 54FA8528EDA1B6B34615F4EA3FCB35E6, B078821475D6FDED19579A487484D0752DC6E1AA0D1ACA71353C743B00291C61 ] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
08:42:28.0091 0x1780 CLMLServer - ok
08:42:28.0133 0x1780 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
08:42:28.0153 0x1780 UpdateP2GoShortCut - ok
08:42:28.0212 0x1780 [ AAD52179D4A526AD4A705B87C6E4F72A, 0015F316DD2E73D5D2434DAC7CAB47050B21BF8CAE23482302A0E1982EF8A3BD ] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
08:42:28.0232 0x1780 UpdatePDRShortCut - ok
08:42:28.0283 0x1780 [ 28FD28A29C637C9AFEFE0A26E27C6DFE, A490ADCD7BC9863B6E8773CADFDE6CA58A0743CD64C39D14AF380B18ABDEC003 ] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
08:42:28.0308 0x1780 RemoteControl8 - ok
08:42:28.0329 0x1780 [ F8270CFD51F9D6BF42140FA4071C83FE, B7AAF6B13C01CB6B94DEABBDD40249A6D298DD4BCBE2921D8E332F88ED3B754A ] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
08:42:28.0352 0x1780 PDVD8LanguageShortcut - ok
08:42:28.0414 0x1780 [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
08:42:28.0466 0x1780 UpdatePPShortCut - ok
08:42:28.0558 0x1780 [ 82A3031F7FAA61CB5E040B0D98A104AF, 5EB990BACE18112658208F517EE2E635DBD00A06380DD9DAB253556C980DEA99 ] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
08:42:28.0589 0x1780 UpdatePSTShortCut - ok
08:42:28.0655 0x1780 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
08:42:28.0686 0x1780 UCam_Menu - ok
08:42:28.0720 0x1780 [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\windows\system32\igfxtray.exe
08:42:28.0739 0x1780 IgfxTray - ok
08:42:28.0770 0x1780 [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\windows\system32\hkcmd.exe
08:42:28.0789 0x1780 HotKeysCmds - ok
08:42:28.0807 0x1780 [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\windows\system32\igfxpers.exe
08:42:28.0826 0x1780 Persistence - ok
08:42:28.0840 0x1780 WinampAgent - ok
08:42:28.0848 0x1780 Malwarebytes Anti-Malware (reboot) - ok
08:42:28.0925 0x1780 [ A7810B302294793DE88542AAE177D1B1, F0EE3684DBEB0AAAD912DC04D060976D1EAE92489E192BAE900FA0F417AD20A7 ] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
08:42:28.0957 0x1780 ArcSoft Connection Service - ok
08:42:28.0991 0x1780 [ F3E0723C2C3A0CB180C7F4E8CCD2A28A, EAD29B76F10F4289E981355733CB590943A33E6C57588DD71AA03317DB1755C2 ] C:\windows\System32\DVAPTray.exe
08:42:29.0017 0x1780 DVAPTray - detected UnsignedFile.Multi.Generic ( 1 )
08:42:31.0541 0x1780 Detect skipped due to KSN trusted
08:42:31.0542 0x1780 DVAPTray - ok
08:42:32.0063 0x1780 [ 97B06F3361EAE2D176FEEAE96CCDFCA2, B53395633B78AAC69BB22E999E5F73C29BC64FC6B198B889C6C63D7D52B34B97 ] C:\windows\temp\DFI-0833TN.exe
08:42:32.0083 0x1780 dfmirage-Install - detected UnsignedFile.Multi.Generic ( 1 )
08:42:34.0590 0x1780 Detect skipped due to KSN trusted
08:42:34.0590 0x1780 dfmirage-Install - ok
08:42:34.0682 0x1780 [ 2E5212A0BFB98FE0167C92C76C87AFE3, 8C8ACD175A626453878154AF48760D99979C6D2836BC4816575B347C668D4F9E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
08:42:34.0717 0x1780 SunJavaUpdateSched - ok
08:42:34.0900 0x1780 [ D49C6A597814433ED6C3BF7ECF2D27BD, D792327A9D88ADACA3B855038DD87DDB0FF5A6F5B2D4ED3BC53BA98309C08FDD ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
08:42:34.0988 0x1780 CanonMyPrinter - ok
08:42:35.0146 0x1780 [ 00AB2B491C7037BB219BEB26FAD34C72, 95EDBBE07EB85EEE1376252AA975BAA61235C80FC03036357BD4786E5D6B9703 ] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
08:42:35.0210 0x1780 CanonSolutionMenuEx - ok
08:42:35.0279 0x1780 [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
08:42:35.0306 0x1780 IJNetworkScannerSelectorEX - ok
08:42:35.0434 0x1780 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
08:42:35.0477 0x1780 Adobe ARM - ok
08:42:35.0553 0x1780 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\QTTask.exe
08:42:35.0578 0x1780 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
08:42:38.0080 0x1780 Detect skipped due to KSN trusted
08:42:38.0080 0x1780 QuickTime Task - ok
08:42:38.0203 0x1780 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:42:38.0293 0x1780 Sidebar - ok
08:42:38.0387 0x1780 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
08:42:38.0421 0x1780 mctadmin - ok
08:42:38.0483 0x1780 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:42:38.0535 0x1780 Sidebar - ok
08:42:38.0545 0x1780 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
08:42:38.0570 0x1780 mctadmin - ok
08:42:38.0607 0x1780 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
08:42:38.0661 0x1780 Sidebar - ok
08:42:38.0686 0x1780 MobileDocuments - ok
08:42:38.0687 0x1780 ApplePhotoStreams - ok
08:42:38.0690 0x1780 com.apple.dav.bookmarks.daemon - ok
08:42:38.0725 0x1780 Akamai NetSession Interface - ok
08:42:38.0725 0x1780 AppleIEDAV - ok
08:42:38.0729 0x1780 iCloudServices - ok
08:42:38.0733 0x1780 Waiting for KSN requests completion. In queue: 10
08:42:39.0734 0x1780 Waiting for KSN requests completion. In queue: 10
08:42:40.0734 0x1780 Waiting for KSN requests completion. In queue: 5
08:42:41.0784 0x1780 AV detected via SS2: Kaspersky Anti-Virus, C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
08:42:41.0791 0x1780 Win FW state via NFP2: enabled
08:42:44.0135 0x1780 ============================================================
08:42:44.0135 0x1780 Scan finished
08:42:44.0135 0x1780 ============================================================
08:42:44.0154 0x172c Detected object count: 0
08:42:44.0154 0x172c Actual detected object count: 0
Vielen Dank. |
|
18.09.2014, 15:06
| #4 |
