![]() |
|
Plagegeister aller Art und deren Bekämpfung: Überprüfung nach Reinigung von Browser Hijacking und andere MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Überprüfung nach Reinigung von Browser Hijacking und andere Malware Hallo Zusammen, ich habe das private Notebook meiner Kollegin bekommen, bei dem Browser Hijacking vorlag. Mit Unterstützung aus dem Forum (andere Beiträge) hier, habe ich folgendes bisher durchgeführt: 1. Scan mit EEK Zuerst habe ich eine Scan mit Emsisoft Emergency Kit durchgeführt und die gefundenen Probleme in Quarantäne verschoben. Hier das Logfile dazu: Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0 Letztes Update: 16.09.2014 15:36:08 Benutzerkonto: PATRICKTINA\Hartmut Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ PUPs-Erkennung: An Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 16.09.2014 15:42:22 C:\PROGRA~1\SupTab\DpInterface32.dll gefunden: Application.Win32.InstallAd (A) C:\Program Files\002\fpvoixdaog32.exe gefunden: Application.Win32.InstallAd (A) C:\Program Files\SupTab\SupTab.dll gefunden: Adware.Agent.OFO (B) C:\Users\Hartmut\AppData\Local\ilvaaehj.exe gefunden: Gen:Variant.Adware.Symmi.11285 (B) C:\Users\Hartmut\AppData\Local\Temp\APN-Stub gefunden: Application.Win32.WebToolbar (A) C:\Users\Hartmut\AppData\Local\Temp\APN-Stub gefunden: Application.Win32.WebToolbar (A) C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mypc backup gefunden: Application.AdStart (A) C:\Users\Hartmut\AppData\Roaming\dvdvideosoftiehelpers gefunden: Application.AppInstall (A) C:\Users\Hartmut\AppData\Roaming\software4u gefunden: Application.AppInstall (A) C:\ProgramData\iminent gefunden: Application.AppInstall (A) C:\ProgramData\partner gefunden: Application.AppInstall (A) C:\Program Files\mypc backup gefunden: Application.AppInstall (A) C:\Program Files\software4u gefunden: Application.AppInstall (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1 gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1 gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1 gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1 gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1 gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1 gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD.1 gefunden: Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK gefunden: Application.AdServ (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\IMINENT gefunden: Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\SOFTONIC gefunden: Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\IMINENT gefunden: Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MYPC BACKUP gefunden: Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} gefunden: Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MYPC BACKUP gefunden: Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} gefunden: Application.AdShort (A) C:\Users\Hartmut\AppData\Roaming\SupTab gefunden: Application.AdShort (A) C:\Program Files\SupTab gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8} gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WEBSSEARCHESSOFTWARE gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WPM gefunden: Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} gefunden: Application.AdBrowse (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534} gefunden: Application.AdBrowse (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5} gefunden: Application.AdBrowse (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\TUTOTAG gefunden: Adware.Win32.Ozore (A) C:\ProgramData\IePluginServices gefunden: Application.AdPlug (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP gefunden: Application.InstallTab (A) C:\Users\Hartmut\AppData\Roaming\completescan gefunden: Rogue.Win32.TPoint (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\FLVTUBEPLAYER.EXE gefunden: Adware.Win32.FlashPlay (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} gefunden: Application.Win32.WSearch (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\YAHOOPARTNERTOOLBAR gefunden: Application.Win32.YTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} gefunden: Application.Win32.InstallExt (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32 gefunden: Application.Win32.InstallExt (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS gefunden: Application.Win32.InstallExt (A) C:\Program Files\002\fpvoixdaog32.exe gefunden: Application.Win32.InstallAd (A) C:\Program Files\SupTab\DpInterface32.dll gefunden: Application.Win32.InstallAd (A) C:\Program Files\SupTab\SearchProtect32.dll gefunden: Application.Win32.InstallAd (A) C:\Program Files\SupTab\SearchProtect64.dll gefunden: Application.Win32.InstallAd (A) C:\Program Files\SupTab\SpAPPSv64.dll gefunden: Adware.Generic.958938 (B) C:\Program Files\SupTab\SupTab.dll gefunden: Adware.Agent.OFO (B) C:\Users\Hartmut\AppData\Local\ilvaaehj.exe gefunden: Gen:Variant.Adware.Symmi.11285 (B) C:\Users\Hartmut\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe gefunden: Application.Win32.InstallMon (A) C:\Users\Hartmut\AppData\Local\Temp\nsbFA69.exe gefunden: Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\nsc1202.exe