Windows 7 Gerätemanager Problem mit MFC42u.dll

schrauber · 02.01.2015, 17:14

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
reg: reg query HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /sub

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ZeRob3E · 11.01.2015, 13:08

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015
Ran by Meister at 2015-01-11 13:05:46 Run:3
Running from C:\Users\Meister\Desktop
Loaded Profile: Meister (Available profiles: Meister)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
reg: reg query HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /sub
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
pccsmcfd => Service deleted successfully.

========= reg query HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /sub =========

FEHLER: Ungltige Syntax.
Geben Sie "REG QUERY /?" ein, um die Syntax anzuzeigen.


========= End of Reg: =========


==== End of Fixlog 13:05:47 ====

schrauber · 11.01.2015, 14:01

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

reg: reg query "HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers" /s

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ZeRob3E · 11.01.2015, 16:46

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015
Ran by Meister at 2015-01-11 16:45:31 Run:4
Running from C:\Users\Meister\Desktop
Loaded Profile: Meister (Available profiles: Meister)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
reg: reg query "HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers" /s
*****************


========= reg query "HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers" /s =========


HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
    ProviderID0    REG_DWORD    0x1
    ProviderID1    REG_DWORD    0x2
    ProviderID2    REG_DWORD    0x3
    ProviderID3    REG_DWORD    0x4
    NextProviderID    REG_DWORD    0x7
    ProviderFileName0    REG_SZ    unimdm.tsp
    ProviderFileName1    REG_SZ    kmddsp.tsp
    ProviderFileName2    REG_SZ    ndptsp.tsp
    ProviderFileName3    REG_SZ    hidphone.tsp
    NumProviders    REG_DWORD    0x5
    ProviderFileName4    REG_SZ    xptmdgfa.tsp
    ProviderID4    REG_DWORD    0x6



========= End of Reg: =========


==== End of Fixlog 16:45:31 ====

schrauber · 11.01.2015, 18:00

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:reg
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /s

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

ZeRob3E · 11.01.2015, 18:39

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 18:39 on 11/01/2015 by Meister
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers]
"ProviderID0"= 0x0000000001 (1)
"ProviderID1"= 0x0000000002 (2)
"ProviderID2"= 0x0000000003 (3)
"ProviderID3"= 0x0000000004 (4)
"NextProviderID"= 0x0000000007 (7)
"ProviderFileName0"="unimdm.tsp"
"ProviderFileName1"="kmddsp.tsp"
"ProviderFileName2"="ndptsp.tsp"
"ProviderFileName3"="hidphone.tsp"
"NumProviders"= 0x0000000005 (5)
"ProviderFileName4"="xptmdgfa.tsp"
"ProviderID4"= 0x0000000006 (6)


-= EOF =-

schrauber · 11.01.2015, 20:56

Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)

Code:

ATTFilter

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers]
"ProviderFileName4"=-

Starte die regfix.reg duch Doppelklick.

ZeRob3E · 11.01.2015, 21:35

Okay, das habe ich gemacht, war laut Popup Fenster auch erfolgreich. Jetzt besteht das urprüngliche Problem vom Gerätemanager nach wie vor...liegt das gar nicht mit dem vorangegangenen Befall zusammen?

schrauber · 12.01.2015, 00:02

Nein. Poste bitte nochmal ein frisches FRST log. Ist das Problem mit dem Gerätemanager das Einzige was noch da ist? Und was genau war nochmal mit dem Gerätemanager?

