| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 Gerätemanager Problem mit MFC42u.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.12.2014, 00:59
| #1 |
 |  Windows 7 Gerätemanager Problem mit MFC42u.dll Hallo liebes Forum, mein Kollege hat mich gebeten mir mal seinen PC anzusehen weil er den Gerätemanager nicht mehr öffnen kann und er absolut kein Licht am Fahrrad hat was PCs betrifft. Gesagt,getan: klickt man auf den Gerätemanager kommt eine Meldung mit folgendem Wortlaut "Das Programm kann nicht gestartet werden, da MFC42u.dll auf dem Computer fehlt. Installieren Sie das Programm erneut, um das Problem zu beheben."Bei Paint tritt übrigens das selbe Problem auf. Ich habe dann erstmal Avast installiert da kein Antivir vorhanden war und das hat nach einem Scan auch einiges an Adware,Malware etc. gefunden was ich dann per Klick bereinigt habe. Das anfangs geschilderte Problem besteht allerdings weiterhin, weshalb ich von einem tiefer sitzenden Fehler ausgehe. Wie man ein Logfile aus Avast findet und postet müsste mir jemand kurz schildern, die restlichen Logfiles habe ich nach Anleitung erstellt. Schon jetzt einmal danke für die Hilfe und hoffentlich bis bald, Zerob3e Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:45 on 15/12/2014 (Meister)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Meister (administrator) on MEISTER-PC on 15-12-2014 21:48:40
Running from C:\Users\Meister\Downloads
Loaded Profile: Meister (Available profiles: Meister)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-13] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [Google Update] => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-10] (Google Inc.)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [TomTomHOME.exe] => D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392152388&from=adks&uid=SAMSUNGXHD322HJ_S17AJ9AS106554
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392152388&from=adks&uid=SAMSUNGXHD322HJ_S17AJ9AS106554&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392152388&from=adks&uid=SAMSUNGXHD322HJ_S17AJ9AS106554
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392152388&from=adks&uid=SAMSUNGXHD322HJ_S17AJ9AS106554&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392152388&from=adks&uid=SAMSUNGXHD322HJ_S17AJ9AS106554&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392152388&from=adks&uid=SAMSUNGXHD322HJ_S17AJ9AS106554&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392152388&from=adks&uid=SAMSUNGXHD322HJ_S17AJ9AS106554&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392152388&from=adks&uid=SAMSUNGXHD322HJ_S17AJ9AS106554&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
Toolbar: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Windows\system32\tnns5rdy2.dll File Not found ()
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default
FF DefaultSearchEngine: Search the web (Babylon)
FF DefaultSearchUrl: hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Search the web (Babylon)
FF Homepage: hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=c4d21d5800000000000000248c0a58bd
FF Keyword.URL: hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=c4d21d5800000000000000248c0a58bd&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\searchplugins\mailru---.xml
FF SearchPlugin: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\searchplugins\Search_Results.xml
FF Extension: Babylon - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\ffxtlbr@babylon.com [2011-11-21]
FF Extension: Спутник @Mail.Ru - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2012-06-02]
FF Extension: Adblock Plus - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-06-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/search
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Meister\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-10]
CHR Extension: (Extended Protection) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-02-11]
CHR Extension: (Google-Suche) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-10]
CHR Extension: (Avast Online Security) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-13]
CHR Extension: (Google Wallet) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-10]
CHR Extension: (Lightning speedDial) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
R2 DailytoolsUpdateService; C:\Windows\SysWOW64\update1.dll [352256 2014-08-03] (Dailytools GmbH) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-23] (Nalpeiron Ltd.) [File not signed]
R2 TomTomHOMEService; D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S2 Dnscache; %SystemRoot%\System32\pouavchl7.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-05-06] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 21:48 - 2014-12-15 21:49 - 00019773 _____ () C:\Users\Meister\Downloads\FRST.txt
2014-12-15 21:48 - 2014-12-15 21:48 - 00000000 ____D () C:\FRST
2014-12-15 21:45 - 2014-12-15 21:46 - 02119168 _____ (Farbar) C:\Users\Meister\Downloads\FRST64.exe
2014-12-15 21:45 - 2014-12-15 21:45 - 00000476 _____ () C:\Users\Meister\Downloads\defogger_disable.log
2014-12-15 21:45 - 2014-12-15 21:45 - 00000000 _____ () C:\Users\Meister\defogger_reenable
2014-12-15 21:44 - 2014-12-15 21:45 - 00050477 _____ () C:\Users\Meister\Downloads\Defogger.exe
2014-12-15 21:03 - 2014-12-15 21:03 - 16310272 _____ () C:\Windows\system32\config\system.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:02 - 66617344 _____ () C:\Windows\system32\config\software.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00028672 _____ () C:\Windows\system32\config\sam.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00024576 _____ () C:\Windows\system32\config\security.sav.LOG
2014-12-15 20:57 - 2014-12-15 21:03 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-12-15 20:57 - 2014-12-15 20:57 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-12-15 20:50 - 2014-12-15 21:06 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\Solvusoft
2014-12-15 20:45 - 2014-12-15 20:46 - 03894696 _____ (solvusoft Corporation ) C:\Users\Meister\Downloads\Mfc42u.dll-Reparaturprogramm-WinThruster.exe
2014-12-13 13:35 - 2014-12-13 13:35 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-13 13:35 - 2014-12-13 13:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-13 13:32 - 2014-12-13 13:32 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-13 13:28 - 2014-12-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-13 13:20 - 2014-12-13 13:20 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\AVAST Software
2014-12-13 12:59 - 2014-12-15 21:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-13 12:59 - 2014-12-13 13:36 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-13 12:59 - 2014-12-13 13:35 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-13 12:59 - 2014-12-13 13:34 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-13 12:59 - 2014-12-13 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-13 12:56 - 2014-12-13 12:56 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-13 12:52 - 2014-12-13 12:56 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-13 12:49 - 2014-12-13 12:52 - 131078000 _____ (AVAST Software) C:\Users\Meister\Downloads\avast_free_antivirus_setup.exe
2014-12-13 12:44 - 2014-12-15 21:04 - 00000224 _____ () C:\Windows\setupact.log
2014-12-13 12:44 - 2014-12-13 16:57 - 00002160 _____ () C:\Windows\PFRO.log
2014-12-13 12:44 - 2014-12-13 12:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-12 13:50 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 13:50 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 13:30 - 2014-12-12 13:30 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Meister\Downloads\avira_de_av_5707959778__ws (1).exe
2014-12-12 13:29 - 2014-12-12 13:30 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Meister\Downloads\avira_de_av_5707959778__ws.exe
2014-12-09 21:41 - 2014-12-09 21:41 - 00002184 _____ () C:\Users\Public\Desktop\PerfV700_V750 Benutzerhandbuch.lnk
2014-12-09 21:13 - 2014-12-09 21:13 - 00002948 _____ () C:\Windows\System32\Tasks\{C5166266-1E7D-4416-8606-7ADC4D61B1F9}
2014-12-09 20:47 - 2014-12-09 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-09 20:46 - 2014-12-09 21:41 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-12-09 20:46 - 2014-12-09 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2014-12-09 20:46 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2014-12-09 20:46 - 2009-05-01 00:00 - 00017408 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcdev.dll
2014-12-09 20:46 - 2007-11-20 00:00 - 00055808 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiab.dll
2014-12-05 14:35 - 2014-12-05 14:35 - 00003600 ____N () C:\bootsqm.dat
2014-12-05 14:35 - 2014-12-05 14:35 - 00000000 __SHD () C:\found.000
2014-11-28 19:42 - 2014-11-28 19:42 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-28 19:42 - 2014-11-28 19:42 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-28 19:41 - 2014-11-28 19:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-28 19:36 - 2014-11-28 19:38 - 05162080 _____ (Piriform Ltd) C:\Users\Meister\Downloads\ccsetup500.exe
2014-11-21 13:02 - 2014-11-21 13:02 - 00000000 ____D () C:\Program Files (x86)\GUMC783.tmp
2014-11-21 12:50 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 12:50 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 12:50 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-21 12:50 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-21 12:50 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-21 12:50 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-21 12:50 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-21 12:50 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-21 12:50 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-21 12:50 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-21 12:50 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-21 12:50 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-21 12:50 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-21 12:50 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-21 12:50 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-21 12:50 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-21 12:50 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-21 12:50 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-21 12:50 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-21 12:50 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-21 12:50 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-21 12:50 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-21 12:50 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-21 12:50 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-21 12:50 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-21 12:50 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-21 12:50 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-21 12:50 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-21 12:50 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-21 12:50 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-21 12:50 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-21 12:50 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-21 12:50 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-21 12:50 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-21 12:50 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-21 12:50 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-21 12:50 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-21 12:50 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-21 12:50 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-21 12:50 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-21 12:50 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-21 12:50 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-21 12:50 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-21 12:50 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-21 12:50 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-21 12:50 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-21 12:50 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-21 12:50 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-21 12:50 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-21 12:50 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-21 12:50 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-21 12:50 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-21 12:50 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-21 12:50 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-21 12:50 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-21 12:50 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-21 12:50 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-21 12:50 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-21 12:50 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-21 12:50 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-21 12:50 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-21 12:50 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-21 12:50 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-21 12:50 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-21 12:49 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-21 12:49 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-21 12:49 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-21 12:49 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-21 12:49 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-21 12:39 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-21 12:39 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-21 12:39 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-21 12:39 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-21 12:39 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-21 12:39 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-21 12:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-21 12:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-21 12:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-21 12:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-21 12:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-21 12:39 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-21 12:38 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-21 12:38 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-21 12:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 21:45 - 2011-05-06 13:03 - 00000000 ____D () C:\Users\Meister
2014-12-15 21:19 - 2011-05-06 12:59 - 01360034 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 21:10 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 21:10 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 21:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 20:58 - 2012-07-10 18:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 20:58 - 2012-07-10 16:45 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job
2014-12-15 20:37 - 2012-03-29 18:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 17:01 - 2012-03-29 18:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 17:01 - 2012-03-29 18:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-13 17:01 - 2011-05-15 11:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-13 15:13 - 2014-02-11 22:06 - 00000000 ____D () C:\Users\Meister\AppData\Local\BrowserSafeguard
2014-12-13 15:13 - 2014-02-11 22:02 - 00000000 ____D () C:\Users\Meister\AppData\Local\genienext
2014-12-13 13:32 - 2011-05-06 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-13 13:29 - 2011-05-06 16:35 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\DivX
2014-12-13 13:29 - 2011-05-06 13:38 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-13 13:29 - 2011-05-06 13:37 - 00000000 ____D () C:\ProgramData\DivX
2014-12-13 13:28 - 2011-05-06 13:38 - 00000000 ____D () C:\Program Files\DivX
2014-12-13 13:25 - 2014-02-11 22:02 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\newnext.me
2014-12-13 12:49 - 2013-12-01 13:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 12:49 - 2011-10-16 15:12 - 00000000 ____D () C:\ProgramData\Avira
2014-12-12 16:31 - 2014-08-29 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 16:31 - 2011-05-06 13:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 16:29 - 2014-08-29 22:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 13:20 - 2010-11-21 07:50 - 00696832 _____ () C:\Windows\system32\perfh007.dat
2014-12-12 13:20 - 2010-11-21 07:50 - 00148128 _____ () C:\Windows\system32\perfc007.dat
2014-12-12 13:20 - 2009-07-14 06:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 21:46 - 2013-04-13 11:07 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\EPSON
2014-12-09 21:44 - 2013-04-13 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-12-09 21:42 - 2013-04-13 10:02 - 00000000 ____D () C:\Program Files (x86)\epson
2014-12-09 20:37 - 2013-04-13 10:09 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\ArcSoft
2014-12-09 20:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-05 19:28 - 2011-05-07 09:24 - 00000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2014-12-05 19:28 - 2011-05-07 09:18 - 00000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2014-12-05 19:28 - 2011-05-06 16:42 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2014-11-28 19:46 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\DAEMON Tools Lite
2014-11-28 19:44 - 2011-05-31 21:46 - 00000000 ____D () C:\Windows\Minidump
2014-11-21 14:47 - 2009-07-14 05:45 - 02944632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-21 12:51 - 2012-07-10 18:19 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-21 12:51 - 2012-07-10 18:19 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-21 12:51 - 2012-07-10 18:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 12:51 - 2012-07-10 16:45 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA
2014-11-21 12:51 - 2012-07-10 16:45 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core
2014-11-21 12:51 - 2012-07-10 16:45 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job
Files to move or delete:
====================
C:\Users\Meister\install_flashplayer12x32au_mssa_awb_aih.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-09 15:43
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Meister at 2014-12-15 21:49:55
Running from C:\Users\Meister\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.4 3.4.4 (HKLM-x32\...\BookSmart® 3.4.4 3.4.4) (Version: - Blurb, Inc)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.5 - NIKON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.3.0.20 - DivX, LLC)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google Chrome (HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minolta DiMAGE Scan ver 1.1 (HKLM-x32\...\{AFB2133B-BCEE-49E5-AB1D-F54E7798D533}) (Version: - )
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PerfV700_V750 Benutzerhandbuch (HKLM-x32\...\PerfV700_V750 Benutzerhandbuch) (Version: - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
Russisch für Deutsche - empfohlen (HKLM\...\{4C47DA93-303F-4165-918B-BCBAD9099DB8}) (Version: 1.0.3.40 - Uni Leipzig)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.26 - SSW Software GmbH)
Saal Design Software (x32 Version: 3.2.26 - SSW Software GmbH) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
09-12-2014 19:47:56 Installiert InstallShield Wiederherstellungspunkt
09-12-2014 19:49:27 Installed ABBYY FineReader 6.0 Sprint
09-12-2014 19:50:52 Installiert Epson Event Manager
09-12-2014 19:51:12 Installiert EPSON Scan Assistant
09-12-2014 19:51:29 Installiert Attach To Email
09-12-2014 19:52:12 Installiert Scan-n-Stitch Deluxe
09-12-2014 20:05:49 Windows Update
09-12-2014 20:21:23 Entfernt Scan-n-Stitch Deluxe
09-12-2014 20:21:50 Removed ABBYY FineReader 6.0 Sprint
09-12-2014 20:23:14 Entfernt EPSON Scan Assistant
09-12-2014 20:23:22 Entfernt Attach To Email
09-12-2014 20:23:35 Entfernt Epson Event Manager
09-12-2014 20:42:27 Installiert InstallShield Wiederherstellungspunkt
09-12-2014 20:43:50 Installiert Epson Event Manager
09-12-2014 20:44:23 Installiert EPSON Scan Assistant
09-12-2014 20:44:44 Installiert Attach To Email
12-12-2014 15:27:27 Windows Update
13-12-2014 11:55:27 avast! antivirus system restore point
13-12-2014 12:33:43 avast! antivirus system restore point
13-12-2014 12:48:02 Windows Update
15-12-2014 19:53:58 WinThruster Mo, Dez 15, 14 20:53
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2011-05-25 18:33 - 00000856 ____H C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {036E8C82-7DDD-4731-A048-4237E855E232} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {0E5037CA-F68B-4988-8C0E-CCFFE170F837} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {1E8D942B-F494-4B6E-A5C4-CEDEE06F80BA} - System32\Tasks\{D211CDEC-C4EC-4E0B-BFD9-42AA74CA49F6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {31EE70D1-F7FF-48A0-B171-273EC38FF11A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {410E96BA-9B5E-43A6-9E45-37DF91FC1641} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {5236106A-1A0D-4F5E-A1CB-422B77B1270E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E310931-CDB1-4191-9A48-22AEB4D65D33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {62F9153C-46DF-4A19-B588-A0C4D9A5E36D} - System32\Tasks\{925304C0-FF2D-476D-9B3A-5C948A15E372} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {6BBD94BF-3F76-4F75-A4D5-1071782E065C} - System32\Tasks\{3F8E0070-CFC8-4E2B-9189-162C57E635EB} => pcalua.exe -a "D:\Eigene Dateien\Progs\SkypeSetupFull-55.exe" -d "D:\Eigene Dateien\Progs"
Task: {6E0447B5-F53C-4A26-9E2C-9B8ECC91132C} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {785AD318-D073-44F6-A6C2-F25F3D3B6C65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {988F2D2F-CDD5-4E24-9181-CFC9B23724DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-13] (AVAST Software)
Task: {9A57BB27-1505-45C2-B059-E454D7547B92} - System32\Tasks\{C5166266-1E7D-4416-8606-7ADC4D61B1F9} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-28] (SEIKO EPSON CORP.)