gefunden: Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\nsm1721.exe gefunden: Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\nsrDA4C.exe gefunden: Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\nswD5D8.exe gefunden: Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\PreExe_ID_13667.exe gefunden: Application.Win32.AdLoad (A) C:\Users\Hartmut\AppData\Local\Temp\UpdateCheckerSetup.exe gefunden: Application.Win32.InstallAd (A) C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}\chrome\content\overlay.xul gefunden: Trojan.JS.Redirector.LE (B) C:\Users\Public\Documents\Patrick\Downloads\Downloads\FlashPlayer__4587_i810617247_il7939.exe gefunden: Gen:Variant.Application.Bundler.Amonetize.10 (B) C:\Users\Public\Documents\Patrick\Downloads\Downloads\Groovestream.exe gefunden: Gen:Variant.Application.Bundler.OptimumInstaller.3 (B) Gescannt 379195 Gefunden 80 Scan Ende: 16.09.2014 19:20:50 Scan Zeit: 3:38:28 C:\Users\Public\Documents\Patrick\Downloads\Downloads\Groovestream.exe Quarantäne Gen:Variant.Application.Bundler.OptimumInstaller.3 (B) C:\Users\Public\Documents\Patrick\Downloads\Downloads\FlashPlayer__4587_i810617247_il7939.exe Quarantäne Gen:Variant.Application.Bundler.Amonetize.10 (B) C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA}\chrome\content\overlay.xul Quarantäne Trojan.JS.Redirector.LE (B) C:\Users\Hartmut\AppData\Local\Temp\UpdateCheckerSetup.exe Quarantäne Application.Win32.InstallAd (A) C:\Users\Hartmut\AppData\Local\Temp\PreExe_ID_13667.exe Quarantäne Application.Win32.AdLoad (A) C:\Users\Hartmut\AppData\Local\Temp\nswD5D8.exe Quarantäne Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\nsrDA4C.exe Quarantäne Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\nsm1721.exe Quarantäne Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\nsc1202.exe Quarantäne Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\nsbFA69.exe Quarantäne Application.Win32.InstallTool (A) C:\Users\Hartmut\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe Quarantäne Application.Win32.InstallMon (A) C:\Program Files\SupTab\SpAPPSv64.dll Quarantäne Adware.Generic.958938 (B) C:\Program Files\SupTab\SearchProtect64.dll Quarantäne Application.Win32.InstallAd (A) C:\Program Files\SupTab\SearchProtect32.dll Quarantäne Application.Win32.InstallAd (A) C:\Program Files\002\fpvoixdaog32.exe Quarantäne Application.Win32.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS Quarantäne Application.Win32.InstallExt (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32 Quarantäne Application.Win32.InstallExt (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Quarantäne Application.Win32.InstallExt (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Quarantäne Application.Win32.YTool (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Quarantäne Application.Win32.WSearch (A) Value: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\FLVTUBEPLAYER.EXE Quarantäne Adware.Win32.FlashPlay (A) C:\Users\Hartmut\AppData\Roaming\completescan Quarantäne Rogue.Win32.TPoint (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPDP Quarantäne Application.InstallTab (A) C:\ProgramData\IePluginServices Quarantäne Application.AdPlug (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\TUTOTAG Quarantäne Adware.Win32.Ozore (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5} Quarantäne Application.AdBrowse (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Quarantäne Application.AdBrowse (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} Quarantäne Application.AdBrowse (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WPM Quarantäne Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\WEBSSEARCHESSOFTWARE Quarantäne Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPTAB Quarantäne Application.AdShort (A) C:\Users\Hartmut\AppData\Roaming\SupTab Quarantäne Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Quarantäne Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MYPC BACKUP Quarantäne Application.InstallTool (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Quarantäne Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MYPC BACKUP Quarantäne Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\IMINENT Quarantäne Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\SOFTONIC Quarantäne Application.InstallAd (A) Key: HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\IMINENT Quarantäne Application.InstallAd (A) Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK Quarantäne Application.AdServ (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD.1 Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATER.AMIUPD Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER.1 Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TOOLBARHELPER Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK.1 Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBTASK Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST.1 Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBREQUEST Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER.1 Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBPROPERTYMANAGER Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER.1 Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBHELPER.TBDOWNLOADMANAGER Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS.1 Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TBCOMMONUTILS.COMMONUTILS Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Quarantäne Application.AdReg (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Quarantäne Application.AdReg (A) C:\Program Files\software4u Quarantäne Application.AppInstall (A) C:\ProgramData\partner Quarantäne Application.AppInstall (A) C:\ProgramData\iminent Quarantäne Application.AppInstall (A) C:\Users\Hartmut\AppData\Roaming\software4u Quarantäne Application.AppInstall (A) C:\Users\Hartmut\AppData\Roaming\dvdvideosoftiehelpers Quarantäne Application.AppInstall (A) C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mypc backup Quarantäne Application.AdStart (A) C:\Users\Hartmut\AppData\Local\Temp\APN-Stub Quarantäne Application.Win32.WebToolbar (A) Quarantäne 66 Leider habe ich gerade das Logfile nicht zur Hand. 3.Scan mit F-Secure Rettungsdisk Hier wurde nichts gefunden. 4.Scan mit Adware und Bereinigung Das Browser Hijacking ist verschwunden 5. FRST: Hier die beiden Logfiles: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Hartmut (administrator) on PATRICKTINA on 17-09-2014 16:37:17 Running from C:\Users\Hartmut\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe () C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\klwtblfs.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe" HKLM\...\Run: [ Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [DVAPTray] => C:\windows\System32\DVAPTray.exe [188416 2010-06-17] (Chicony Electronics Co., Ltd.) HKLM\...\Run: [dfmirage-Install] => C:\windows\temp\DFI-0833TN.exe [103424 2009-05-29] (DemoForge, LLC.) <===== ATTENTION HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hartmut\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {065b1618-7479-11e3-a116-002454583452} - G:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilvaaehj.lnk ShortcutTarget: ilvaaehj.lnk -> C:\Users\Hartmut\AppData\Local\ilvaaehj.exe (No File) Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE365 BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.123.60 FireFox: ======== FF ProfilePath: C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Tab Mix Plus - C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\9k1zs3lf.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-23] FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010-11-05] FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010-11-05] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-17] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-17] FF HKCU\...\Firefox\Extensions: [{DDF17D0D-8737-45FD-A732-117D73F349EA}] - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} FF Extension: XULRunner - C:\Users\Hartmut\AppData\Local\{DDF17D0D-8737-45FD-A732-117D73F349EA} [2010-11-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-05-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG) R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 AirDisplay; C:\windows\System32\DRIVERS\AVVideoCard.sys [6656 2011-03-18] (Windows (R) Win 7 DDK provider) S3 cleanhlp; C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH) S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2014-05-28] (Kaspersky Lab ZAO) S4 klflt; C:\windows\System32\DRIVERS\klflt.sys [94304 2014-05-28] (Kaspersky Lab ZAO) R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [576608 2014-05-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [25184 2014-05-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2014-05-28] (Kaspersky Lab ZAO) R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [144992 2014-05-28] (Kaspersky Lab ZAO) R3 MonitorFunction; C:\windows\System32\DRIVERS\TVMonitor.sys [13304 2010-11-25] (TeamViewer GmbH) S3 Netaapl; C:\windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed] R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2012-01-31] (CACE Technologies) [File not signed] S0 sfdrv01; C:\windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed] R0 sfhlp02; C:\windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed] S0 sfsync02; C:\windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed] R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-10-28] () [File not signed] S3 Tq_91Assistant; C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [14248 2011-10-15] () S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U3 a6p4ii14; C:\windows\system32\Drivers\a6p4ii14.