ZeRob3E · 13.01.2015, 20:54

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Meister (administrator) on MEISTER-PC on 13-01-2015 20:41:24
Running from C:\Users\Meister\Desktop
Loaded Profile: Meister (Available profiles: Meister)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-13] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [TomTomHOME.exe] => D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default
FF DefaultSearchUrl: hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\searchplugins\mailru---.xml
FF Extension: Спутник @Mail.Ru - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2012-06-02]
FF Extension: Adblock Plus - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-06-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/search
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Meister\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-10]
CHR Extension: (Google-Suche) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-10]
CHR Extension: (Avast Online Security) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-13]
CHR Extension: (Google Wallet) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]
CHR StartMenuInternet: Google Chrome - C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-23] (Nalpeiron Ltd.) [File not signed]
R2 TomTomHOMEService; D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-05-06] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 20:41 - 2015-01-13 20:43 - 00016199 _____ () C:\Users\Meister\Desktop\FRST.txt
2015-01-11 21:22 - 2015-01-11 21:22 - 00000145 _____ () C:\Users\Meister\Desktop\regfix.reg
2015-01-11 18:39 - 2015-01-11 18:39 - 00001318 _____ () C:\Users\Meister\Desktop\SystemLook.txt
2015-01-11 18:38 - 2015-01-11 18:38 - 00165376 _____ () C:\Users\Meister\Desktop\SystemLook_x64.exe
2015-01-11 13:05 - 2015-01-11 13:05 - 00000000 ____D () C:\Users\Meister\Desktop\FRST-OlderVersion
2015-01-01 20:21 - 2015-01-01 20:21 - 00000000 ____D () C:\_OTL
2015-01-01 20:06 - 2015-01-01 20:07 - 00186880 _____ (CEXX.ORG) C:\Users\Meister\Downloads\LSPFix.exe
2014-12-30 21:22 - 2014-12-30 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-30 21:22 - 2014-12-30 21:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-12-30 21:21 - 2014-12-30 21:21 - 01182149 _____ () C:\Users\Meister\Downloads\7z936.exe
2014-12-30 21:01 - 2014-12-30 21:01 - 00602112 _____ (OldTimer Tools) C:\Users\Meister\Desktop\OTL.exe
2014-12-30 20:57 - 2014-12-30 20:57 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-30 20:57 - 2014-12-30 20:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-30 20:57 - 2014-12-30 20:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-30 20:57 - 2014-12-30 20:57 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-30 20:57 - 2014-12-30 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-30 20:57 - 2014-12-30 20:57 - 00000000 ____D () C:\Program Files\Java
2014-12-30 20:53 - 2014-12-30 20:53 - 31029672 _____ (Oracle Corporation) C:\Users\Meister\Downloads\jre-7u71-windows-x64.exe
2014-12-30 20:52 - 2014-12-30 20:52 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\Oracle
2014-12-30 20:44 - 2014-12-30 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-12-18 22:58 - 2014-12-18 22:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-17 23:33 - 2014-12-20 18:24 - 00000000 ____D () C:\Users\Meister\Downloads\FRST-OlderVersion
2014-12-17 23:27 - 2014-12-17 23:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-17 23:21 - 2014-12-17 23:21 - 01707646 _____ (Thisisu) C:\Users\Meister\Desktop\JRT.exe
2014-12-17 23:14 - 2014-12-17 23:16 - 00000000 ____D () C:\AdwCleaner
2014-12-17 22:44 - 2014-12-17 23:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 22:43 - 2014-12-17 22:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 22:43 - 2014-12-17 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-17 22:42 - 2014-12-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-17 22:42 - 2014-12-17 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 22:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 22:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 22:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 22:39 - 2014-12-17 22:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Meister\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 22:28 - 2014-12-16 22:28 - 00018126 _____ () C:\ComboFix.txt
2014-12-16 22:16 - 2014-12-16 22:28 - 00000000 ____D () C:\Qoobox
2014-12-16 22:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-16 22:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-16 22:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-16 22:15 - 2014-12-16 22:25 - 00000000 ____D () C:\Windows\erdnt
2014-12-16 22:13 - 2014-12-16 22:14 - 05601641 ____R (Swearware) C:\Users\Meister\Desktop\ComboFix.exe
2014-12-16 01:01 - 2015-01-02 15:05 - 00000000 ____D () C:\Users\Meister\Desktop\Trojaner Board
2014-12-15 21:51 - 2014-12-15 21:51 - 00380416 _____ () C:\Users\Meister\Downloads\g3ifzpwh.exe
2014-12-15 21:48 - 2015-01-13 20:41 - 00000000 ____D () C:\FRST
2014-12-15 21:45 - 2015-01-11 13:05 - 02124288 _____ (Farbar) C:\Users\Meister\Desktop\FRST64.exe
2014-12-15 21:45 - 2014-12-15 21:45 - 00000000 _____ () C:\Users\Meister\defogger_reenable
2014-12-15 21:44 - 2014-12-15 21:45 - 00050477 _____ () C:\Users\Meister\Downloads\Defogger.exe
2014-12-15 21:03 - 2014-12-15 21:03 - 16310272 _____ () C:\Windows\system32\config\system.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:02 - 66617344 _____ () C:\Windows\system32\config\software.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00028672 _____ () C:\Windows\system32\config\sam.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00024576 _____ () C:\Windows\system32\config\security.sav.LOG
2014-12-15 20:57 - 2014-12-15 21:03 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-12-15 20:57 - 2014-12-15 20:57 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-12-15 20:45 - 2014-12-15 20:46 - 03894696 _____ (solvusoft Corporation ) C:\Users\Meister\Downloads\Mfc42u.dll-Reparaturprogramm-WinThruster.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 20:40 - 2011-05-06 12:59 - 01254803 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 20:39 - 2014-12-13 12:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-13 20:36 - 2014-12-13 12:44 - 00001468 _____ () C:\Windows\setupact.log
2015-01-13 20:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 21:35 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 21:35 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 13:01 - 2012-03-29 18:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 12:56 - 2012-07-10 18:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 12:56 - 2012-07-10 16:45 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 21:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-30 20:48 - 2012-03-29 18:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 20:48 - 2012-03-29 18:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-30 20:48 - 2011-05-15 11:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 20:43 - 2011-05-06 13:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-17 23:17 - 2014-12-13 12:44 - 00081008 _____ () C:\Windows\PFRO.log
2014-12-17 23:16 - 2014-02-11 22:12 - 00000000 ____D () C:\Windows\system32\log
2014-12-17 23:16 - 2011-05-15 13:21 - 00000979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-17 23:16 - 2011-05-15 13:21 - 00000967 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-12-17 23:16 - 2011-05-06 13:03 - 00000000 ____D () C:\Users\Meister
2014-12-16 22:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-16 22:14 - 2010-11-21 07:50 - 00696832 _____ () C:\Windows\system32\perfh007.dat
2014-12-16 22:14 - 2010-11-21 07:50 - 00148128 _____ () C:\Windows\system32\perfc007.dat
2014-12-16 22:14 - 2009-07-14 06:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\Meister\install_flashplayer12x32au_mssa_awb_aih.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 15:43