| | Überprüfung nach Reinigung von Browser Hijacking und andere Malware und noch frische FRST-Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Hartmut (administrator) on PATRICKTINA on 18-09-2014 16:00:58 Running from C:\Users\Hartmut\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe" HKLM\...\Run: [ Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.) HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilvaaehj.lnk ShortcutTarget: ilvaaehj.lnk -> C:\Users\Hartmut\AppData\Local\ilvaaehj.exe (No File) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365 BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.123.60 FireFox: ======== FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-23] FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05] FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17] FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG) R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider) S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH) S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO) S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO) R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO) R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH) S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed] R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed] S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed] R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed] S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed] R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed] S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] () S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U3 acp7kcfj; C:\windows\system32\Drivers\acp7kcfj.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-18 07:25 - 2014-09-17 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe 2014-09-17 16:38 - 2014-09-17 16:39 - 00038373 _____ () C:\Users\Hartmut\Desktop\Addition.txt 2014-09-17 16:37 - 2014-09-18 16:01 - 00000000 ____D () C:\FRST 2014-09-17 16:37 - 2014-09-18 16:00 - 00021097 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:23 - 2014-09-17 16:29 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 12:19 - 2014-09-18 15:59 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-18 16:01 - 2014-09-17 16:37 - 00021097 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-18 16:01 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST 2014-09-18 15:59 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-18 15:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-18 15:55 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub 2014-09-18 15:55 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-09-18 15:54 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-09-18 15:54 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-18 15:54 - 2011-02-22 21:38 - 00135659 _____ () C:\windows\setupact.log 2014-09-18 15:54 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-09-18 15:54 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-18 12:29 - 2009-12-05 04:40 - 01879521 _____ () C:\windows\WindowsUpdate.log 2014-09-18 11:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-18 07:53 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-18 07:53 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-18 07:17 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-18 07:17 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-17 21:06 - 2014-09-18 07:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe 2014-09-17 16:39 - 2014-09-17 16:38 - 00038373 _____ () C:\Users\Hartmut\Desktop\Addition.txt 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:30 - 2009-12-05 05:19 - 01041244 _____ () C:\windows\PFRO.log 2014-09-17 16:29 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT 2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore 2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-09-09 19:31 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps 2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina 2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\tmp 2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\hps 2014-08-19 20:56 - 2013-10-08 14:52 - 00001120 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk 2014-08-19 20:56 - 2013-10-08 14:52 - 00001105 _____ () C:\Users\Public\Desktop\dm-Fotowelt.lnk 2014-08-19 19:39 - 2014-09-13 13:17 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-08-19 00:26 - 2014-09-13 13:17 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-08-19 00:08 - 2014-09-13 13:17 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll Files to move or delete: ==================== C:\windows\temp\DFI-0833TN.exe Some content of TEMP: ==================== C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe C:\Users\Hartmut\AppData\Local\Temp\f.exe C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 20:11 ==================== End Of Log ============================ |
|
19.09.2014, 08:23
| #5 |
| /// the machine /// TB-Ausbilder | Überprüfung nach Reinigung von Browser Hijacking und andere Malware Adware & Co. deinstallieren
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.09.2014, 11:15
| #6 |
| | Überprüfung nach Reinigung von Browser Hijacking und andere Malware Hallo Schrauber, hier die Log-Dateien: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.09.2014 Suchlauf-Zeit: 10:34:13 Logdatei: MBAM.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.19.02 Rootkit Datenbank: v2014.09.18.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Hartmut Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 338801 Verstrichene Zeit: 19 Min, 46 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 19/09/2014 um 11:50:57