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 16:37 - 2014-09-17 16:38 - 00021470 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-17 16:37 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:23 - 2014-09-17 16:29 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 12:19 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-09-17 12:19 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-13 13:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-13 13:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-13 13:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-13 13:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-13 13:17 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-13 13:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-13 13:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-13 13:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-13 13:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-13 13:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-13 13:17 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-13 13:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-13 13:17 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-13 13:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-13 13:17 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-13 13:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-13 13:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 13:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-13 13:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-13 13:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-13 13:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-13 13:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-13 13:17 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-13 13:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-13 13:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-13 13:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-13 13:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-13 11:17 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-08-28 22:28 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-28 22:28 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-28 22:15 - 2014-09-17 07:38 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-08-28 22:15 - 2014-09-17 07:38 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-26 11:51 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-08-26 11:51 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2014-08-26 11:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2014-08-26 11:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-08-26 11:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2014-08-26 11:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2014-08-18 17:52 - 2014-08-18 17:52 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Wondershare 2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Program Files\Common Files\Wondershare 2014-08-18 17:37 - 2014-08-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2014-08-18 17:36 - 2014-08-18 17:37 - 00000000 ___HD () C:\Program Files\DrFoneAndroid_Temp 2014-08-18 17:36 - 2014-08-18 17:37 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Wondershare 2014-08-18 17:36 - 2014-08-18 17:36 - 00000000 ____D () C:\Program Files\Wondershare 2014-08-18 17:33 - 2014-08-18 17:35 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2014-08-18 17:18 - 2014-08-18 17:18 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2014-08-18 17:16 - 2014-08-18 17:16 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Android 2014-08-18 16:56 - 2014-08-18 17:02 - 00000000 ____D () C:\Program Files\Recuva 2014-08-18 16:56 - 2014-08-18 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2014-08-18 16:30 - 2014-08-18 16:30 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-08-18 15:55 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2014-08-18 15:55 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2014-08-18 15:55 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2014-08-18 15:55 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 16:38 - 2014-09-17 16:37 - 00021470 _____ () C:\Users\Hartmut\Desktop\FRST.txt 2014-09-17 16:38 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-17 16:38 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-17 16:37 - 2014-09-17 16:37 - 00000000 ____D () C:\FRST 2014-09-17 16:35 - 2014-09-17 16:35 - 01097728 _____ (Farbar) C:\Users\Hartmut\Desktop\FRST.exe 2014-09-17 16:34 - 2009-12-05 04:40 - 01847762 _____ () C:\windows\WindowsUpdate.log 2014-09-17 16:31 - 2014-06-17 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-09-17 16:31 - 2014-01-04 12:17 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\HTC MediaHub 2014-09-17 16:31 - 2012-08-07 23:35 - 00000440 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-09-17 16:30 - 2012-11-11 17:46 - 00001096 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-17 16:30 - 2011-02-22 21:38 - 00135547 _____ () C:\windows\setupact.log 2014-09-17 16:30 - 2010-01-31 18:27 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-09-17 16:30 - 2009-12-05 05:19 - 01041244 _____ () C:\windows\PFRO.log 2014-09-17 16:30 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-17 16:29 - 2014-09-17 16:23 - 00000000 ____D () C:\AdwCleaner 2014-09-17 16:23 - 2014-09-17 16:23 - 01373475 _____ () C:\Users\Hartmut\Desktop\adwcleaner_3.310.exe 2014-09-17 13:00 - 2009-12-05 22:11 - 00000000 ____D () C:\windows\ShellNew 2014-09-17 12:56 - 2012-11-11 17:46 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-17 12:53 - 2012-03-31 