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by Meister at 2015-01-13 20:44:10
Running from C:\Users\Meister\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.36 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.4 3.4.4 (HKLM-x32\...\BookSmart® 3.4.4 3.4.4) (Version:  - Blurb, Inc)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.5 - NIKON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.3.0.20 - DivX, LLC)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google Chrome (HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minolta DiMAGE Scan ver 1.1 (HKLM-x32\...\{AFB2133B-BCEE-49E5-AB1D-F54E7798D533}) (Version:  - )
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PerfV700_V750 Benutzerhandbuch (HKLM-x32\...\PerfV700_V750 Benutzerhandbuch) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
Russisch für Deutsche - empfohlen (HKLM\...\{4C47DA93-303F-4165-918B-BCBAD9099DB8}) (Version: 1.0.3.40 - Uni Leipzig)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.26 - SSW Software GmbH)
Saal Design Software (x32 Version: 3.2.26 - SSW Software GmbH) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

13-12-2014 12:55:27 avast! antivirus system restore point
13-12-2014 13:33:43 avast! antivirus system restore point
13-12-2014 13:48:02 Windows Update
15-12-2014 20:53:58 WinThruster Mo, Dez 15, 14  20:53
17-12-2014 22:45:18 Windows Update
30-12-2014 20:41:39 Windows Update
30-12-2014 20:55:51 Installed Java 7 Update 71 (64-bit)
01-01-2015 20:37:46 Windows Update
11-01-2015 12:56:40 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-16 22:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {036E8C82-7DDD-4731-A048-4237E855E232} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {0E5037CA-F68B-4988-8C0E-CCFFE170F837} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {1E8D942B-F494-4B6E-A5C4-CEDEE06F80BA} - System32\Tasks\{D211CDEC-C4EC-4E0B-BFD9-42AA74CA49F6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {31EE70D1-F7FF-48A0-B171-273EC38FF11A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-30] (Adobe Systems Incorporated)
Task: {5236106A-1A0D-4F5E-A1CB-422B77B1270E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E310931-CDB1-4191-9A48-22AEB4D65D33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {62F9153C-46DF-4A19-B588-A0C4D9A5E36D} - System32\Tasks\{925304C0-FF2D-476D-9B3A-5C948A15E372} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {6BBD94BF-3F76-4F75-A4D5-1071782E065C} - System32\Tasks\{3F8E0070-CFC8-4E2B-9189-162C57E635EB} => pcalua.exe -a "D:\Eigene Dateien\Progs\SkypeSetupFull-55.exe" -d "D:\Eigene Dateien\Progs"
Task: {785AD318-D073-44F6-A6C2-F25F3D3B6C65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {988F2D2F-CDD5-4E24-9181-CFC9B23724DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-13] (AVAST Software)
Task: {9A57BB27-1505-45C2-B059-E454D7547B92} - System32\Tasks\{C5166266-1E7D-4416-8606-7ADC4D61B1F9} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-28] (SEIKO EPSON CORP.)
Task: {BFDA13FA-69C0-413C-A98C-02A75D599412} - System32\Tasks\{1665758C-D66E-4AC8-BB07-D28BAC910A57} => pcalua.exe -a C:\Users\Meister\Desktop\S-CNX2__-020305WU-___DE-ALL___.exe -d C:\Users\Meister\Desktop
Task: {DDA69226-D513-4F74-A289-2A0F0B78336E} - System32\Tasks\{70323D67-B236-419F-8DB2-E11D7E2CA5E3} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {E2282B8F-5791-4829-A930-73965E96145A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-11 18:33 - 2015-01-11 18:33 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011101\algo.dll
2015-01-13 20:38 - 2015-01-13 20:38 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011302\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-09 21:44 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 21:44 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-12-13 13:34 - 2014-12-13 13:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot

========================= Accounts: ==========================

Administrator (S-1-5-21-4289249302-2505303769-1399656917-500 - Administrator - Disabled)
Gast (S-1-5-21-4289249302-2505303769-1399656917-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4289249302-2505303769-1399656917-1002 - Limited - Enabled)
Meister (S-1-5-21-4289249302-2505303769-1399656917-1000 - Administrator - Enabled) => C:\Users\Meister

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 08:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 09:32:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 09:04:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 06:33:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 04:41:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:50:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2015 02:49:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 07:58:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 04:11:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 04:11:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (01/13/2015 08:44:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127

Error: (01/13/2015 08:39:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127

Error: (01/13/2015 08:39:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127

Error: (01/13/2015 08:39:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127

Error: (01/13/2015 08:37:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127

Error: (01/13/2015 08:37:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127

Error: (01/13/2015 08:37:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127

Error: (01/13/2015 08:37:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127

Error: (01/13/2015 08:37:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127

Error: (01/13/2015 08:37:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: 
%%127


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-16 22:24:39.834
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-16 22:24:39.787
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 94%
Total physical RAM: 2047.05 MB
Available physical RAM: 103.73 MB
Total Pagefile: 4094.11 MB
Available Pagefile: 1626.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:91.7 GB) (Free:32.46 GB) NTFS
Drive d: (Daten) (Fixed) (Total:206.29 GB) (Free:178.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B61BB61B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=91.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=206.3 GB) - (Type=OF Extended)

==================== End Of Log ============================

Also der Gerätemanager lässt sich nicht öffnen und das gleiche Problem tritt bei Paint auf, es kommt als Popup die Fehlermeldung dass MFC42u.dll fehlen würde etc. und ich dachte das wäre vllt auf den Virusbefall zurückzuführen aber der scheint ja nun gelöst zu sein...ich bin als Laie echt ratlos.

schrauber · 14.01.2015, 08:13

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

ZeRob3E · 14.01.2015, 23:48

So,hab das Programm nach Anleitung durchlaufen lassen, allerdings gab es währenddessen wieder das Problem mit der MFC42u.dll, die netsh.exe konnte nicht gestartet werden da besagte .dll Datei fehlt. Das Problem besteht weiterhin mit dem Gerätemanger etc.

schrauber · 15.01.2015, 07:13

Bitte mal das Dateisystem prüfen:
Fehler im Dateisystem beheben - so geht's - Anleitungen

Dann:
https://support.microsoft.com/kb/929...?wa=wsignin1.0

ZeRob3E · 18.01.2015, 21:29

Die Dateisystemprüfung ging nur mit der 2. Möglichkeit in der Anleitung, ein Ergebnis kann ich mir aber nicht anzeigen lassen da der mmc.exe mal wieder die MFC42u.dll fehlt.

Das Microsoft Support Ding hat bedingt funkioniert, der Scan lief an sich problemlos. Die Auswertungsdatei ließ sich jedoch nicht nach beschriebener Anleitung erstellen und die Datei CBS.log konnte ich nur öffnen über den als Admin ausgeführten Editor. Da habe ich jetzt einen Riesenbatzen an Infos mit denen ich herzlich wenig anfangen kann und auch wenn ich da eventuell noch rauslesen könnte an welcher Stelle diese .dll Datei fehlt...wo bekomme ich dann noch eine neue her?! Ach ist das kompliziert.. :P

Hab diese CBS Datei mal gezippt angehangen.

schrauber · 19.01.2015, 11:00

Windows Scheibe da?

19.01.2015, 11:00	#30
schrauber /// the machine /// TB-Ausbilder	Windows 7 Gerätemanager Problem mit MFC42u.dll Windows Scheibe da? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7 Gerätemanager Problem mit MFC42u.dll

Plagegeister aller Art und deren Bekämpfung: Windows 7 Gerätemanager Problem mit MFC42u.dll