Task: {AF8AFB59-5572-4310-BB02-AB4381E33BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {BFDA13FA-69C0-413C-A98C-02A75D599412} - System32\Tasks\{1665758C-D66E-4AC8-BB07-D28BAC910A57} => pcalua.exe -a C:\Users\Meister\Desktop\S-CNX2__-020305WU-___DE-ALL___.exe -d C:\Users\Meister\Desktop
Task: {DDA69226-D513-4F74-A289-2A0F0B78336E} - System32\Tasks\{70323D67-B236-419F-8DB2-E11D7E2CA5E3} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {E2282B8F-5791-4829-A930-73965E96145A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {E9D1BAD9-3721-4A44-90D8-1513FF067EF2} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-05-06 13:08 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-15 20:39 - 2014-12-15 20:39 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121502\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-09 21:44 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 21:44 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-12-13 13:34 - 2014-12-13 13:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-13 13:04 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 13:04 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 13:04 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 13:04 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 13:04 - 2014-12-06 02:50 - 14913352 _____ () C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
========================= Accounts: ==========================
Administrator (S-1-5-21-4289249302-2505303769-1399656917-500 - Administrator - Disabled)
Gast (S-1-5-21-4289249302-2505303769-1399656917-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4289249302-2505303769-1399656917-1002 - Limited - Enabled)
Meister (S-1-5-21-4289249302-2505303769-1399656917-1000 - Administrator - Enabled) => C:\Users\Meister
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/15/2014 09:04:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/15/2014 08:51:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: SysMenu.dll, Version: 1.0.0.5, Zeitstempel: 0x52b449c7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006ce5c
ID des fehlerhaften Prozesses: 0x3c8
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Error: (12/15/2014 08:38:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/13/2014 04:58:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/13/2014 01:48:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary bcmwjbyo.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (12/13/2014 01:33:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary bcmwjbyo.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (12/13/2014 01:28:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/13/2014 00:56:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary bcmwjbyo.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (12/13/2014 00:46:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/12/2014 04:27:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service ArcSoft Connect Daemon since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
System errors:
=============
Error: (12/15/2014 09:49:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/15/2014 09:47:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/15/2014 09:42:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/15/2014 09:40:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/15/2014 09:35:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/15/2014 09:33:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/15/2014 09:28:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/15/2014 09:25:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/15/2014 09:20:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/15/2014 09:18:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 60%
Total physical RAM: 2047.05 MB
Available physical RAM: 811.42 MB
Total Pagefile: 4094.11 MB
Available Pagefile: 2336.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:91.7 GB) (Free:32.97 GB) NTFS
Drive d: (Daten) (Fixed) (Total:206.29 GB) (Free:178.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B61BB61B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=91.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=206.3 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-15 22:03:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD322HJ rev.1AC01113 298,09GB
Running: g3ifzpwh.exe; Driver: C:\Users\Meister\AppData\Local\Temp\fwdiifoc.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!EngSetLastError + 620 fffff96000175108 8 bytes [6C, E1, AA, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001a4300 7 bytes [00, A1, F3, FF, 41, B4, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001a4308 3 bytes [00, 07, 02]
.text ... * 107
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 304 fffff9600026b200 6 bytes {JMP QWORD [RIP-0xbb862]}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3816] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076b28791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
---- EOF - GMER 2.1 ----
|
|
16.12.2014, 07:24
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Gerätemanager Problem mit MFC42u.dll hi,
__________________Scan mit Combofix
__________________ |
|
16.12.2014, 22:38
| #3 |
| | Windows 7 Gerätemanager Problem mit MFC42u.dll Alles unverändert.
__________________Combofix Code:
ATTFilter ComboFix 14-12-14.01 - Meister 16.12.2014 22:18:04.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2047.793 [GMT 1:00]
ausgeführt von:: c:\users\Meister\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Company
c:\users\Meister\AppData\Local\BrowserSafeguard
c:\users\Meister\g2mdlhlpx.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-16 bis 2014-12-16 ))))))))))))))))))))))))))))))
.
.
2014-12-16 21:25 . 2014-12-16 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-15 21:04 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CC31953-DBC2-4591-B717-BCC452754CB6}\mpengine.dll
2014-12-15 20:48 . 2014-12-15 20:50 -------- d-----w- C:\FRST
2014-12-15 19:57 . 2014-12-15 20:03 1668 ----a-w- c:\windows\system32\ASOROSet.bin
2014-12-15 19:50 . 2014-12-15 20:06 -------- d-----w- c:\users\Meister\AppData\Roaming\Solvusoft
2014-12-13 12:35 . 2014-12-13 12:35 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-13 12:35 . 2014-12-13 12:35 43152 ----a-w- c:\windows\avastSS.scr
2014-12-13 12:20 . 2014-12-13 12:20 -------- d-----w- c:\users\Meister\AppData\Roaming\AVAST Software
2014-12-13 11:59 . 2014-12-13 12:35 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-12-13 11:59 . 2014-12-13 12:35 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-13 11:59 . 2014-12-13 12:35 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-13 11:59 . 2014-12-13 12:35 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-12-13 11:59 . 2014-12-13 12:35 83280 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-12-13 11:59 . 2014-12-13 12:35 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-13 11:59 . 2014-12-13 12:35 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-13 11:59 . 2014-12-13 12:34 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-13 11:56 . 2014-12-13 11:56 -------- d-----w- c:\program files\AVAST Software
2014-12-13 11:52 . 2014-12-13 11:56 -------- d-----w- c:\programdata\AVAST Software
2014-12-12 13:33 . 2014-09-18 18:15 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEE5B35B-7EB6-4172-A427-4D37B43497FA}\gapaengine.dll
2014-12-12 13:28 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-12 12:50 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-12 12:50 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-09 20:12 . 2014-12-09 20:12 -------- d-----w- c:\users\Meister\AppData\Local\ElevatedDiagnostics
2014-12-09 19:46 . 2009-04-30 23:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2014-12-09 19:46 . 2009-04-30 23:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2014-12-09 19:46 . 2007-11-19 23:00 55808 ----a-w- c:\windows\system32\esxcwiab.dll
2014-12-05 13:35 . 2014-12-05 13:35 -------- d-----w- C:\found.000
2014-11-28 18:41 . 2014-11-28 18:42 -------- d-----w- c:\program files\CCleaner
2014-11-21 12:02 . 2014-11-21 12:02 -------- d-----w- c:\program files (x86)\GUMC783.tmp
2014-11-21 11:49 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-21 11:49 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-21 11:49 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-21 11:49 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-21 11:49 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-21 11:38 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-21 11:38 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-21 11:38 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 16:01 . 2012-03-29 17:07 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-13 16:01 . 2011-05-15 10:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-12 15:29 . 2014-08-29 21:33 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-06 05:42 . 2014-11-06 05:42 341848 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-09-18 18:15 . 2014-08-29 08:38 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"TomTomHOME.exe"="d:\eigene dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe" [2014-06-05 248176]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-13 5225064]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DailytoolsUpdateService;DailytoolsUpdateService;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;d:\eigene dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe;d:\eigene dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
DailytoolsInstallerService REG_MULTI_SZ DailytoolsInstallerService
DailytoolsUpdateService REG_MULTI_SZ DailytoolsUpdateService
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:01]
.
2014-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 17:19]
.
2014-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 17:19]
.
2014-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job
- c:\users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 15:45]
.
2014-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job
- c:\users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 15:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-13 12:35 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = <-loopback>;www.joosoft.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-16 22:28:23
ComboFix-quarantined-files.txt 2014-12-16 21:28
.
Vor Suchlauf: 8 Verzeichnis(se), 35.235.569.664 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 34.568.634.368 Bytes frei
.