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-09-17 12:19 - 2014-09-17 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 12:19 - 2014-09-17 12:19 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2014-09-17 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-17 12:19 - 2010-11-04 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 12:18 - 2014-09-17 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hartmut\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-17 11:54 - 2014-09-17 11:54 - 00001009 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-09-17 11:54 - 2014-09-17 11:54 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree 2014-09-17 11:21 - 2014-09-17 11:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hartmut\Desktop\HiJackThis204.exe 2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Users\Hartmut\Desktop\Emsisoft Emergency Kit 2014-09-17 10:08 - 2014-09-17 10:08 - 00004600 _____ () C:\EamClean.log 2014-09-17 07:38 - 2014-08-28 22:15 - 01040111 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gss 2014-09-17 07:38 - 2014-08-28 22:15 - 00421888 _____ () C:\Users\Hartmut\AppData\Local\ilvaaehj.gdb 2014-09-16 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2014-09-16 15:52 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-09-16 15:44 - 2009-07-26 22:06 - 01612484 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-13 13:11 - 2013-08-24 12:36 - 00000000 ____D () C:\windows\system32\MRT 2014-09-13 13:11 - 2010-11-11 15:59 - 00000000 ____D () C:\windows\system32\MpEngineStore 2014-09-13 13:06 - 2010-02-20 07:31 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-09-13 13:02 - 2012-03-31 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2014-09-13 13:02 - 2011-05-23 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-13 11:35 - 2012-06-25 13:31 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-09-09 19:31 - 2010-11-14 19:35 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\CrashDumps 2014-09-09 19:27 - 2009-07-14 06:33 - 00358272 _____ () C:\windows\system32\FNTCACHE.DAT 2014-08-27 14:47 - 2014-08-27 14:47 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Adobe 2014-08-27 14:12 - 2010-10-28 11:22 - 00000000 ____D () C:\Users\Hartmut\Documents\Tina 2014-08-27 10:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-08-25 06:53 - 2010-10-27 23:15 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-08-23 03:46 - 2014-08-28 22:28 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-28 22:28 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\tmp 2014-08-19 21:17 - 2011-05-09 11:35 - 00000000 ____D () C:\ProgramData\hps 2014-08-19 20:56 - 2013-10-08 14:52 - 00001120 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk 2014-08-19 20:56 - 2013-10-08 14:52 - 00001105 _____ () C:\Users\Public\Desktop\dm-Fotowelt.lnk 2014-08-19 19:39 - 2014-09-13 13:17 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-08-19 00:26 - 2014-09-13 13:17 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-08-19 00:08 - 2014-09-13 13:17 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-08-18 23:57 - 2014-09-13 13:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-08-18 23:57 - 2014-09-13 13:17 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-08-18 23:46 - 2014-09-13 13:17 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-08-18 23:45 - 2014-09-13 13:17 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-08-18 23:44 - 2014-09-13 13:17 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-13 13:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-13 13:17 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-08-18 23:39 - 2014-09-13 13:17 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-08-18 23:39 - 2014-09-13 13:17 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-08-18 23:37 - 2014-09-13 13:17 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-08-18 23:36 - 2014-09-13 13:17 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-08-18 23:36 - 2014-09-13 13:17 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-08-18 23:35 - 2014-09-13 13:17 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-08-18 23:30 - 2014-09-13 13:17 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:27 - 2014-09-13 13:17 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-08-18 23:22 - 2014-09-13 13:17 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-13 13:17 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-08-18 23:17 - 2014-09-13 13:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-08-18 23:17 - 2014-09-13 13:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-08-18 23:15 - 2014-09-13 13:17 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-08-18 23:09 - 2014-09-13 13:17 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-08-18 23:08 - 2014-09-13 13:17 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-08-18 23:08 - 2014-09-13 13:17 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-08-18 23:07 - 2014-09-13 13:17 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-08-18 22:46 - 2014-09-13 13:17 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-08-18 