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Hartmut - PATRICKTINA
# Gestartet von : C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.2 (x86 de)
[ Datei : C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [7983 octets] - [17/09/2014 16:24:00]
AdwCleaner[R1].txt - [971 octets] - [19/09/2014 11:35:46]
AdwCleaner[R2].txt - [1030 octets] - [19/09/2014 11:45:47]
AdwCleaner[S0].txt - [7918 octets] - [17/09/2014 16:29:38]
AdwCleaner[S1].txt - [953 octets] - [19/09/2014 11:50:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1012 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.7 (09.18.2014:2)
OS: Windows 7 Home Premium x86
Ran by Hartmut on 19.09.2014 at 11:59:01,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1871111397-3539990770-1974983793-1000\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\Hartmut\AppData\Roaming\mozilla\firefox\profiles\9k1zs3lf.default\minidumps [222 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2014 at 12:03:42,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Hartmut (administrator) on PATRICKTINA on 19-09-2014 12:07:42 Running from C:\Users\Hartmut\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe" HKLM\...\Run: [ Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.) HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365 BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.123.60 FireFox: ======== FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19] FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05] FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17] FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG) R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider) S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH) S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO) S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO) R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-19] (Malwarebytes Corporation) R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH) S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed] R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed] S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed] R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed] S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed] R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed] S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] () S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U3 adm0jszf; C:\windows\system32\Drivers\adm0jszf.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 12:03 - 2014-09-19 12:07 - 00001022 _____ () C:\Users\Hartmut\Desktop\JRT.txt 2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe 2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT 2014-09-19 11:56 - 2014-09-19 11:56 - 00001092 _____ () C:\Users\Hartmut\Desktop\AdwCleaner[S1].txt 2014-09-19 11:34 - 2014-09-19 11:34 - 00001161 _____ () C:\Users\Hartmut\Desktop\MBAM.txt 2014-09-19 10:20 - 2014-09-19 12:07 - 00020890 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe 2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk 2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-18 07:25 - 2014-09-17 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe 2014-09-17 16:37 - 2014-09-19 12:07 - 00000000 ____D () C:\FRST 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:23 - 2014-09-19 11:50 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 12:19 - 2014-09-19 10:32 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 12:08 - 2014-09-19 10:20 - 00020890 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-19 12:07 - 2014-09-19 12:03 - 00001022 _____ () C:\Users\Hartmut\Desktop\JRT.txt 2014-09-19 12:07 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST 2014-09-19 12:00 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps 2014-09-19 11:59 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-19 11:59 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe 2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT 2014-09-19 11:56 - 2014-09-19 11:56 - 00001092 _____ () C:\Users\Hartmut\Desktop\AdwCleaner[S1].txt 2014-09-19 11:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-19 11:53 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-09-19 11:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-19 11:52 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub 2014-09-19 11:52 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-19 11:52 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-09-19 11:52 - 2011-02-22 21:38 - 00135771 _____ () C:\windows\setupact.log 2014-09-19 11:52 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-09-19 11:52 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-19 11:51 - 2012-05-03 07:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-19 11:51 - 2009-12-05 05:19 - 01041558 _____ () C:\windows\PFRO.log 2014-09-19 11:51 - 2009-12-05 04:40 - 01944624 _____ () C:\windows\WindowsUpdate.log 2014-09-19 11:50 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner 2014-09-19 11:34 - 2014-09-19 11:34 - 00001161 _____ () C:\Users\Hartmut\Desktop\MBAM.txt 2014-09-19 10:32 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe 2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk 2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-18 07:53 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-18 07:53 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-17 21:06 - 2014-09-18 07:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT 2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore 2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina 2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys Files to move or delete: ==================== C:\windows\temp\DFI-0833TN.exe Some content of TEMP: ==================== C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe C:\Users\Hartmut\AppData\Local\Temp\f.exe C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE C:\Users\Hartmut\AppData\Local\Temp\Quarantine.exe C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 20:11 ==================== End Of Log ============================ |