- - End Of File - - 4D46FFD78E7CC80510AF280AD4BE9F15
A36C5E4F47E84449FF07ED3517B43A31
|
|
17.12.2014, 20:12
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 Gerätemanager Problem mit MFC42u.dll Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.12.2014, 23:42
| #5 |
| | Windows 7 Gerätemanager Problem mit MFC42u.dll So,es gab wieder einige Funde: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.12.2014 Suchlauf-Zeit: 22:45:15 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.17.04 Rootkit Datenbank: v2014.12.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Meister Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 346134 Verstrichene Zeit: 13 Min, 18 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 17/12/2014 um 23:16:02
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Meister - MEISTER-PC
# Gestartet von : C:\Users\Meister\Desktop\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : DailytoolsUpdateService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Search
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Users\Meister\AppData\Local\apn
Ordner Gelöscht : C:\Users\Meister\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Meister\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Meister\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Meister\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Meister\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Meister\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Meister\AppData\Local\Software
Ordner Gelöscht : C:\Users\Meister\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Meister\AppData\Roaming\eCyber
Ordner Gelöscht : C:\Users\Meister\AppData\Roaming\iSafe
Ordner Gelöscht : C:\Users\Meister\AppData\Roaming\Solvusoft
Ordner Gelöscht : C:\Users\Meister\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Meister\AppData\Roaming\WinZipper
Datei Gelöscht : C:\Windows\SysWOW64\update1.dll
Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Meister\daemonprocess.txt
Datei Gelöscht : C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
***** [ Tasks ] *****
Task Gelöscht : Desk 365 RunAsStdUser
Task Gelöscht : SMupdate1
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Opera.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Verknüpfung Desinfiziert : C:\Users\Meister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsInstallerService]
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsUpdateService]
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [Update-Service-Installer-Service]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Joosoft.com
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YTDownloader
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.cbid", "JM");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.config-updated", true);
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.crumb", "2011.07.04+12.39.32-toolbar002iad-DE-U3R1dHRnYXJ0LEdlcm1hbnk%3D");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true);
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.fresh-install", false);
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.guid", "55d14b07-63f7-48ce-a279-7c7430c405b3");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.if", "first");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.l", "dis");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1321906207444");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.locale", "de_DE");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.location", "Stuttgart,Germany");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.notification-shown", true);
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.o", "100000080");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.r", "8");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.sa", "NO");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.themeid", "");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.to", "");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.v", "3.12.2.100006");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.version", "5.12.2.17367");
[ld9p6xqx.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900,{6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900,{d10d0bf8-f5b5-c8b[...]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [9594 octets] - [17/12/2014 23:14:25]
AdwCleaner[S0].txt - [9868 octets] - [17/12/2014 23:16:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9928 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Meister on 17.12.2014 at 23:27:47,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.12.2014 at 23:31:10,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Meister (administrator) on MEISTER-PC on 17-12-2014 23:33:48
Running from C:\Users\Meister\Downloads
Loaded Profile: Meister (Available profiles: Meister)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-13] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [TomTomHOME.exe] => D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Windows\system32\tnns5rdy2.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default
FF DefaultSearchUrl: hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\searchplugins\mailru---.xml
FF Extension: Спутник @Mail.Ru - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2012-06-02]
FF Extension: Adblock Plus - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-06-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/search
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Meister\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-10]
CHR Extension: (Google-Suche) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-10]
CHR Extension: (Avast Online Security) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-13]
CHR Extension: (Google Wallet) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]
CHR StartMenuInternet: Google Chrome - C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-23] (Nalpeiron Ltd.) [File not signed]
R2 TomTomHOMEService; D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S2 Dnscache; %SystemRoot%\System32\pouavchl7.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-05-06] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 23:33 - 2014-12-17 23:34 - 00015696 _____ () C:\Users\Meister\Downloads\FRST.txt
2014-12-17 23:33 - 2014-12-17 23:33 - 00000000 ____D () C:\Users\Meister\Downloads\FRST-OlderVersion
2014-12-17 23:27 - 2014-12-17 23:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-17 23:21 - 2014-12-17 23:21 - 01707646 _____ (Thisisu) C:\Users\Meister\Desktop\JRT.exe
2014-12-17 23:14 - 2014-12-17 23:16 - 00000000 ____D () C:\AdwCleaner
2014-12-17 23:13 - 2014-12-17 23:13 - 02166272 _____ () C:\Users\Meister\Desktop\AdwCleaner_4.105.exe
2014-12-17 22:44 - 2014-12-17 23:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 22:43 - 2014-12-17 22:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 22:43 - 2014-12-17 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-17 22:42 - 2014-12-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-17 22:42 - 2014-12-17 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 22:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 22:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 22:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 22:39 - 2014-12-17 22:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Meister\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 22:28 - 2014-12-16 22:28 - 00018126 _____ () C:\ComboFix.txt
2014-12-16 22:16 - 2014-12-16 22:28 - 00000000 ____D () C:\Qoobox
2014-12-16 22:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-16 22:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-16 22:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-16 22:15 - 2014-12-16 22:25 - 00000000 ____D () C:\Windows\erdnt
2014-12-16 22:13 - 2014-12-16 22:14 - 05601641 ____R (Swearware) C:\Users\Meister\Desktop\ComboFix.exe
2014-12-16 01:01 - 2014-12-17 23:32 - 00000000 ____D () C:\Users\Meister\Desktop\Trojaner Board
2014-12-15 21:51 - 2014-12-15 21:51 - 00380416 _____ () C:\Users\Meister\Downloads\g3ifzpwh.exe
2014-12-15 21:48 - 2014-12-17 23:33 - 00000000 ____D () C:\FRST
2014-12-15 21:45 - 2014-12-17 23:33 - 02121216 _____ (Farbar) C:\Users\Meister\Downloads\FRST64.exe
2014-12-15 21:45 - 2014-12-15 21:45 - 00000000 _____ () C:\Users\Meister\defogger_reenable
2014-12-15 21:44 - 2014-12-15 21:45 - 00050477 _____ () C:\Users\Meister\Downloads\Defogger.exe
2014-12-15 21:03 - 2014-12-15 21:03 - 16310272 _____ () C:\Windows\system32\config\system.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:02 - 66617344 _____ () C:\Windows\system32\config\software.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00028672 _____ () C:\Windows\system32\config\sam.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00024576 _____ () C:\Windows\system32\config\security.sav.LOG
2014-12-15 20:57 - 2014-12-15 21:03 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-12-15 20:57 - 2014-12-15 20:57 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-12-15 20:45 - 2014-12-15 20:46 - 03894696 _____ (solvusoft Corporation ) C:\Users\Meister\Downloads\Mfc42u.dll-Reparaturprogramm-WinThruster.exe
2014-12-13 13:35 - 2014-12-13 13:35 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-13 13:35 - 2014-12-13 13:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-13 13:32 - 2014-12-13 13:32 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-13 13:28 - 2014-12-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-13 13:20 - 2014-12-13 13:20 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\AVAST Software
2014-12-13 12:59 - 2014-12-17 23:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-13 12:59 - 2014-12-13 13:36 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-13 12:59 - 2014-12-13 13:35 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-13 12:59 - 2014-12-13 13:34 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-13 12:59 - 2014-12-13 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-13 12:56 - 2014-12-13 12:56 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-13 12:52 - 2014-12-13 12:56 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-13 12:49 - 2014-12-13 12:52 - 131078000 _____ (AVAST Software) C:\Users\Meister\Downloads\avast_free_antivirus_setup.exe
2014-12-13 12:44 - 2014-12-17 23:17 - 00081008 _____ () C:\Windows\PFRO.log
2014-12-13 12:44 - 2014-12-17 23:17 - 00000504 _____ () C:\Windows\setupact.log
2014-12-13 12:44 - 2014-12-13 12:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-12 13:50 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 13:50 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 13:30 - 2014-12-12 13:30 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Meister\Downloads\avira_de_av_5707959778__ws (1).exe
2014-12-12 13:29 - 2014-12-12 13:30 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Meister\Downloads\avira_de_av_5707959778__ws.exe
2014-12-09 21:41 - 2014-12-09 21:41 - 00002184 _____ () C:\Users\Public\Desktop\PerfV700_V750 Benutzerhandbuch.lnk
2014-12-09 21:13 - 2014-12-09 21:13 - 00002948 _____ () C:\Windows\System32\Tasks\{C5166266-1E7D-4416-8606-7ADC4D61B1F9}
2014-12-09 20:47 - 2014-12-09 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-09 20:46 - 2014-12-09 21:41 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-12-09 20:46 - 2014-12-09 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2014-12-09 20:46 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2014-12-09 20:46 - 2009-05-01 00:00 - 00017408 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcdev.dll
2014-12-09 20:46 - 2007-11-20 00:00 - 00055808 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiab.dll
2014-12-05 14:35 - 2014-12-05 14:35 - 00003600 ____N () C:\bootsqm.dat
2014-12-05 14:35 - 2014-12-05 14:35 - 00000000 ____D () C:\found.000
2014-11-28 19:42 - 2014-11-28 19:42 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-28 19:42 - 2014-11-28 19:42 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-28 19:41 - 2014-11-28 19:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-28 19:36 - 2014-11-28 19:38 - 05162080 _____ (Piriform Ltd) C:\Users\Meister\Downloads\ccsetup500.exe
2014-11-21 13:02 - 2014-11-21 13:02 - 00000000 ____D () C:\Program Files (x86)\GUMC783.tmp
2014-11-21 12:50 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 12:50 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 12:50 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-21 12:50 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-21 12:50 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-21 12:50 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-21 12:50 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-21 12:50 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-21 12:50 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-21 12:50 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-21 12:50 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-21 12:50 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-21 12:50 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-21 12:50 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-21 12:50 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-21 12:50 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-21 12:50 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-21 12:50 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-21 12:50 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-21 12:50 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-21 12:50 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-21 12:50 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-21 12:50 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-21 12:50 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-21 12:50 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-21 12:50 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-21 12:50 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-21 12:50 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-21 12:50 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-21 12:50 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-21 12:50 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-21 12:50 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-21 12:50 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-21 12:50 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-21 12:50 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-21 12:50 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-21 12:50 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-21 12:50 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-21 12:50 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-21 12:50 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-21 12:50 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-21 12:50 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-21 12:50 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-21 12:50 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-21 12:50 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-21 12:50 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-21 12:50 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-21 12:50 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-21 12:50 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-21 12:50 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-21 12:50 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-21 12:50 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-21 12:50 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-21 12:50 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-21 12:50 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-21 12:50 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-21 12:50 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-21 12:50 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-21 12:50 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-21 12:50 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-21 12:50 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-21 12:50 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-21 12:50 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-21 12:50 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-21 12:49 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-21 12:49 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-21 12:49 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-21 12:49 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-21 12:49 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-21 12:39 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-21 12:39 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-21 12:39 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-21 12:39 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-21 12:39 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-21 12:39 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-21 12:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-21 12:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-21 12:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-21 12:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-21 12:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-21 12:39 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-21 12:38 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-21 12:38 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-21 12:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 23:32 - 2011-05-06 12:59 - 01617103 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 23:25 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 23:25 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 23:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 23:16 - 2014-02-11 22:12 - 00000000 ____D () C:\Windows\system32\log
2014-12-17 23:16 - 2011-05-15 13:21 - 00000979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-17 23:16 - 2011-05-15 13:21 - 00000967 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-12-17 23:16 - 2011-05-06 13:03 - 00000000 ____D () C:\Users\Meister
2014-12-17 23:01 - 2012-03-29 18:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 22:57 - 2012-07-10 18:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 22:56 - 2012-07-10 16:45 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job
2014-12-16 22:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-16 22:14 - 2010-11-21 07:50 - 00696832 _____ () C:\Windows\system32\perfh007.dat
2014-12-16 22:14 - 2010-11-21 07:50 - 00148128 _____ () C:\Windows\system32\perfc007.dat
2014-12-16 22:14 - 2009-07-14 06:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 17:01 - 2012-03-29 18:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 17:01 - 2012-03-29 18:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-13 17:01 - 2011-05-15 11:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-13 13:32 - 2011-05-06 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-13 13:29 - 2011-05-06 16:35 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\DivX
2014-12-13 13:29 - 2011-05-06 13:38 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-13 13:29 - 2011-05-06 13:37 - 00000000 ____D () C:\ProgramData\DivX
2014-12-13 13:28 - 2011-05-06 13:38 - 00000000 ____D () C:\Program Files\DivX
2014-12-13 12:49 - 2013-12-01 13:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 12:49 - 2011-10-16 15:12 - 00000000 ____D () C:\ProgramData\Avira
2014-12-12 16:31 - 2014-08-29 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 16:31 - 2011-05-06 13:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 16:29 - 2014-08-29 22:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 21:46 - 2013-04-13 11:07 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\EPSON
2014-12-09 21:44 - 2013-04-13 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-12-09 21:42 - 2013-04-13 10:02 - 00000000 ____D () C:\Program Files (x86)\epson
2014-12-09 20:37 - 2013-04-13 10:09 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\ArcSoft
2014-12-09 20:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-05 19:28 - 2011-05-07 09:24 - 00000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2014-12-05 19:28 - 2011-05-07 09:18 - 00000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2014-12-05 19:28 - 2011-05-06 16:42 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2014-11-28 19:46 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\DAEMON Tools Lite
2014-11-28 19:44 - 2011-05-31 21:46 - 00000000 ____D () C:\Windows\Minidump
2014-11-21 14:47 - 2009-07-14 05:45 - 02944632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-21 12:51 - 2012-07-10 18:19 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-21 12:51 - 2012-07-10 18:19 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-21 12:51 - 2012-07-10 18:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 12:51 - 2012-07-10 16:45 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA
2014-11-21 12:51 - 2012-07-10 16:45 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core
2014-11-21 12:51 - 2012-07-10 16:45 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job
Files to move or delete:
====================
C:\Users\Meister\install_flashplayer12x32au_mssa_awb_aih.exe
Some content of TEMP:
====================
C:\Users\Meister\AppData\Local\Temp\Quarantine.exe
C:\Users\Meister\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-09 15:43
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Meister at 2014-12-17 23:34:58
Running from C:\Users\Meister\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.4 3.4.4 (HKLM-x32\...\BookSmart® 3.4.4 3.4.4) (Version: - Blurb, Inc)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.5 - NIKON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.3.0.20 - DivX, LLC)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google Chrome (HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minolta DiMAGE Scan ver 1.1 (HKLM-x32\...\{AFB2133B-BCEE-49E5-AB1D-F54E7798D533}) (Version: - )
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PerfV700_V750 Benutzerhandbuch (HKLM-x32\...\PerfV700_V750 Benutzerhandbuch) (Version: - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
Russisch für Deutsche - empfohlen (HKLM\...\{4C47DA93-303F-4165-918B-BCBAD9099DB8}) (Version: 1.0.3.40 - Uni Leipzig)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.26 - SSW Software GmbH)
Saal Design Software (x32 Version: 3.2.26 - SSW Software GmbH) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
09-12-2014 20:51:29 Installiert Attach To Email
09-12-2014 20:52:12 Installiert Scan-n-Stitch Deluxe
09-12-2014 21:05:49 Windows Update
09-12-2014 21:21:23 Entfernt Scan-n-Stitch Deluxe
09-12-2014 21:21:50 Removed ABBYY FineReader 6.0 Sprint
09-12-2014 21:23:14 Entfernt EPSON Scan Assistant
09-12-2014 21:23:22 Entfernt Attach To Email
09-12-2014 21:23:35 Entfernt Epson Event Manager
09-12-2014 21:42:27 Installiert InstallShield Wiederherstellungspunkt
09-12-2014 21:43:50 Installiert Epson Event Manager
09-12-2014 21:44:23 Installiert EPSON Scan Assistant
09-12-2014 21:44:44 Installiert Attach To Email
12-12-2014 16:27:27 Windows Update
13-12-2014 12:55:27 avast! antivirus system restore point
13-12-2014 13:33:43 avast! antivirus system restore point
13-12-2014 13:48:02 Windows Update
15-12-2014 20:53:58 WinThruster Mo, Dez 15, 14 20:53
17-12-2014 22:45:18 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-16 22:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {036E8C82-7DDD-4731-A048-4237E855E232} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {0E5037CA-F68B-4988-8C0E-CCFFE170F837} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {1E8D942B-F494-4B6E-A5C4-CEDEE06F80BA} - System32\Tasks\{D211CDEC-C4EC-4E0B-BFD9-42AA74CA49F6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {31EE70D1-F7FF-48A0-B171-273EC38FF11A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {5236106A-1A0D-4F5E-A1CB-422B77B1270E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E310931-CDB1-4191-9A48-22AEB4D65D33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {62F9153C-46DF-4A19-B588-A0C4D9A5E36D} - System32\Tasks\{925304C0-FF2D-476D-9B3A-5C948A15E372} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {6BBD94BF-3F76-4F75-A4D5-1071782E065C} - System32\Tasks\{3F8E0070-CFC8-4E2B-9189-162C57E635EB} => pcalua.exe -a "D:\Eigene Dateien\Progs\SkypeSetupFull-55.exe" -d "D:\Eigene Dateien\Progs"
Task: {785AD318-D073-44F6-A6C2-F25F3D3B6C65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {988F2D2F-CDD5-4E24-9181-CFC9B23724DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-13] (AVAST Software)
Task: {9A57BB27-1505-45C2-B059-E454D7547B92} - System32\Tasks\{C5166266-1E7D-4416-8606-7ADC4D61B1F9} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-28] (SEIKO EPSON CORP.)