22:38 - 2014-09-13 13:17 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-08-18 22:36 - 2014-09-13 13:17 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-08-18 17:52 - 2014-08-18 17:52 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-08-18 17:41 - 2014-01-04 12:16 - 00000000 ____D () C:\Users\Hartmut\.android 2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Wondershare 2014-08-18 17:38 - 2014-08-18 17:38 - 00000000 ____D () C:\Program Files\Common Files\Wondershare 2014-08-18 17:37 - 2014-08-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2014-08-18 17:37 - 2014-08-18 17:36 - 00000000 ___HD () C:\Program Files\DrFoneAndroid_Temp 2014-08-18 17:37 - 2014-08-18 17:36 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Wondershare 2014-08-18 17:36 - 2014-08-18 17:36 - 00000000 ____D () C:\Program Files\Wondershare 2014-08-18 17:35 - 2014-08-18 17:33 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2014-08-18 17:18 - 2014-08-18 17:18 - 00000000 ____D () C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2014-08-18 17:16 - 2014-08-18 17:16 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Android 2014-08-18 17:02 - 2014-08-18 16:56 - 00000000 ____D () C:\Program Files\Recuva 2014-08-18 16:56 - 2014-08-18 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2014-08-18 16:45 - 2010-01-31 18:39 - 00088320 _____ () C:\Users\Hartmut\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-18 16:35 - 2014-01-04 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-08-18 16:34 - 2010-02-11 19:13 - 00000000 ____D () C:\Program Files\Common Files\Nero 2014-08-18 16:31 - 2009-12-05 04:44 - 00064962 _____ () C:\windows\DPINST.LOG 2014-08-18 16:30 - 2014-08-18 16:30 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-08-18 16:30 - 2014-01-04 12:16 - 00000000 ____D () C:\Program Files\HTC 2014-08-18 16:28 - 2011-02-20 21:12 - 00000000 ____D () C:\Users\Hartmut\AppData\Local\Downloaded Installations Files to move or delete: ==================== C:\windows\temp\DFI-0833TN.exe Some content of TEMP: ==================== C:\Users\Hartmut\AppData\Local\Temp\AcDeltree.exe C:\Users\Hartmut\AppData\Local\Temp\AskSLib.dll C:\Users\Hartmut\AppData\Local\Temp\BackupSetup.exe C:\Users\Hartmut\AppData\Local\Temp\f.exe C:\Users\Hartmut\AppData\Local\Temp\IDMSetup_1.5.0.0.exe C:\Users\Hartmut\AppData\Local\Temp\MSETUP4.EXE C:\Users\Hartmut\AppData\Local\Temp\SkypeSetup.exe C:\Users\Hartmut\AppData\Local\Temp\somoto-master.exe C:\Users\Hartmut\AppData\Local\Temp\tmp20AA.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp2FA8.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp6A27.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\tmp7243.tmp.exe C:\Users\Hartmut\AppData\Local\Temp\_is28DC.exe C:\Users\Hartmut\AppData\Local\Temp\_is7BC4.exe C:\Users\Hartmut\AppData\Local\Temp\~SpUnin~.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 20:11 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014 Ran by Hartmut at 2014-09-17 16:38:51 Running from C:\Users\Hartmut\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated) Adobe AIR (Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.) ArcSoft MediaConverter 3 (HKLM\...\{EE27AA87-8593-4B8A-A595-29E289C5520F}) (Version: 3.1.8.81 - ArcSoft) ArcSoft Panorama Maker 4 (HKLM\...\{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}) (Version: 4.5.0.112 - ArcSoft) ArcSoft Photo Book Screen Saver (HKLM\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft) ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Brochures & Flyers (HKLM\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Prints (HKLM\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft) ArcSoft Print Creations - Poster Creator (HKLM\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM\...\{F03EC055-F34E-4F6B-A684-8A370E11A304}) (Version: 3.0.255.500 - ArcSoft) ArcSoft RAW Thumbnail Viewer (HKLM\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft) ArcSoft Scan-n-Stitch Deluxe (HKLM\...\{363188E4-1A27-4DE6-BA48-823D2E205385}) (Version: 1.1.0.17 - ArcSoft) ArcSoft Video Downloader (HKLM\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft) Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros) BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung) BUFFALO LinkStation(LS-CHL) Setup Guide (HKLM\...\UN090415) (Version: - ) BUFFALO NAS Navigator2 (HKLM\...\UN060501) (Version: - ) Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - ) Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - ) Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version: - ) Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - ) Canon MG6200 series Benutzerregistrierung (HKLM\...\Canon MG6200 series Benutzerregistrierung) (Version: - ) Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - ) Canon MG6200 series On-screen Manual (HKLM\...