|
20.09.2014, 06:59
| #7 |
| /// the machine /// TB-Ausbilder | Überprüfung nach Reinigung von Browser Hijacking und andere MalwareESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.09.2014, 09:40
| #8 |
| | Überprüfung nach Reinigung von Browser Hijacking und andere Malware Hallo Schrauber, das Log von Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9366aa161c7d414cae3d78bfc90987cd
# engine=20241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-22 08:08:05
# local_time=2014-09-22 10:08:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1293 16777213 100 100 10071 42851307 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 261342 163004476 0 0
# scanned=330586
# found=18
# cleaned=0
# scan_time=9306
sh=2DE909492E6A183D7AC776B639088D8EEDE0F861 ft=1 fh=21db323dc523e224 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hartmut\AppData\Local\Temp\ScanTack\ScanTack_Setup.exe.vir"
sh=CA422851421ADC99403249CC7203DEDCA0B4B3F3 ft=1 fh=7524831eeb94e3ff vn="Win32/RiskWare.Astori.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hartmut\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=B7DF45D76A749776C309DC046F5AD604700797F1 ft=1 fh=c53997367b7fb8ba vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Stellar Phoenix Photo Recovery\SITPL_SPPR.exe"
sh=3AC7D0D7C42FC23EB69F423AA3A2292EE04A2A6E ft=1 fh=53a3e9c6b5296d22 vn="Variante von Win32/ELEX.AU evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\e3fHe_OO.exe.part"
sh=6C4BEA15F2A864E8C0BB467B369C1607ADED4594 ft=1 fh=9c3c3228e1e883d9 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\f.exe"
sh=7354E02AF5BF7A4409F6CB5EF3E0074A53EF9BDE ft=1 fh=345114b85d3d68aa vn="Win32/InstallCore.OY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\nsg4B93.tmp"
sh=BC5F614146684DEFF414928080D0DCB4A5F8EAB0 ft=1 fh=b68630e74939d5ce vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\nsq1F55.tmp"
sh=1CE3D8B49D727FFA71211E2E90D7BE240C78AB5F ft=1 fh=a6922259cd4d28c2 vn="Win32/InstallCore.PD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\nsvB608.tmp"
sh=E53D41E151E994F3A5E636997C57BDE6909DCB53 ft=1 fh=d72c8a74686c29e9 vn="Win32/Somoto.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe"
sh=9FE705B0208DA1A72261264088B5666D59513C8C ft=1 fh=bf8bcabb055c335e vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-2PV24.tmp\package_secprotwhite_installer_multilang.exe"
sh=C9A4034E0D3A8395292475BEBA1302169F1A4322 ft=1 fh=26250b3a47bd8e28 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-B89EF.tmp\package_vuupc_installer_multilang.exe"
sh=BA3D48DD0CBDC6BEA02CE7ECCC8EBA51F5CB69B5 ft=1 fh=dc2ce2c0e7c3fc7c vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-RT5AN.tmp\package_scantack_installer_multilang.exe"
sh=0A714C328F3F665DDCE1D1B4BC73BC453C395D22 ft=1 fh=a8508b654afef236 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-U5RNK.tmp\package_secprotwhite_offer_multilang.exe"
sh=2CD0923C42A257EAE5A5F43A19391138A8547257 ft=1 fh=29292690883cae52 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\is-U5RNK.tmp\package_vuupc_offer_multilang.exe"
sh=AEA202E75EB4A7B17250E6DCA3B2470D83247036 ft=1 fh=67bcb2b84dcf5931 vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hartmut\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe"
sh=05B2476A8EC521FF7EC7E227B2533C964FD7CDB1 ft=1 fh=644ec3a69bb9728a vn="Variante von Win32/AdWare.iBryte.AR Anwendung" ac=I fn="C:\Users\Public\Documents\Patrick\Downloads\Downloads\Setup(2).exe"
sh=CA905EE567AFA6F11EF8E8D8F0A286681D86617C ft=1 fh=4a571560d4521978 vn="Win32/OutBrowse.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Documents\Patrick\Downloads\Downloads\setup.exe"
sh=C0BC4D5799DD692717173274328F596C75EDA20F ft=1 fh=1ebee9099e82c466 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Documents\Patrick\Downloads\Downloads\StellarPhoenixPhotoRecovery.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Anti-Virus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 24
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.2)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