Task: {AF8AFB59-5572-4310-BB02-AB4381E33BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {BFDA13FA-69C0-413C-A98C-02A75D599412} - System32\Tasks\{1665758C-D66E-4AC8-BB07-D28BAC910A57} => pcalua.exe -a C:\Users\Meister\Desktop\S-CNX2__-020305WU-___DE-ALL___.exe -d C:\Users\Meister\Desktop
Task: {DDA69226-D513-4F74-A289-2A0F0B78336E} - System32\Tasks\{70323D67-B236-419F-8DB2-E11D7E2CA5E3} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {E2282B8F-5791-4829-A930-73965E96145A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {E9D1BAD9-3721-4A44-90D8-1513FF067EF2} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-05-06 13:08 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2014-12-17 22:31 - 2014-12-17 22:31 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121701\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-09 21:44 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 21:44 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-12-13 13:34 - 2014-12-13 13:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
========================= Accounts: ==========================
Administrator (S-1-5-21-4289249302-2505303769-1399656917-500 - Administrator - Disabled)
Gast (S-1-5-21-4289249302-2505303769-1399656917-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4289249302-2505303769-1399656917-1002 - Limited - Enabled)
Meister (S-1-5-21-4289249302-2505303769-1399656917-1000 - Administrator - Enabled) => C:\Users\Meister
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (12/17/2014 11:35:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/17/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/17/2014 11:33:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/17/2014 11:33:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/17/2014 11:32:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/17/2014 11:32:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/17/2014 11:32:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-16 22:24:39.834
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-16 22:24:39.787
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 2047.05 MB
Available physical RAM: 1090.58 MB
Total Pagefile: 4094.11 MB
Available Pagefile: 2846.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:91.7 GB) (Free:32.63 GB) NTFS
Drive d: (Daten) (Fixed) (Total:206.29 GB) (Free:178.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B61BB61B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=91.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=206.3 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
18.12.2014, 20:50
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 Gerätemanager Problem mit MFC42u.dllESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7 Gerätemanager Problem mit MFC42u.dll |
|
20.12.2014, 18:44
| #7 |
| | Windows 7 Gerätemanager Problem mit MFC42u.dll Ja,das Problem tritt leider nach wie vor auf...kann es sein dass die Viren da richtig was zerschossen haben und nur Neuaufsetzen des Systems den gewünschten Erfolg bringt? Das möchte ich ja vermeiden soweit das möglich ist.. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=add5149e4f25354583c68fdf134bd3a9
# engine=21620
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-19 05:47:15
# local_time=2014-12-19 06:47:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 481767 499768 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 8621433 41952028 0 0
# scanned=130810
# found=9
# cleaned=0
# scan_time=28001
sh=D5548ED6BC1308AE61F2FFD215F8EE70E73A271E ft=1 fh=c71c0011010f2845 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Meister\AppData\Local\Babylon\Setup\BExternal.dll.vir"
sh=55953896937FFDB69A3179997B01D6231717B055 ft=1 fh=377d655ef08f77a0 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Meister\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"
sh=1476185F98F21971B4C64716990B13EE0CEFD707 ft=1 fh=6886307c4e8d6b1c vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Meister\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=4601EB8124D3CEF662F903AC664AD00804B303DF ft=1 fh=439c5d98d34516af vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu.dll"
sh=463A63C327C31B16343F25EE4BFAE19D06DB60B5 ft=1 fh=c4e7eefa4671c418 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu64.dll"
sh=C6B44F78F2397DE2F60970B4F8BE825CC5D2CD23 ft=1 fh=221cbc7fa0bb8f1b vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Meister\AppData\Local\Installer\Install_28787\ytdownloader_ww_setup_20140203.exe"
sh=C6B44F78F2397DE2F60970B4F8BE825CC5D2CD23 ft=1 fh=221cbc7fa0bb8f1b vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Meister\AppData\Local\Installer\Install_29041\ytdownloader_ww_setup_20140203.exe"
sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Meister\Downloads\Mfc42u.dll-Reparaturprogramm-WinThruster.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=add5149e4f25354583c68fdf134bd3a9
# engine=21629
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-19 12:59:49
# local_time=2014-12-19 01:59:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 511322 525723 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 8647388 41977983 0 0
# scanned=202949
# found=9
# cleaned=0
# scan_time=4942
sh=D5548ED6BC1308AE61F2FFD215F8EE70E73A271E ft=1 fh=c71c0011010f2845 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Meister\AppData\Local\Babylon\Setup\BExternal.dll.vir"
sh=55953896937FFDB69A3179997B01D6231717B055 ft=1 fh=377d655ef08f77a0 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Meister\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"
sh=1476185F98F21971B4C64716990B13EE0CEFD707 ft=1 fh=6886307c4e8d6b1c vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Meister\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=4601EB8124D3CEF662F903AC664AD00804B303DF ft=1 fh=439c5d98d34516af vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu.dll"
sh=463A63C327C31B16343F25EE4BFAE19D06DB60B5 ft=1 fh=c4e7eefa4671c418 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu64.dll"
sh=C6B44F78F2397DE2F60970B4F8BE825CC5D2CD23 ft=1 fh=221cbc7fa0bb8f1b vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Meister\AppData\Local\Installer\Install_28787\ytdownloader_ww_setup_20140203.exe"
sh=C6B44F78F2397DE2F60970B4F8BE825CC5D2CD23 ft=1 fh=221cbc7fa0bb8f1b vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Meister\AppData\Local\Installer\Install_29041\ytdownloader_ww_setup_20140203.exe"
sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Meister\Downloads\Mfc42u.dll-Reparaturprogramm-WinThruster.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader 10.1.9 Adobe Reader out of Date!
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Meister (administrator) on MEISTER-PC on 20-12-2014 18:35:21
Running from C:\Users\Meister\Desktop
Loaded Profile: Meister (Available profiles: Meister)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-13] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [TomTomHOME.exe] => D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Windows\system32\tnns5rdy2.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default
FF DefaultSearchUrl: hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\searchplugins\mailru---.xml
FF Extension: Спутник @Mail.Ru - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2012-06-02]
FF Extension: Adblock Plus - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-06-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/search
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Meister\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-10]
CHR Extension: (Google-Suche) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-10]
CHR Extension: (Avast Online Security) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-13]
CHR Extension: (Google Wallet) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]
CHR StartMenuInternet: Google Chrome - C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-23] (Nalpeiron Ltd.) [File not signed]
R2 TomTomHOMEService; D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S2 Dnscache; %SystemRoot%\System32\pouavchl7.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-05-06] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 18:35 - 2014-12-20 18:35 - 00015751 _____ () C:\Users\Meister\Desktop\FRST.txt
2014-12-19 14:02 - 2014-12-19 14:03 - 00852505 _____ () C:\Users\Meister\Desktop\SecurityCheck.exe
2014-12-18 22:58 - 2014-12-18 22:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-18 22:55 - 2014-12-18 22:56 - 02347384 _____ (ESET) C:\Users\Meister\Desktop\esetsmartinstaller_deu.exe
2014-12-17 23:33 - 2014-12-20 18:24 - 00000000 ____D () C:\Users\Meister\Downloads\FRST-OlderVersion
2014-12-17 23:27 - 2014-12-17 23:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-17 23:21 - 2014-12-17 23:21 - 01707646 _____ (Thisisu) C:\Users\Meister\Desktop\JRT.exe
2014-12-17 23:14 - 2014-12-17 23:16 - 00000000 ____D () C:\AdwCleaner
2014-12-17 23:13 - 2014-12-17 23:13 - 02166272 _____ () C:\Users\Meister\Desktop\AdwCleaner_4.105.exe
2014-12-17 22:44 - 2014-12-17 23:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 22:43 - 2014-12-17 22:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 22:43 - 2014-12-17 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-17 22:42 - 2014-12-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-17 22:42 - 2014-12-17 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 22:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 22:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 22:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 22:39 - 2014-12-17 22:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Meister\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 22:28 - 2014-12-16 22:28 - 00018126 _____ () C:\ComboFix.txt
2014-12-16 22:16 - 2014-12-16 22:28 - 00000000 ____D () C:\Qoobox
2014-12-16 22:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-16 22:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-16 22:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-16 22:15 - 2014-12-16 22:25 - 00000000 ____D () C:\Windows\erdnt
2014-12-16 22:13 - 2014-12-16 22:14 - 05601641 ____R (Swearware) C:\Users\Meister\Desktop\ComboFix.exe
2014-12-16 01:01 - 2014-12-20 18:29 - 00000000 ____D () C:\Users\Meister\Desktop\Trojaner Board
2014-12-15 21:51 - 2014-12-15 21:51 - 00380416 _____ () C:\Users\Meister\Downloads\g3ifzpwh.exe
2014-12-15 21:48 - 2014-12-20 18:35 - 00000000 ____D () C:\FRST
2014-12-15 21:45 - 2014-12-20 18:24 - 02122240 _____ (Farbar) C:\Users\Meister\Desktop\FRST64.exe
2014-12-15 21:45 - 2014-12-15 21:45 - 00000000 _____ () C:\Users\Meister\defogger_reenable
2014-12-15 21:44 - 2014-12-15 21:45 - 00050477 _____ () C:\Users\Meister\Downloads\Defogger.exe
2014-12-15 21:03 - 2014-12-15 21:03 - 16310272 _____ () C:\Windows\system32\config\system.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:02 - 66617344 _____ () C:\Windows\system32\config\software.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00028672 _____ () C:\Windows\system32\config\sam.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00024576 _____ () C:\Windows\system32\config\security.sav.LOG
2014-12-15 20:57 - 2014-12-15 21:03 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-12-15 20:57 - 2014-12-15 20:57 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-12-15 20:45 - 2014-12-15 20:46 - 03894696 _____ (solvusoft Corporation ) C:\Users\Meister\Downloads\Mfc42u.dll-Reparaturprogramm-WinThruster.exe
2014-12-13 13:35 - 2014-12-13 13:35 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-13 13:35 - 2014-12-13 13:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-13 13:32 - 2014-12-13 13:32 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-13 13:28 - 2014-12-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-13 13:20 - 2014-12-13 13:20 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\AVAST Software
2014-12-13 12:59 - 2014-12-20 18:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-13 12:59 - 2014-12-13 13:36 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-13 12:59 - 2014-12-13 13:35 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-13 12:59 - 2014-12-13 13:34 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-13 12:59 - 2014-12-13 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-13 12:56 - 2014-12-13 12:56 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-13 12:52 - 2014-12-13 12:56 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-13 12:49 - 2014-12-13 12:52 - 131078000 _____ (AVAST Software) C:\Users\Meister\Downloads\avast_free_antivirus_setup.exe
2014-12-13 12:44 - 2014-12-20 18:15 - 00000672 _____ () C:\Windows\setupact.log
2014-12-13 12:44 - 2014-12-17 23:17 - 00081008 _____ () C:\Windows\PFRO.log
2014-12-13 12:44 - 2014-12-13 12:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-12 13:50 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 13:50 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 21:41 - 2014-12-09 21:41 - 00002184 _____ () C:\Users\Public\Desktop\PerfV700_V750 Benutzerhandbuch.lnk
2014-12-09 21:13 - 2014-12-09 21:13 - 00002948 _____ () C:\Windows\System32\Tasks\{C5166266-1E7D-4416-8606-7ADC4D61B1F9}
2014-12-09 20:47 - 2014-12-09 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-09 20:46 - 2014-12-09 21:41 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-12-09 20:46 - 2014-12-09 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2014-12-09 20:46 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2014-12-09 20:46 - 2009-05-01 00:00 - 00017408 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcdev.dll
2014-12-09 20:46 - 2007-11-20 00:00 - 00055808 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiab.dll
2014-12-05 14:35 - 2014-12-05 14:35 - 00003600 ____N () C:\bootsqm.dat
2014-12-05 14:35 - 2014-12-05 14:35 - 00000000 ____D () C:\found.000
2014-11-28 19:42 - 2014-11-28 19:42 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-28 19:42 - 2014-11-28 19:42 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-28 19:41 - 2014-11-28 19:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-28 19:36 - 2014-11-28 19:38 - 05162080 _____ (Piriform Ltd) C:\Users\Meister\Downloads\ccsetup500.exe
2014-11-21 13:02 - 2014-11-21 13:02 - 00000000 ____D () C:\Program Files (x86)\GUMC783.tmp