\Canon MG6200 series On-screen Manual) (Version: - ) Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - ) CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.) CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.) CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.) CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.) CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.) CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.) CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.3304 - CyberLink Corp.) Hidden Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - ) devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 3.2.0.0 - devolo AG) dLAN Cockpit (Version: 3.2.28 - devolo AG) Hidden dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA) DolbyFiles (Version: 2.0 - Nero AG) Hidden DVAPTray (HKLM\...\{30D1B542-44E0-44F0-8A31-2A101CB626B5}) (Version: 2.3.2.31 - ) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM\...\{A5675A9E-F073-414A-9A04-F9BCD50459D7}) (Version: 4.2.6 - Samsung) Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung) Emsisoft HiJackFree 4.5 (HKLM\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH) erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden Genesis (HKCU\...\ilvaaehj) (Version: - ) <==== ATTENTION Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation) HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC) iCare Data Recovery Standard (HKLM\...\{F110DF75-A7A2-4641-A569-8D15F7AC7087}_is1) (Version: 6.0 - iCare Recovery) ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kaspersky Anti-Virus (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Anti-Virus (Version: 14.0.0.4651 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell) Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 (HKLM\...\{ea46649a-0ad3-47e6-8e81-ee599ce55b3b}) (Version: - Nero AG) Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (Version: 4.4.12.100 - Nero AG) Hidden Nero Disc Copy Gadget (Version: 2.4.34.0 - Nero AG) Hidden Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden Nero PhotoSnap (Version: 2.4.28.0 - Nero AG) Hidden Nero Recode (Version: 4.4.38.1 - Nero AG) Hidden Nero Rescue Agent (Version: 2.4.14.100 - Nero AG) Hidden Nero ShowTime (Version: 5.4.21.100 - Nero AG) Hidden Nero StartSmart (Version: 9.4.19.100 - Nero AG) Hidden Nero Vision (Version: 6.4.16.100 - Nero AG) Hidden Nero WaveEditor (Version: 5.4.37.1 - Nero AG) Hidden NeroBurningROM (Version: 9.4.26.100 - Nero AG) Hidden NeroExpress (Version: 9.4.26.100 - Nero AG) Hidden neroxml (Version: 1.0.0 - Nero AG) Hidden OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden OpenOffice.org 3.2 (HKLM\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung) Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SoundTrax (Version: 4.4.37.1 - Nero AG) Hidden Stellar Phoenix Photo Recovery (HKLM\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated) TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.9895 - TeamViewer GmbH) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Wondershare Dr.Fone for Android(Build 4.8.0.135) (HKLM\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.0.135 - Wondershare Software Co.,Ltd.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-1871111397-3539990770-1974983793-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File ==================== Restore Points ========================= 13-09-2014 09:35:51 Windows Update 17-09-2014 05:38:09 Windows Update ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {203A0F5F-3436-462D-A70E-2898EE779A1D} - System32\Tasks\{3FDE1250-FCE9-479F-8E09-F3B709E73AA4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsMain Task: {2D577A20-059C-43FE-B6C0-1FB82EC956F8} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.) Task: {48A6287D-9267-44E7-99FD-21FCA0982FF8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () Task: {4C14D940-64FD-4462-B964-2371058E5BE0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {57678265-526C-442F-AF80-DC7E2EB0CEEF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated) Task: {6700FBE9-7BE9-4262-B6B6-DE9D03166726} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {88A49655-48B3-4C5D-8CD2-9B43A4A79D2F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.) Task: {8D4D5684-8FAB-4077-95EB-C9C0BBB68E80} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.) Task: {9A171F4D-432A-42AF-A3CC-EBCB4A1C5430} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics) Task: {9AFF92F3-6909-4FE1-83FE-1D9E9E6015F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.) Task: {9E874946-B293-4597-B515-99F274BAF2DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.) Task: {AC5777FD-2872-4C74-BB5E-883113CCDDE5} - System32\Tasks\{4B44AE94-0578-406A-B88B-9BBE0D4FA6FC} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {CC0D875C-93E1-46F8-B7B7-80E0B3BCFA41} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll 2014-08-06 13:40 - 2014-08-06 13:40 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll 2014-08-06 13:41 - 2014-08-06 13:41 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll 2014-08-06 13:41 - 2014-08-06 13:41 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll 2014-08-06 13:41 - 2014-08-06 13:41 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2014-08-06 13:42 - 2014-08-06 13:42 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll 2014-08-06 13:44 - 2014-08-06 13:44 