und noch das Log von FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Hartmut (administrator) on PATRICKTINA on 22-09-2014 10:36:13 Running from C:\Users\Hartmut\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac () C:\Program Files\CyberLink\Shared files\RichVideo.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe" HKLM\...\Run: [ Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.) HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365 BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.123.60 FireFox: ======== FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19] FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05] FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17] FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG) R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider) S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH) S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO) S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO) R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-19] (Malwarebytes Corporation) R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH) S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed] R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed] S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed] R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed] S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed] R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed] S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] () S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U3 ajghkmm3; C:\windows\system32\Drivers\ajghkmm3.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-22 10:36 - 2014-09-22 10:36 - 00021169 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-22 10:35 - 2014-09-22 10:35 - 00000771 _____ () C:\Users\Hartmut\Desktop\checkup.txt 2014-09-22 10:28 - 2014-09-20 20:28 - 00854417 _____ () C:\Users\Hartmut\Desktop\SecurityCheck.exe 2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe 2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT 2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe 2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk 2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-18 07:25 - 2014-09-17 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe 2014-09-17 16:37 - 2014-09-22 10:36 - 00000000 ____D () C:\FRST 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:23 - 2014-09-19 11:50 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 12:19 - 2014-09-19 10:32 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-22 10:36 - 2014-09-22 10:36 - 00021169 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-22 10:36 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST 2014-09-22 10:35 - 2014-09-22 10:35 - 00000771 _____ () C:\Users\Hartmut\Desktop\checkup.txt 2014-09-22 09:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-22 09:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-22 07:56 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-22 07:27 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-22 07:27 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-22 07:26 - 2009-12-05 04:40 - 01976486 _____ () C:\windows\WindowsUpdate.log 2014-09-22 07:22 - 2013-06-27 17:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-22 07:20 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-09-22 07:20 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub 2014-09-22 07:20 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-09-22 07:20 - 2011-02-22 21:38 - 00135883 _____ () C:\windows\setupact.log 2014-09-22 07:20 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-09-22 07:20 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-20 20:28 - 2014-09-22 10:28 - 00854417 _____ () C:\Users\Hartmut\Desktop\SecurityCheck.exe 2014-09-19 12:00 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps 2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe 2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT 2014-09-19 11:51 - 2012-05-03 07:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-19 11:51 - 2009-12-05 05:19 - 01041558 _____ () C:\windows\PFRO.log 2014-09-19 11:50 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner 2014-09-19 10:32 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe 2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk 2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-18 07:53 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-18 07:53 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-17 21:06 - 2014-09-18 07:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT 2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore 2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina 2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys Files to move or delete: ==================== C:\windows\temp\DFI-0833TN.exe Some content of TEMP: ==================== C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe C:\Users\Hartmut\AppData\Local\Temp\f.exe C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE C:\Users\Hartmut\AppData\Local\Temp\Quarantine.exe C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 20:11 ==================== End Of Log ============================ Vielen Dank für Deine Mühe! |
|
22.09.2014, 16:27
| #9 |
| /// the machine /// TB-Ausbilder | Überprüfung nach Reinigung von Browser Hijacking und andere Malware Jop, Updates machen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.09.2014, 09:37
| #10 |
| | Überprüfung nach Reinigung von Browser Hijacking und andere Malware Hallo Schrauber, hier das Log von FRST nach Fix: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Hartmut at 2014-09-23 10:21:30 Run:1
Running from C:\Users\Hartmut\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Emptytemp:
*****************
EmptyTemp: => Removed 1.8 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 (ATTENTION: ====> FRST version is 11 days old and could be outdated) Ran by Hartmut (administrator) on PATRICKTINA on 23-09-2014 10:29:12 Running from C:\Users\Hartmut\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\wmi32.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe" HKLM\...\Run: [ Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.) HKLM\...\Run: [dfmirage-Install] => "C:\windows\temp\DFI-0833TN.exe" -u2 "dfmirage" <===== ATTENTION HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365 BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.123.60 FireFox: ======== FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19] FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05] FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17] FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG) R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider) S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH) S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO) S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO) R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-19] (Malwarebytes Corporation) R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH) S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed] R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed] S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed] R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed] S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed] R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed] S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] () S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U3 af0g2p1l; C:\windows\system32\Drivers\af0g2p1l.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-23 10:29 - 2014-09-23 10:29 - 00021394 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-22 10:28 - 2014-09-20 20:28 - 00854417 _____ () C:\Users\Hartmut\Desktop\SecurityCheck.exe 2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe 2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT 2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe 2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk 2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-18 07:25 - 2014-09-17 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe 2014-09-17 16:37 - 2014-09-23 10:29 - 00000000 ____D () C:\FRST 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:23 - 2014-09-19 11:50 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 12:19 - 2014-09-19 10:32 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-23 10:30 - 2014-09-23 10:29 - 00021394 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-23 10:29 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST 2014-09-23 10:28 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-09-23 10:27 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub 2014-09-23 10:27 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-23 10:27 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-09-23 10:27 - 2011-02-22 21:38 - 00136051 _____ () C:\windows\setupact.log 2014-09-23 10:27 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-09-23 10:27 - 2009-12-05 05:19 - 01508268 _____ () C:\windows\PFRO.log 2014-09-23 10:27 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-23 10:26 - 2009-12-05 04:40 - 02041484 _____ () C:\windows\WindowsUpdate.log 2014-09-23 10:14 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-23 10:14 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-22 10:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-22 10:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-22 07:22 - 2013-06-27 17:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-20 20:28 - 2014-09-22 10:28 - 00854417 _____ () C:\Users\Hartmut\Desktop\SecurityCheck.exe 2014-09-19 12:00 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps 2014-09-19 11:58 - 2014-09-19 11:58 - 01019328 _____ (Thisisu) C:\Users\Hartmut\Desktop\JRT.exe 2014-09-19 11:58 - 2014-09-19 11:58 - 00000000 ____D () C:\windows\ERUNT 2014-09-19 11:51 - 2012-05-03 07:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-19 11:50 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner 2014-09-19 10:32 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 09:34 - 2014-09-19 09:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hartmut\Desktop\revosetup95.exe 2014-09-19 09:34 - 2014-09-19 09:34 - 00000805 _____ () C:\Users\Hartmut\Desktop\Revo Uninstaller.lnk 2014-09-19 09:33 - 2014-09-19 09:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-18 07:53 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-18 07:53 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-17 21:06 - 2014-09-18 07:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Hartmut\Desktop\tdsskiller.exe 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-15 09:06 - 2010-10-27 23:15 - 00231568 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT 2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore 2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina 2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 20:11 ==================== End Of Log ============================ Wenn Du jetzt nichts mehr erkennen kannst, dann sieht es gut aus:-) Gruß MotoG |
|
23.09.2014, 20:55
| #11 |
| /// the machine /// TB-Ausbilder | Überprüfung nach Reinigung von Browser Hijacking und andere Malware fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.09.2014, 21:07
| #12 |
| | Überprüfung nach Reinigung von Browser Hijacking und andere Malware Vielen Dank für Deine tolle Hilfe! Da wird sich meine Kollegin aber freuen;-) |
|
24.09.2014, 11:40
| #13 |
| /// the machine /// TB-Ausbilder | Überprüfung nach Reinigung von Browser Hijacking und andere Malware Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