2014-11-21 12:50 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 12:50 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 12:50 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-21 12:50 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-21 12:50 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-21 12:50 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-21 12:50 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-21 12:50 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-21 12:50 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-21 12:50 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-21 12:50 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-21 12:50 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-21 12:50 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-21 12:50 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-21 12:50 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-21 12:50 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-21 12:50 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-21 12:50 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-21 12:50 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-21 12:50 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-21 12:50 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-21 12:50 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-21 12:50 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-21 12:50 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-21 12:50 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-21 12:50 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-21 12:50 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-21 12:50 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-21 12:50 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-21 12:50 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-21 12:50 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-21 12:50 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-21 12:50 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-21 12:50 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-21 12:50 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-21 12:50 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-21 12:50 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-21 12:50 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-21 12:50 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-21 12:50 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-21 12:50 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-21 12:50 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-21 12:50 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-21 12:50 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-21 12:50 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-21 12:50 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-21 12:50 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-21 12:50 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-21 12:50 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-21 12:50 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-21 12:50 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-21 12:50 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-21 12:50 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-21 12:50 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-21 12:50 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-21 12:50 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-21 12:50 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-21 12:50 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-21 12:50 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-21 12:50 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-21 12:50 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-21 12:50 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-21 12:50 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-21 12:50 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-21 12:49 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-21 12:49 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-21 12:49 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-21 12:49 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-21 12:49 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-21 12:39 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-21 12:39 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-21 12:39 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-21 12:39 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-21 12:39 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-21 12:39 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-21 12:39 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-21 12:39 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-21 12:39 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-21 12:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-21 12:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-21 12:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-21 12:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-21 12:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-21 12:39 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-21 12:38 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-21 12:38 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-21 12:38 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 18:33 - 2011-05-06 12:59 - 01819214 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 18:24 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 18:24 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 18:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-19 14:01 - 2012-03-29 18:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-19 13:56 - 2012-07-10 18:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 13:56 - 2012-07-10 16:45 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job
2014-12-17 23:16 - 2014-02-11 22:12 - 00000000 ____D () C:\Windows\system32\log
2014-12-17 23:16 - 2011-05-15 13:21 - 00000979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-17 23:16 - 2011-05-15 13:21 - 00000967 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-12-17 23:16 - 2011-05-06 13:03 - 00000000 ____D () C:\Users\Meister
2014-12-16 22:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-16 22:14 - 2010-11-21 07:50 - 00696832 _____ () C:\Windows\system32\perfh007.dat
2014-12-16 22:14 - 2010-11-21 07:50 - 00148128 _____ () C:\Windows\system32\perfc007.dat
2014-12-16 22:14 - 2009-07-14 06:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 17:01 - 2012-03-29 18:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 17:01 - 2012-03-29 18:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-13 17:01 - 2011-05-15 11:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-13 13:32 - 2011-05-06 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-13 13:29 - 2011-05-06 16:35 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\DivX
2014-12-13 13:29 - 2011-05-06 13:38 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-13 13:29 - 2011-05-06 13:37 - 00000000 ____D () C:\ProgramData\DivX
2014-12-13 13:28 - 2011-05-06 13:38 - 00000000 ____D () C:\Program Files\DivX
2014-12-13 12:49 - 2013-12-01 13:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 12:49 - 2011-10-16 15:12 - 00000000 ____D () C:\ProgramData\Avira
2014-12-12 16:31 - 2014-08-29 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 16:31 - 2011-05-06 13:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 16:29 - 2014-08-29 22:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 21:46 - 2013-04-13 11:07 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\EPSON
2014-12-09 21:44 - 2013-04-13 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-12-09 21:42 - 2013-04-13 10:02 - 00000000 ____D () C:\Program Files (x86)\epson
2014-12-09 20:37 - 2013-04-13 10:09 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\ArcSoft
2014-12-09 20:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-05 19:28 - 2011-05-07 09:24 - 00000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2014-12-05 19:28 - 2011-05-07 09:18 - 00000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2014-12-05 19:28 - 2011-05-06 16:42 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2014-11-28 19:46 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\DAEMON Tools Lite
2014-11-28 19:44 - 2011-05-31 21:46 - 00000000 ____D () C:\Windows\Minidump
2014-11-21 14:47 - 2009-07-14 05:45 - 02944632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-21 12:51 - 2012-07-10 18:19 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-21 12:51 - 2012-07-10 18:19 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-21 12:51 - 2012-07-10 18:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 12:51 - 2012-07-10 16:45 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA
2014-11-21 12:51 - 2012-07-10 16:45 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core
2014-11-21 12:51 - 2012-07-10 16:45 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job
Files to move or delete:
====================
C:\Users\Meister\install_flashplayer12x32au_mssa_awb_aih.exe
Some content of TEMP:
====================
C:\Users\Meister\AppData\Local\Temp\Quarantine.exe
C:\Users\Meister\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-09 15:43
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by Meister at 2014-12-20 18:36:06
Running from C:\Users\Meister\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.4 3.4.4 (HKLM-x32\...\BookSmart® 3.4.4 3.4.4) (Version: - Blurb, Inc)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.5 - NIKON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.3.0.20 - DivX, LLC)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google Chrome (HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minolta DiMAGE Scan ver 1.1 (HKLM-x32\...\{AFB2133B-BCEE-49E5-AB1D-F54E7798D533}) (Version: - )
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PerfV700_V750 Benutzerhandbuch (HKLM-x32\...\PerfV700_V750 Benutzerhandbuch) (Version: - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
Russisch für Deutsche - empfohlen (HKLM\...\{4C47DA93-303F-4165-918B-BCBAD9099DB8}) (Version: 1.0.3.40 - Uni Leipzig)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.26 - SSW Software GmbH)
Saal Design Software (x32 Version: 3.2.26 - SSW Software GmbH) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
09-12-2014 20:51:29 Installiert Attach To Email
09-12-2014 20:52:12 Installiert Scan-n-Stitch Deluxe
09-12-2014 21:05:49 Windows Update
09-12-2014 21:21:23 Entfernt Scan-n-Stitch Deluxe
09-12-2014 21:21:50 Removed ABBYY FineReader 6.0 Sprint
09-12-2014 21:23:14 Entfernt EPSON Scan Assistant
09-12-2014 21:23:22 Entfernt Attach To Email
09-12-2014 21:23:35 Entfernt Epson Event Manager
09-12-2014 21:42:27 Installiert InstallShield Wiederherstellungspunkt
09-12-2014 21:43:50 Installiert Epson Event Manager
09-12-2014 21:44:23 Installiert EPSON Scan Assistant
09-12-2014 21:44:44 Installiert Attach To Email
12-12-2014 16:27:27 Windows Update
13-12-2014 12:55:27 avast! antivirus system restore point
13-12-2014 13:33:43 avast! antivirus system restore point
13-12-2014 13:48:02 Windows Update
15-12-2014 20:53:58 WinThruster Mo, Dez 15, 14 20:53
17-12-2014 22:45:18 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-16 22:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {036E8C82-7DDD-4731-A048-4237E855E232} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {0E5037CA-F68B-4988-8C0E-CCFFE170F837} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {1E8D942B-F494-4B6E-A5C4-CEDEE06F80BA} - System32\Tasks\{D211CDEC-C4EC-4E0B-BFD9-42AA74CA49F6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {31EE70D1-F7FF-48A0-B171-273EC38FF11A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {5236106A-1A0D-4F5E-A1CB-422B77B1270E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E310931-CDB1-4191-9A48-22AEB4D65D33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {62F9153C-46DF-4A19-B588-A0C4D9A5E36D} - System32\Tasks\{925304C0-FF2D-476D-9B3A-5C948A15E372} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {6BBD94BF-3F76-4F75-A4D5-1071782E065C} - System32\Tasks\{3F8E0070-CFC8-4E2B-9189-162C57E635EB} => pcalua.exe -a "D:\Eigene Dateien\Progs\SkypeSetupFull-55.exe" -d "D:\Eigene Dateien\Progs"
Task: {785AD318-D073-44F6-A6C2-F25F3D3B6C65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {988F2D2F-CDD5-4E24-9181-CFC9B23724DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-13] (AVAST Software)
Task: {9A57BB27-1505-45C2-B059-E454D7547B92} - System32\Tasks\{C5166266-1E7D-4416-8606-7ADC4D61B1F9} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-28] (SEIKO EPSON CORP.)
Task: {AF8AFB59-5572-4310-BB02-AB4381E33BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {BFDA13FA-69C0-413C-A98C-02A75D599412} - System32\Tasks\{1665758C-D66E-4AC8-BB07-D28BAC910A57} => pcalua.exe -a C:\Users\Meister\Desktop\S-CNX2__-020305WU-___DE-ALL___.exe -d C:\Users\Meister\Desktop
Task: {DDA69226-D513-4F74-A289-2A0F0B78336E} - System32\Tasks\{70323D67-B236-419F-8DB2-E11D7E2CA5E3} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {E2282B8F-5791-4829-A930-73965E96145A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {E9D1BAD9-3721-4A44-90D8-1513FF067EF2} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-19 12:34 - 2014-12-19 12:34 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121900\algo.dll
2014-12-20 18:17 - 2014-12-20 18:17 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122000\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-09 21:44 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 21:44 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-12-13 13:34 - 2014-12-13 13:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
========================= Accounts: ==========================
Administrator (S-1-5-21-4289249302-2505303769-1399656917-500 - Administrator - Disabled)
Gast (S-1-5-21-4289249302-2505303769-1399656917-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4289249302-2505303769-1399656917-1002 - Limited - Enabled)
Meister (S-1-5-21-4289249302-2505303769-1399656917-1000 - Administrator - Enabled) => C:\Users\Meister
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/20/2014 06:30:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/20/2014 06:30:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 39.0.2171.95 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: cc0
Startzeit: 01d01c7a9895a319
Endzeit: 0
Anwendungspfad: C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
Berichts-ID: e5fb6ccd-886d-11e4-9ef1-00248c0a58bd
Error: (12/20/2014 06:25:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: SysMenu.dll, Version: 1.0.0.5, Zeitstempel: 0x52b449c7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006ce5c
ID des fehlerhaften Prozesses: 0x168
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Error: (12/20/2014 06:15:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/19/2014 00:36:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/19/2014 00:36:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/19/2014 00:36:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/19/2014 00:35:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/19/2014 00:33:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/19/2014 06:45:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23449571
System errors:
=============
Error: (12/20/2014 06:33:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/20/2014 06:31:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/20/2014 06:28:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/20/2014 06:28:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/20/2014 06:27:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/20/2014 06:27:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/20/2014 06:26:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/20/2014 06:24:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/20/2014 06:24:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (12/20/2014 06:24:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-16 22:24:39.834
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-16 22:24:39.787
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 50%
Total physical RAM: 2047.05 MB
Available physical RAM: 1009.77 MB
Total Pagefile: 4094.11 MB
Available Pagefile: 2616.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:91.7 GB) (Free:31 GB) NTFS
Drive d: (Daten) (Fixed) (Total:206.29 GB) (Free:178.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B61BB61B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=91.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=206.3 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
21.12.2014, 16:42
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 Gerätemanager Problem mit MFC42u.dll Java, Flash und Adobe updaten. Da ist noch bissl Arbeit: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files\Common Files\System\SysMenu.dll
C:\Program Files\Common Files\System\SysMenu64.dll
Task: {AF8AFB59-5572-4310-BB02-AB4381E33BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {E9D1BAD9-3721-4A44-90D8-1513FF067EF2} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
Winsock: Catalog5 07 C:\Windows\system32\tnns5rdy2.dll File Not found ()
cmd: netsh winsock reset
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S /64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S /64
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /64
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /64
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /1100
C:\Windows\system32\*.dll /1100 /64
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.12.2014, 21:41
| #9 |
| | Windows 7 Gerätemanager Problem mit MFC42u.dll So,hier bin ich nach einem kurzen Urlaub wieder. Updates sind durchgeführt und die Extras.txt hänge ich an, da der Text sonst zu lang würde. Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Meister at 2014-12-30 21:03:31 Run:1
Running from C:\Users\Meister\Desktop
Loaded Profile: Meister (Available profiles: Meister)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files\Common Files\System\SysMenu.dll C:\Program Files\Common Files\System\SysMenu64.dll Task: {AF8AFB59-5572-4310-BB02-AB4381E33BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {E9D1BAD9-3721-4A44-90D8-1513FF067EF2} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897 Winsock: Catalog5 07 C:\Windows\system32\tnns5rdy2.dll File Not found () cmd: netsh winsock reset Emptytemp:
*****************
"C:\Program Files\Common Files\System\SysMenu.dll C:\Program Files\Common Files\System\SysMenu64.dll Task: {AF8AFB59-5572-4310-BB02-AB4381E33BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {E9D1BAD9-3721-4A44-90D8-1513FF067EF2} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897 Winsock: Catalog5 07 C:\Windows\system32\tnns5rdy2.dll File Not found () cmd: netsh winsock reset Emptytemp:" => File/Directory not found.