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll 2014-08-06 13:46 - 2014-08-06 13:46 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll 2012-06-25 13:31 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE 2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll 2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll 2009-12-05 04:45 - 2010-04-20 14:26 - 00300912 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe 2009-12-05 04:45 - 2010-04-16 14:11 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll 2009-12-05 04:54 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2014-08-06 13:42 - 2014-08-06 13:42 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe 2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2009-12-05 04:50 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2014-07-23 22:52 - 2014-07-23 22:52 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-08-27 10:35 - 2014-08-27 10:35 - 17048240 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/17/2014 07:38:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service Computer Backup (MyPC Backup) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error: (09/17/2014 00:32:54 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/17/2014 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2014 08:14:48 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2014 08:11:51 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/09/2014 07:30:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d26078 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000fcf32 ID des fehlerhaften Prozesses: 0x18a0 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 System errors: ============= Error: (09/17/2014 04:31:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/17/2014 04:31:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sfdrv01 sfsync02 Error: (09/17/2014 04:30:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (09/17/2014 04:30:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (09/17/2014 04:30:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (09/17/2014 04:30:18 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber sfdrv01.sys konnte nicht geladen werden. Error: (09/17/2014 04:30:17 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber sfsync02.sys konnte nicht geladen werden. Error: (09/17/2014 04:17:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sfdrv01 sfsync02 Error: (09/17/2014 04:17:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (09/17/2014 04:17:02 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Microsoft Office Sessions: ========================= Error: (09/17/2014 07:38:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service Computer Backup (MyPC Backup) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. Error: (09/17/2014 00:32:54 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe Error: (09/17/2014 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe Error: (09/17/2014 00:30:33 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest Error: (09/16/2014 08:14:48 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe Error: (09/16/2014 08:11:51 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe Error: (09/16/2014 08:10:54 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest Error: (09/09/2014 07:30:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.1723953d22946MSHTML.dll11.0.9600.1723953d26078c0000005000fcf3218a001cfcc53b7ef389fC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll0b79d4f0-3847-11e4-a75d-002454583452 CodeIntegrity Errors: =================================== Date: 2014-09-17 00:32:24.060 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-17 00:32:24.057 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-17 00:32:24.044 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-17 00:32:24.034 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-17 00:32:24.030 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-17 00:32:24.027 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-17 00:32:23.992 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-17 00:32:23.989 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-17 00:32:23.985 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-17 00:32:23.975 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 43% Total physical RAM: 3032.61 MB Available physical RAM: 1707.39 MB Total Pagefile: 6061.45 MB Available Pagefile: 4370.84 MB Total Virtual: 2047.88 MB Available Virtual: 1897.73 MB ==================== Drives ================================ Drive c: (Windows/Programme) (Fixed) (Total:130.17 GB) (Free:36.82 GB) NTFS Drive d: (Fotos und Bilder) (Fixed) (Total:152.82 GB) (Free:67.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 0E0EF5DF) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=130.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=152.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Ich habe auch in Erwägung gezogen, den Rechner platt zu machen und frisch aufzusetzen, falls die Reinigung nicht erfolgreich ist. Vielen Dank. Jürgen Geändert von MotoG (17.09.2014 um 19:04 Uhr) Grund: Detail vergessen |