==== End of Fixlog 21:03:31 ====
Code:
ATTFilter OTL logfile created on: 30.12.2014 21:05:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meister\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17420) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,83% Memory free 4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 91,70 Gb Total Space | 32,47 Gb Free Space | 35,42% Space Free | Partition Type: NTFS Drive D: | 206,29 Gb Total Space | 178,80 Gb Free Space | 86,68% Space Free | Partition Type: NTFS Computer Name: MEISTER-PC | User Name: Meister | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.12.30 21:01:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meister\Desktop\OTL.exe PRC - [2014.12.13 13:34:42 | 005,225,064 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2014.12.13 13:34:42 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2014.06.05 03:19:38 | 000,093,040 | ---- | M] (TomTom) -- D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe PRC - [2014.06.05 03:19:36 | 000,248,176 | ---- | M] (TomTom) -- D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2013.12.18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.23 00:17:02 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2009.04.07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe ========== Modules (No Company Name) ========== MOD - [2014.12.13 13:35:08 | 038,562,088 | ---- | M] () -- C:\Programme\AVAST Software\Avast\libcef.dll MOD - [2009.03.12 15:45:32 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL MOD - [2008.11.21 13:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll ========== Services (SafeList) ========== SRV:64bit: - [2014.11.06 04:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2011.04.06 02:58:48 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014.12.30 20:48:55 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.12.13 13:34:42 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2014.08.22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2014.08.22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2014.06.05 03:19:38 | 000,093,040 | ---- | M] (TomTom) [Auto | Running] -- D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013.12.18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.23 00:17:02 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2011.05.25 18:58:30 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2011.05.25 18:58:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014.12.13 13:35:19 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm) DRV:64bit: - [2014.12.13 13:35:18 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2014.12.13 13:35:18 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2014.12.13 13:35:18 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2014.12.13 13:35:17 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt) DRV:64bit: - [2014.12.13 13:35:17 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:64bit: - [2014.12.13 13:35:16 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2014.12.13 13:34:28 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx) DRV:64bit: - [2014.07.28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2014.07.17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.05.06 13:40:32 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.04.06 05:11:44 | 009,323,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.04.06 05:11:44 | 009,323,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.04.06 02:21:42 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 8C 5F 79 01 98 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language} IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://go.mail.ru/search?fr=fftb&utf8in&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.12.13 13:35:22 | 000,000,000 | ---D | M] [2013.08.29 21:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meister\AppData\Roaming\mozilla\Extensions [2013.08.29 21:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meister\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2014.12.17 22:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meister\AppData\Roaming\mozilla\Firefox\Profiles\ld9p6xqx.default\extensions [2012.06.02 11:36:46 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Users\Meister\AppData\Roaming\mozilla\Firefox\Profiles\ld9p6xqx.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2012.06.02 11:36:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Meister\AppData\Roaming\mozilla\Firefox\Profiles\ld9p6xqx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.11.21 21:10:07 | 000,001,533 | ---- | M] () -- C:\Users\Meister\AppData\Roaming\mozilla\firefox\profiles\ld9p6xqx.default\searchplugins\mailru---.xml ========== Chrome ========== CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Meister\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: No name found = C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: No name found = C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\ CHR - Extension: No name found = C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: No name found = C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2014.12.16 22:25:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - 10 - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [TomTomHOME.exe] D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\tnns5rdy2.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D5A401-C6BD-411F-9F4B-D3145704E90C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEA842F0-C903-438C-BAA9-F1E02944AAFF}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (aswBoot.exe /M:8ae59a9d /wow /dir:"C:\Program Files\AVAST Software\Avast") O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.12.30 21:01:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meister\Desktop\OTL.exe [2014.12.30 20:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014.12.30 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2014.12.30 20:52:21 | 000,000,000 | ---D | C] -- C:\Users\Meister\AppData\Roaming\Oracle [2014.12.30 20:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2014.12.18 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2014.12.18 22:55:54 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Meister\Desktop\esetsmartinstaller_deu.exe [2014.12.17 23:27:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.12.17 23:21:23 | 001,707,646 | ---- | C] (Thisisu) -- C:\Users\Meister\Desktop\JRT.exe [2014.12.17 23:14:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.12.17 22:44:00 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.12.17 22:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.12.17 22:42:42 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.12.17 22:42:41 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.12.17 22:42:41 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.12.17 22:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.12.17 22:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.12.16 22:28:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014.12.16 22:16:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2014.12.16 22:16:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2014.12.16 22:16:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2014.12.16 22:16:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2014.12.16 22:15:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2014.12.16 22:13:55 | 005,601,641 | R--- | C] (Swearware) -- C:\Users\Meister\Desktop\ComboFix.exe [2014.12.16 01:01:30 | 000,000,000 | ---D | C] -- C:\Users\Meister\Desktop\Trojaner Board [2014.12.15 21:48:30 | 000,000,000 | ---D | C] -- C:\FRST [2014.12.15 21:45:53 | 002,123,264 | ---- | C] (Farbar) -- C:\Users\Meister\Desktop\FRST64.exe [2014.12.13 13:35:24 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014.12.13 13:35:10 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014.12.13 13:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2014.12.13 13:20:23 | 000,000,000 | ---D | C] -- C:\Users\Meister\AppData\Roaming\AVAST Software [2014.12.13 12:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software [2014.12.13 12:59:14 | 000,116,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014.12.13 12:59:12 | 000,436,624 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2014.12.13 12:59:11 | 000,083,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys [2014.12.13 12:59:07 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014.12.13 12:59:02 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys [2014.12.13 12:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2014.12.13 12:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2014.12.09 21:12:30 | 000,000,000 | ---D | C] -- C:\Users\Meister\AppData\Local\ElevatedDiagnostics [2014.12.09 20:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2014.12.09 20:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan [2014.12.05 14:35:08 | 000,000,000 | ---D | C] -- C:\found.000 [2014.02.02 12:40:37 | 001,069,512 | ---- | C] (Solid State Networks) -- C:\Users\Meister\install_flashplayer12x32au_mssa_awb_aih.exe [4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.12.30 21:03:25 | 002,123,264 | ---- | M] (Farbar) -- C:\Users\Meister\Desktop\FRST64.exe [2014.12.30 21:01:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meister\Desktop\OTL.exe [2014.12.30 21:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.12.30 20:57:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.12.30 20:57:04 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job [2014.12.30 20:44:30 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.12.30 20:44:30 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.12.30 20:36:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.12.30 20:36:43 | 1609,867,264 | -HS- | M] () -- C:\hiberfil.sys [2014.12.19 14:03:01 | 000,852,505 | ---- | M] () -- C:\Users\Meister\Desktop\SecurityCheck.exe [2014.12.18 22:56:16 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Meister\Desktop\esetsmartinstaller_deu.exe [2014.12.17 23:21:55 | 001,707,646 | ---- | M] (Thisisu) -- C:\Users\Meister\Desktop\JRT.exe [2014.12.17 23:16:14 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2014.12.17 23:13:12 | 002,166,272 | ---- | M] () -- C:\Users\Meister\Desktop\AdwCleaner_4.105.exe [2014.12.17 23:07:39 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.12.17 22:43:18 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.12.16 22:25:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2014.12.16 22:14:34 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.12.16 22:14:34 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.12.16 22:14:34 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.12.16 22:14:34 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.12.16 22:14:34 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.12.16 22:14:15 | 005,601,641 | R--- | M] (Swearware) -- C:\Users\Meister\Desktop\ComboFix.exe [2014.12.15 21:45:42 | 000,000,000 | ---- | M] () -- C:\Users\Meister\defogger_reenable [2014.12.15 21:03:22 | 000,001,668 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin [2014.12.13 13:36:03 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk [2014.12.13 13:35:19 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014.12.13 13:35:18 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2014.12.13 13:35:18 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014.12.13 13:35:18 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014.12.13 13:35:17 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014.12.13 13:35:17 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys [2014.12.13 13:35:17 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014.12.13 13:35:16 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014.12.13 13:35:10 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014.12.13 13:34:28 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys [2014.12.13 13:32:00 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2014.12.09 21:41:47 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\PerfV700_V750 Benutzerhandbuch.lnk [2014.12.09 21:41:34 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2014.12.05 19:28:07 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbz.DAT [2014.12.05 19:28:07 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT [2014.12.05 19:28:07 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbw.DAT [2014.12.05 14:35:57 | 000,003,600 | ---- | M] () -- C:\bootsqm.dat [4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.12.19 14:02:56 | 000,852,505 | ---- | C] () -- C:\Users\Meister\Desktop\SecurityCheck.exe [2014.12.17 23:13:04 | 002,166,272 | ---- | C] () -- C:\Users\Meister\Desktop\AdwCleaner_4.105.exe [2014.12.17 22:43:18 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.12.16 22:16:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2014.12.16 22:16:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2014.12.16 22:16:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2014.12.16 22:16:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2014.12.16 22:16:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2014.12.15 21:45:42 | 000,000,000 | ---- | C] () -- C:\Users\Meister\defogger_reenable [2014.12.15 20:57:32 | 000,001,668 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin [2014.12.13 13:32:00 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2014.12.13 12:59:56 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk [2014.12.13 12:59:14 | 000,267,632 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014.12.13 12:59:12 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014.12.13 12:59:11 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014.12.09 21:41:47 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\PerfV700_V750 Benutzerhandbuch.lnk [2014.12.09 20:46:27 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2014.12.05 14:35:57 | 000,003,600 | ---- | C] () -- C:\bootsqm.dat [2014.08.29 09:24:25 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DICEMLT004.dll [2013.05.31 14:03:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2013.05.31 14:03:59 | 000,000,000 | ---- | C] () -- C:\Users\Meister\AppData\Roaming\Equalizer [2013.04.13 10:02:43 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2013.04.13 10:02:43 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2013.04.13 10:02:43 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2013.04.13 10:02:43 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2013.04.13 10:02:43 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2013.04.13 10:02:43 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2013.04.13 10:02:43 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2013.04.13 10:02:43 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2013.04.13 10:02:43 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2013.04.13 10:02:43 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2013.04.13 10:02:43 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2013.04.13 10:02:43 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2013.04.13 10:02:43 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2013.04.13 10:02:43 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2013.04.13 10:02:43 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2013.04.13 10:02:43 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2013.04.13 10:02:43 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2013.04.13 10:02:43 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2013.04.13 10:02:43 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2013.04.13 10:02:04 | 000,000,027 | ---- | C] () -- C:\Windows\CDE V700750DEFGIPSR.ini [2013.01.25 16:02:23 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature [2013.01.25 16:02:23 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Multipressor [2013.01.25 16:02:23 | 000,000,268 | RH-- | C] () -- C:\Users\Meister\AppData\Roaming\Mallets [2013.01.25 16:02:23 | 000,000,012 | RH-- | C] () -- C:\ProgramData\SystemConfiguration [2013.01.25 16:02:23 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Synth Textures [2013.01.25 15:57:00 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.07 09:24:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature Sounds [2011.05.07 09:24:15 | 000,000,268 | RH-- | C] () -- C:\Users\Meister\AppData\Roaming\MediaFolder [2011.05.07 09:24:15 | 000,000,268 | RH-- | C] () -- C:\Users\Meister\AppData\Roaming\Master [2011.05.07 09:24:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT [2011.05.07 09:24:15 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Techno Kit [2011.05.07 09:18:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT [2011.05.06 16:42:30 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2011.05.06 16:34:20 | 000,003,584 | ---- | C] () -- C:\Users\Meister\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.12.13 13:20:23 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\AVAST Software [2011.05.06 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\cr3 [2014.11.28 19:46:04 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\DAEMON Tools Lite [2014.12.09 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\EPSON [2013.05.31 14:06:31 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\Nikon [2012.03.13 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\Nokia [2011.05.15 13:21:09 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\Opera [2014.12.30 20:52:21 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\Oracle [2011.06.18 15:52:43 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\PC Suite [2012.11.11 11:13:02 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\PhotoCleaner [2014.01.29 19:45:04 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\SaalDesignSoftware [2011.10.21 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\SkyMonk [2013.08.29 21:14:10 | 000,000,000 | ---D | M] -- C:\Users\Meister\AppData\Roaming\TomTom ========== Purity Check ========== ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /64 > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 7 "ProviderFileName0" = C:\Windows\SysNative\unimdm.tsp -- [2010.11.21 04:24:28 | 000,321,536 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = C:\Windows\SysNative\kmddsp.tsp -- [2009.07.14 02:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = C:\Windows\SysNative\ndptsp.tsp -- [2009.07.14 02:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = C:\Windows\SysNative\hidphone.tsp -- [2009.07.14 02:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) "NumProviders" = 5 "ProviderFileName4" = xptmdgfa.tsp "ProviderID4" = 6 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S /64 > "DisplayName" = @%systemroot%\system32\wkssvc.dll,-100 "Group" = NetworkProvider "ImagePath" = C:\Windows\SysNative\svchost.exe -- [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) "Description" = @%systemroot%\system32\wkssvc.dll,-101 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage] "Bind" = \Device\Smb_Tcpip_{FC729A76-A134-4 [Binary data over 200 bytes] "Route" = "Smb" "Tcpip" "{FC729A76-A134-441E [Binary data over 200 bytes] "Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider] "DeviceName" = \Device\LanmanRedirector "Name" = Microsoft Windows Network "DisplayName" = @%systemroot%\system32\wkssvc.dll,-102 "ProviderPath" = C:\Windows\SysNative\ntlanman.dll -- [2010.11.21 04:24:32 | 000,129,536 | ---- | M] (Microsoft Corporation) 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "ServiceDll" = C:\Windows\SysNative\wkssvc.dll -- [2010.11.21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] "MaxCmds" = 30 "MaxThreads" = 30 "MaxCollectionCount" = 32 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S /64 > "DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101 "Group" = TDI "ImagePath" = C:\Windows\SysNative\svchost.exe -- [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\System32\dnsapi.dll,-102 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = Tdxnsi [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\pouavchl7.dll "ServiceDllUnloadOnStop" = 1 "extension" = C:\Windows\SysNative\dnsext.dll -- [2009.07.14 02:40:31 | 000,008,192 | ---- | M] (Microsoft Corporation) "ServiceMain" = SetAccessPolicy 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] "ShutdownOnIdle" = 0 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security] "Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0] "Type" = 4 "Action" = 1 "GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data] "Data0" = 5355UDP [binary data] "DataType0" = 2 < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.21 04:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /64 > "RPCSS" = RpcEptMapperRpcSs [binary data] "defragsvc" = C:\Windows\SysNative\defragsvc.dll -- [2009.07.14 02:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) "LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes] "LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes] "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "WerSvcGroup" = C:\Windows\SysNative\wersvc.dll -- [2009.07.14 02:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) "LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data] "termsvcs" = TermService [binary data] "swprv" = C:\Windows\SysNative\swprv.dll -- [2009.07.14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) "LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes] "LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data] "NetworkServiceAndNoImpersonation" = KtmRm [binary data] "regsvc" = RemoteRegistry [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSfdre [Binary data over 200 bytes] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkServiceNetworkRestricted" = PolicyAgent [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "sdrsvc" = C:\Windows\SysNative\sdrsvc.dll -- [2010.11.21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) "WbioSvcGroup" = C:\Windows\SysNative\WbioSrvc.dll -- [2009.07.14 02:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) "imgsvc" = StiSvc [binary data] "wcssvc" = C:\Windows\SysNative\WcsPlugInService.dll -- [2009.07.14 02:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) "AxInstSVGroup" = C:\Windows\SysNative\AxInstSV.dll -- [2010.11.21 04:24:34 | 000,114,688 | ---- | M] (Microsoft Corporation) "secsvcs" = WinDefend [binary data] "bthsvcs" = C:\Windows\SysNative\bthserv.dll -- [2009.07.14 02:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) "PeerDist" = C:\Windows\SysNative\PeerDistSvc.dll -- [2009.07.14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /64 > < %SystemRoot%\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < %SystemRoot%\system32\*.tsp /64 > [2009.07.14 02:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp [2009.07.14 02:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp [2009.07.14 02:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp [2009.07.14 02:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp [2010.11.21 04:24:28 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp < C:\Windows\system32\*.dll /1100 > [2014.07.17 02:39:30 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll [2014.03.04 10:17:05 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\adprovider.dll [2014.10.14 02:46:02 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\adtschema.dll [2013.12.05 07:08:35 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\advapi32.dll [2013.08.02 02:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll [2013.08.02 02:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll [2013.08.02 02:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll [2013.08.02 02:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll [2013.08.02 02:48:15 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.08.02 02:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll [2013.08.02 02:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll [2013.08.02 02:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.08.02 02:48:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.08.02 02:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll [2013.08.02 02:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll [2013.08.02 02:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.08.02 01:43:05 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll [2013.08.02 01:43:05 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll [2013.08.02 01:43:05 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll [2013.03.29 15:52:48 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.29 15:52:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.29 15:52:48 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.29 15:52:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.29 15:52:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.29 15:52:48 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.29 15:52:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.29 15:52:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.29 15:52:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll [2013.08.02 01:43:05 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll [2013.08.02 02:48:15 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\apisetschema.dll [2014.08.19 03:41:22 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\appidapi.dll [2013.06.09 18:53:16 | 000,164,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\atl110.dll [2013.05.31 14:03:58 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ATL71.DLL [2013.06.06 04:01:38 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll [2013.06.06 04:01:26 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll [2014.10.03 02:44:26 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\AudioEng.dll [2014.10.03 02:44:42 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\AUDIOKSE.dll [2014.10.03 02:44:26 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\AudioSes.dll [2014.06.03 10:29:40 | 001,805,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll [2014.07.07 02:40:05 | 000,744,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\blackbox.dll [2012.07.04 22:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll [2014.03.04 10:17:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\capiprovider.dll [2012.06.06 06:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll [2013.05.13 04:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll [2014.03.04 10:17:07 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngprovider.dll [2013.07.04 12:50:56 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comctl32.dll [2014.09.19 10:23:36 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\credssp.dll [2014.07.07 02:40:06 | 001,174,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2013.07.09 05:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2014.07.07 02:40:07 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsp.dll [2014.07.07 02:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2014.07.07 02:40:07 | 001,005,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptui.dll [2013.11.26 09:16:50 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll [2013.03.29 15:52:48 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll [2013.03.29 15:52:48 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll [2013.03.29 15:52:48 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll [2013.12.25 00:09:41 | 001,987,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll [2013.03.29 15:52:48 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll [2013.03.29 15:52:48 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll [2013.12.05 07:08:08 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll [2013.06.06 05:50:56 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dciman32.dll [2014.06.18 23:23:32 | 001,131,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dfshim.dll [2014.03.04 10:17:08 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dimsroam.dll [2014.03.04 10:17:08 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpapiprovider.dll [2012.11.02 06:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll [2014.07.07 02:40:08 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drmmgrtn.dll [2014.07.07 02:40:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drmv2clt.dll [2013.04.10 00:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2013.03.29 15:52:48 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll [2014.07.07 02:40:22 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxmasf.dll [2014.11.06 03:48:12 | 000,418,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2014.11.06 03:34:21 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2013.12.05 07:09:49 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\elshyph.dll [2014.07.07 02:40:09 | 000,489,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\evr.dll [2014.11.18 14:56:48 | 001,202,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FM20.DLL [2013.06.06 05:51:29 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\fontsub.dll [2013.10.12 03:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FWPUCLNT.DLL [2014.08.23 02:45:55 | 000,311,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll [2012.10.03 15:14:58 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\GEARAspi.dll [2013.12.05 07:09:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll [2014.06.30 23:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardres.dll [2013.12.05 07:09:41 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll [2014.11.06 02:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2014.11.07 20:23:39 | 000,341,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll [2014.11.06 04:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieetwproxystub.dll [2014.11.06 03:03:36 | 012,819,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2013.12.05 07:09:41 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll [2014.11.06 04:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll [2014.11.06 04:05:30 | 002,277,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2014.11.06 04:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll [2013.12.05 07:09:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll [2014.11.06 04:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2013.10.19 02:36:59 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2013.12.05 07:09:41 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll [2014.08.12 02:36:37 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IMJP10K.DLL [2014.03.09 22:47:43 | 000,099,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\infocardapi.dll [2013.12.05 07:09:43 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll [2014.11.06 03:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\JavaScriptCollectionAgent.dll [2013.12.05 07:09:41 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2014.11.06 03:21:49 | 004,298,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2014.11.06 03:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9diag.dll [2013.12.05 07:09:46 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsIntl.dll [2014.11.06 04:04:45 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2014.11.11 03:44:25 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll [2014.03.04 10:16:17 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2014.03.04 10:16:18 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll [2013.12.05 07:09:43 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll [2013.06.06 05:57:01 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lpk.dll [2014.07.07 02:40:13 | 003,208,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mf.dll [2013.06.09 18:53:16 | 004,421,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110.dll [2013.06.09 18:53:16 | 000,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110chs.dll [2013.06.09 18:53:16 | 000,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110cht.dll [2013.06.09 18:53:16 | 000,074,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110deu.dll [2013.06.09 18:53:16 | 000,065,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110enu.dll [2013.06.09 18:53:16 | 000,073,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110esn.dll [2013.06.09 18:53:16 | 000,074,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110fra.dll [2013.06.09 18:53:16 | 000,072,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110ita.dll [2013.06.09 18:53:16 | 000,053,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110jpn.dll [2013.06.09 18:53:16 | 000,053,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110kor.dll [2013.06.09 18:53:16 | 000,070,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110rus.dll [2013.06.09 18:53:16 | 004,456,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110u.dll [2013.06.09 18:53:16 | 000,083,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110.dll [2013.06.09 18:53:16 | 000,083,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110u.dll [2014.07.07 02:37:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mferror.dll [2014.07.07 02:40:13 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfplat.dll [2014.07.07 02:40:13 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfps.dll [2014.10.14 02:47:30 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msaudite.dll [2014.06.18 23:23:32 | 000,156,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mscorier.dll [2014.06.18 23:23:32 | 000,081,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mscories.dll [2014.11.06 03:22:12 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2013.12.05 07:09:41 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2014.11.06 04:10:35 | 019,781,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2014.11.06 04:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MshtmlDac.dll [2014.11.06 03:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2013.12.05 07:09:41 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll [2014.11.06 03:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmlmedia.dll [2014.06.03 10:29:50 | 002,363,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll [2014.06.03 10:29:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msihnd.dll [2013.12.05 07:09:45 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll [2013.03.29 15:52:48 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll [2014.07.07 02:40:15 | 000,265,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msnetobj.dll [2014.11.06 03:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll [2014.07.07 02:40:16 | 000,504,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msscp.dll [2014.03.31 21:46:48 | 000,130,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MSSTDFMT.DLL [2014.07.17 02:39:42 | 003,221,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll [2014.09.19 10:23:45 | 000,259,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msv1_0.dll [2012.11.06 01:20:52 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110.dll [2012.11.06 01:20:52 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110.dll [2013.12.05 07:08:18 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mswsock.dll [2014.08.21 07:26:21 | 001,237,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2014.08.21 07:23:10 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3r.dll [2014.03.26 15:27:50 | 001,389,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2014.03.26 15:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6r.dll [2014.09.19 10:23:46 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012.07.04 22:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2013.10.12 03:03:08 | 000,656,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nshwfp.dll [2013.12.05 07:08:35 | 001,292,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll [2014.03.04 10:17:19 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll [2014.03.04 10:17:19 | 000,538,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\objsel.dll [2013.12.05 07:09:42 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll [2014.10.18 02:33:18 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\oleaut32.dll [2014.10.25 02:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll [2014.11.11 03:44:32 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pku2u.dll [2013.12.05 07:09:42 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll [2013.07.20 11:33:12 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll [2014.07.07 02:40:19 | 000,516,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll [2014.06.06 10:44:17 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll [2014.07.07 02:40:19 | 001,329,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll [2014.09.04 06:04:15 | 000,372,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rastls.dll [2012.02.17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll [2014.07.14 02:40:58 | 000,664,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll [2014.09.19 10:23:49 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2013.10.12 03:03:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scrrun.dll [2014.10.14 02:50:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll [2013.07.26 02:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll [2014.03.25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2014.07.07 02:40:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spwmp.dll [2014.08.19 03:41:39 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll [2014.10.14 02:49:38 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll [2012.09.25 23:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll [2013.12.05 07:08:35 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tdh.dll [2013.02.15 04:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll [2014.09.19 10:23:52 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSpkg.dll [2014.07.16 03:46:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2013.03.29 15:52:48 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll [2013.12.05 07:09:43 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2014.11.06 02:48:37 | 001,310,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2014.04.25 03:06:17 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll [2014.11.06 04:13:43 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2012.11.06 01:20:52 | 000,320,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcamp110.dll [2012.11.06 01:20:52 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vccorlib110.dll [2012.11.06 01:20:52 | 000,125,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcomp110.dll [2014.09.19 10:23:55 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wdigest.dll [2013.12.05 07:09:43 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll [2014.01.29 03:06:47 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wer.dll [2013.04.26 05:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2014.03.04 10:17:38 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wincredprovider.dll [2014.11.11 03:44:45 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll [2013.03.29 15:52:48 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll [2014.11.06 02:52:35 | 001,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2014.07.17 02:40:03 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsta.dll [2014.07.07 02:40:37 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2014.07.07 02:40:38 | 000,617,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmdrmsdk.dll [2012.03.01 06:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll [2014.07.07 02:40:38 | 011,411,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmp.dll [2013.03.29 15:52:48 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll [2014.07.07 02:39:12 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmploc.DLL [2013.07.25 09:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL [2014.03.04 10:16:18 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll [2014.05.14 17:23:38 | 000,581,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll [2014.05.14 17:17:10 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll [2014.05.14 17:23:42 | 000,036,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll [2014.05.14 08:23:04 | 000,179,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll [2013.03.29 15:52:48 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll [2013.03.29 15:52:48 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU(15).TXT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.29 18:07:46 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.07.10 16:45:29 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job [2012.07.10 16:45:30 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job [2012.07.10 18:19:46 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.07.10 18:19:47 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < C:\Windows\system32\*.dll /1100 /64 > [2013.02.15 07:02:26 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2014.03.04 10:43:55 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll [2014.10.14 03:07:31 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll [2013.12.05 07:08:36 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013.08.02 03:12:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.08.02 03:12:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.08.02 03:12:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.08.02 03:12:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.08.02 03:12:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.08.02 03:12:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.08.02 03:12:18 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.08.02 03:12:19 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.08.02 03:12:19 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.08.02 03:12:19 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.08.02 03:12:19 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.08.02 03:12:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.08.02 03:12:20 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.08.02 03:12:20 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.08.02 03:12:20 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.08.02 03:12:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.08.02 03:12:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.03.29 15:52:48 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.29 15:52:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.29 15:52:48 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.29 15:52:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.29 15:52:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.29 15:52:48 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.29 15:52:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.29 15:52:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.29 15:52:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.08.02 03:12:20 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.08.02 03:12:20 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2014.08.19 04:07:51 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll [2014.08.19 04:07:51 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll [2013.02.27 06:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appinfo.dll [2013.06.09 14:59:36 | 000,192,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\atl110.dll [2013.06.06 04:30:53 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.06.06 06:47:21 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2014.10.03 03:11:51 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll [2014.10.03 03:12:00 | 000,500,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll [2014.10.03 03:11:51 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll [2014.10.03 03:11:51 | 000,680,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\audiosrv.dll [2014.06.03 11:02:12 | 001,941,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2014.07.07 03:06:30 | 000,842,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll [2012.07.04 23:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.07.04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll [2014.03.04 10:43:55 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll [2012.06.06 07:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2013.05.13 06:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2014.06.28 01:21:17 | 000,457,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll [2014.03.04 10:43:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll [2013.07.04 13:50:39 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2014.09.19 10:42:41 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\credssp.dll [2014.07.07 03:06:31 | 001,480,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.07.09 06:46:20 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2014.07.07 03:06:31 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll [2014.07.07 03:06:31 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll [2014.07.07 03:06:31 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll [2013.08.02 03:12:47 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.11.22 23:48:21 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.29 15:52:48 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.29 15:52:48 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.29 15:52:48 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.12.24 23:48:32 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.29 15:52:48 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.29 15:52:48 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.12.05 07:08:08 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.06 06:49:07 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2014.06.18 23:23:33 | 001,943,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2014.03.04 10:43:56 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll [2014.03.04 10:43:56 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll [2012.11.02 06:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2014.07.07 03:06:32 | 000,497,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll [2014.07.07 03:06:32 | 001,202,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll [2013.04.02 23:51:57 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.29 15:52:48 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2014.07.07 03:06:44 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll [2014.11.06 04:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014.11.06 03:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.12.05 07:09:46 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2014.10.03 03:11:54 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll [2014.07.07 03:06:33 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll [2013.03.29 15:52:48 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll [2013.06.06 06:49:52 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013.10.12 03:29:08 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL [2014.08.23 03:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2012.10.03 15:14:56 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2013.12.05 07:09:37 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2014.06.30 23:24:50 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll [2013.12.05 07:09:39 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2014.11.06 02:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014.11.07 20:49:08 | 000,388,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2014.11.06 05:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014.11.06 04:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014.11.06 03:30:30 | 014,390,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll [2013.12.05 07:09:35 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2014.11.06 04:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014.11.06 04:43:18 | 002,884,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2014.11.06 04:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.12.05 07:09:38 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2014.11.06 04:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.10.12 03:29:21 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IKEEXT.DLL [2013.10.19 03:18:57 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013.12.05 07:09:35 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2014.08.12 03:02:49 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL [2014.03.09 22:48:52 | 000,171,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll [2013.12.05 07:09:37 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2014.11.06 04:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013.12.05 07:09:35 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2014.11.06 04:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014.11.06 04:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013.12.05 07:09:40 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2014.11.06 04:36:54 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2014.11.11 04:08:48 | 000,728,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll [2014.03.04 10:44:00 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2014.03.04 10:44:00 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.12.05 07:09:37 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.05.14 06:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013.06.06 06:50:51 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2014.10.14 03:12:57 | 001,460,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2014.07.07 03:06:37 | 004,120,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2013.06.09 14:59:36 | 005,592,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110.dll [2013.06.09 14:59:36 | 000,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110chs.dll [2013.06.09 14:59:36 | 000,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110cht.dll [2013.06.09 14:59:36 | 000,074,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110deu.dll [2013.06.09 14:59:36 | 000,065,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110enu.dll [2013.06.09 14:59:36 | 000,073,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110esn.dll [2013.06.09 14:59:36 | 000,074,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110fra.dll [2013.06.09 14:59:36 | 000,072,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110ita.dll [2013.06.09 14:59:36 | 000,053,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110jpn.dll [2013.06.09 14:59:36 | 000,053,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110kor.dll [2013.06.09 14:59:36 | 000,070,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110rus.dll [2013.06.09 14:59:36 | 005,619,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc110u.dll [2013.06.09 14:59:36 | 000,090,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfcm110.dll [2013.06.09 14:59:36 | 000,090,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfcm110u.dll [2014.07.07 03:02:55 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll [2014.07.07 03:06:37 | 000,432,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll [2014.07.07 03:06:37 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2014.10.14 03:09:31 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll [2014.06.18 23:23:33 | 000,156,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll [2014.06.18 23:23:33 | 000,073,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll [2014.11.06 03:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.12.05 07:09:39 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2014.11.06 05:03:15 | 025,110,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll [2014.11.06 04:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014.11.06 04:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.12.05 07:09:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2014.11.06 03:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014.06.03 11:02:21 | 003,241,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2014.06.03 11:02:21 | 000,504,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll [2013.12.05 07:09:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.03.29 15:52:48 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2014.07.07 03:06:38 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll [2014.11.06 04:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014.07.07 03:06:38 | 000,641,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll [2014.07.17 03:07:37 | 003,722,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2014.09.19 10:42:47 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll [2012.11.05 22:26:22 | 000,661,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll [2012.11.05 22:26:22 | 000,849,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll [2013.12.05 07:08:18 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mswsock.dll [2014.08.21 07:43:26 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll [2014.08.21 07:40:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2014.03.26 15:44:48 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll [2014.03.26 15:41:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll [2014.09.19 10:42:47 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.04 23:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.01.09 16:28:20 | 000,057,856 | ---- | M] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll [2013.10.12 03:30:42 | 000,830,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll [2013.12.05 07:08:36 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2014.03.04 10:44:03 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2014.03.04 10:44:03 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll [2013.12.05 07:09:36 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2014.10.18 03:05:23 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2014.10.25 02:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2014.07.07 03:06:39 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pcasvc.dll [2014.11.11 04:08:52 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pku2u.dll [2013.12.05 07:09:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.07.20 11:33:08 | 000,124,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2014.07.07 03:06:40 | 000,368,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2014.06.06 11:10:34 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2014.07.07 03:06:40 | 001,574,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2014.09.04 06:23:20 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll [2012.02.17 07:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2014.07.17 03:07:39 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2014.07.17 03:07:41 | 001,113,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.04.26 06:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2014.07.14 03:02:45 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2014.09.19 10:42:49 | 000,342,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll [2013.10.12 03:31:04 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll [2014.04.12 03:19:37 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2014.08.19 04:08:03 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll [2013.07.26 03:24:56 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2014.03.25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll [2014.07.07 03:06:39 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll [2014.08.19 04:08:04 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll [2014.08.19 04:08:04 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2014.04.12 03:19:38 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2014.04.12 03:19:38 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012.09.25 23:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013.12.05 07:08:36 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2014.10.14 03:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\termsrv.dll [2013.02.15 07:08:40 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2014.09.19 10:42:51 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TSpkg.dll [2014.07.16 04:23:41 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll [2013.03.29 15:52:48 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.12.05 07:09:37 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2014.11.06 03:04:29 | 001,550,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll [2014.07.28 13:52:00 | 006,112,072 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll [2014.04.25 03:34:59 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2014.11.06 04:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.05 22:26:22 | 000,385,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vcamp110.dll [2012.11.05 22:26:22 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll [2012.11.05 22:26:22 | 000,138,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vcomp110.dll [2012.11.28 23:56:52 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2014.09.19 10:42:52 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wdigest.dll [2013.12.05 07:09:37 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webcheck.dll [2014.01.29 03:32:18 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll [2013.04.26 06:51:36 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2014.03.04 10:44:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll [2014.12.30 20:57:09 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2014.11.11 04:09:06 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.29 15:52:48 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2014.11.06 03:17:24 | 002,365,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2013.08.02 03:14:57 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2014.07.17 03:07:58 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll [2014.07.07 03:07:00 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2014.07.07 03:07:00 | 000,782,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll [2012.03.01 07:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll [2014.07.07 03:07:00 | 014,632,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013.03.29 15:52:48 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2014.07.07 03:05:34 | 012,625,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2013.07.25 10:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2014.03.04 10:44:21 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2014.03.04 10:44:21 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2014.03.04 10:44:21 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2014.05.14 17:23:38 | 000,700,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2014.05.14 17:23:46 | 002,477,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll [2014.05.14 17:21:04 | 002,620,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2014.05.14 17:20:45 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2014.05.14 17:23:52 | 000,038,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2014.05.14 17:23:47 | 000,044,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2014.05.14 08:23:04 | 000,198,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.03.29 15:52:48 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.29 15:52:48 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll < > ========== Files - Unicode (All) ========== [2013.10.05 11:42:31 | 099,325,299 | ---- | M] ()(C:\Windows\SysWow64\???§) -- C:\Windows\SysWow64\ᴂ鳮ᵌ§ [2013.10.05 11:42:31 | 099,325,299 | ---- | C] ()(C:\Windows\SysWow64\???§) -- C:\Windows\SysWow64\ᴂ鳮ᵌ§ < End of report > |
|
31.12.2014, 15:50
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 Gerätemanager Problem mit MFC42u.dll FRST fix bitte nochmal, du hast alles in eine Zeile kopiert in der fixlist, das muss aber genau so aussehen wie oben in der Codebox. Zeile für Zeile.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.01.2015, 16:14
| #11 |
| | Windows 7 Gerätemanager Problem mit MFC42u.dll Sorry,hab keine Ahnung wieso das so war..hier dann das neue Fixlog. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Meister at 2015-01-01 16:09:06 Run:2
Running from C:\Users\Meister\Desktop
Loaded Profile: Meister (Available profiles: Meister)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files\Common Files\System\SysMenu.dll
C:\Program Files\Common Files\System\SysMenu64.dll
Task: {AF8AFB59-5572-4310-BB02-AB4381E33BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {E9D1BAD9-3721-4A44-90D8-1513FF067EF2} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
Winsock: Catalog5 07 C:\Windows\system32\tnns5rdy2.dll File Not found ()
cmd: netsh winsock reset
Emptytemp:
*****************
"C:\Program Files\Common Files\System\SysMenu.dll" => File/Directory not found.
"C:\Program Files\Common Files\System\SysMenu64.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF8AFB59-5572-4310-BB02-AB4381E33BBB} => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D1BAD9-3721-4A44-90D8-1513FF067EF2} => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3 => Key not found.
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value deleted successfully.
"HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Winsock: Catalog entry 000000000007 => Deleted successfully.
========= netsh winsock reset =========
Die folgende Hilfsprogramm-DLL konnte nicht geladen werden: RASMONTR.DLL.
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= End of CMD: =========
EmptyTemp: => Removed 159.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:09:28 ====
|
|
01.01.2015, 17:00
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 Gerätemanager Problem mit MFC42u.dll Bitte downloade dir LSPFix
Fixen mit OTL
Code:
ATTFilter :reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
00
[HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers]
"ProviderFileName4"=-
:files
C:\Windows\System32\pouavchl7.dll
Frisches FRST log bitte, ebenso bitte ein frisches OTL Scanlog mit den gleichen Einstellungen wie beim letzten Scan.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.01.2015, 20:26
| #13 |
| | Windows 7 Gerätemanager Problem mit MFC42u.dll Hi, die von dir angegebene .dll Datei taucht nicht auf in der Keep Box. Dort sind lediglich folgende: NLAapi.dll napinsp.dll pnrpnsp.dll mswsock.dll winrnr.dll mdnsNSP.dll Den Fix mit dem OTL habe ich schonmal durchgeführt, hier das Ergebnis: Code:
ATTFilter ========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\ProviderFileName4 not found.
========== FILES ==========
File\Folder C:\Windows\System32\pouavchl7.dll not found.
OTL by OldTimer - Version 3.2.69.0 log created on 01012015_202117
|
|
02.01.2015, 13:27
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 Gerätemanager Problem mit MFC42u.dll Ja bitte beide Scans machen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.01.2015, 15:16
| #15 |
| | Windows 7 Gerätemanager Problem mit MFC42u.dll So ich habe jetzt das frische FRST Log am Start und das OTL auch,allerdings gab es diesmal keine Extras.txt?! Ich habe wieder die Codebox in den benutzerdefinierten Scan kopiert die du beim ersten Mal dazu gepostet hattest, ist das richtig so? FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Meister (administrator) on MEISTER-PC on 02-01-2015 14:53:25
Running from C:\Users\Meister\Desktop
Loaded Profile: Meister (Available profiles: Meister)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-13] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [TomTomHOME.exe] => D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
SearchScopes: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default
FF DefaultSearchUrl: hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4289249302-2505303769-1399656917-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\searchplugins\mailru---.xml
FF Extension: Спутник @Mail.Ru - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2012-06-02]
FF Extension: Adblock Plus - C:\Users\Meister\AppData\Roaming\Mozilla\Firefox\Profiles\ld9p6xqx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-06-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/search
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Picasa2\npPicasa3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Meister\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-10]
CHR Extension: (Google-Suche) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-10]
CHR Extension: (Avast Online Security) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-13]
CHR Extension: (Google Wallet) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]
CHR StartMenuInternet: Google Chrome - C:\Users\Meister\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-23] (Nalpeiron Ltd.) [File not signed]
R2 TomTomHOMEService; D:\Eigene Dateien\Progs\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-05-06] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-02 14:53 - 2015-01-02 14:55 - 00016347 _____ () C:\Users\Meister\Desktop\FRST.txt
2015-01-01 20:21 - 2015-01-01 20:21 - 00001302 _____ () C:\Users\Meister\Desktop\01012015_202117.log
2015-01-01 20:21 - 2015-01-01 20:21 - 00000000 ____D () C:\_OTL
2015-01-01 20:06 - 2015-01-01 20:07 - 00186880 _____ (CEXX.ORG) C:\Users\Meister\Downloads\LSPFix.exe
2014-12-30 21:22 - 2014-12-30 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-30 21:22 - 2014-12-30 21:22 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-12-30 21:21 - 2014-12-30 21:21 - 01182149 _____ () C:\Users\Meister\Downloads\7z936.exe
2014-12-30 21:01 - 2014-12-30 21:01 - 00602112 _____ (OldTimer Tools) C:\Users\Meister\Desktop\OTL.exe
2014-12-30 20:57 - 2014-12-30 20:57 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-30 20:57 - 2014-12-30 20:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-30 20:57 - 2014-12-30 20:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-30 20:57 - 2014-12-30 20:57 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-30 20:57 - 2014-12-30 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-30 20:57 - 2014-12-30 20:57 - 00000000 ____D () C:\Program Files\Java
2014-12-30 20:53 - 2014-12-30 20:53 - 31029672 _____ (Oracle Corporation) C:\Users\Meister\Downloads\jre-7u71-windows-x64.exe
2014-12-30 20:52 - 2014-12-30 20:52 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\Oracle
2014-12-30 20:44 - 2014-12-30 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-12-19 14:02 - 2014-12-19 14:03 - 00852505 _____ () C:\Users\Meister\Desktop\SecurityCheck.exe
2014-12-18 22:58 - 2014-12-18 22:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-18 22:55 - 2014-12-18 22:56 - 02347384 _____ (ESET) C:\Users\Meister\Desktop\esetsmartinstaller_deu.exe
2014-12-17 23:33 - 2014-12-20 18:24 - 00000000 ____D () C:\Users\Meister\Downloads\FRST-OlderVersion
2014-12-17 23:27 - 2014-12-17 23:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-17 23:21 - 2014-12-17 23:21 - 01707646 _____ (Thisisu) C:\Users\Meister\Desktop\JRT.exe
2014-12-17 23:14 - 2014-12-17 23:16 - 00000000 ____D () C:\AdwCleaner
2014-12-17 23:13 - 2014-12-17 23:13 - 02166272 _____ () C:\Users\Meister\Desktop\AdwCleaner_4.105.exe
2014-12-17 22:44 - 2014-12-17 23:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 22:43 - 2014-12-17 22:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 22:43 - 2014-12-17 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-17 22:42 - 2014-12-17 22:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-17 22:42 - 2014-12-17 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 22:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 22:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 22:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 22:39 - 2014-12-17 22:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Meister\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 22:28 - 2014-12-16 22:28 - 00018126 _____ () C:\ComboFix.txt
2014-12-16 22:16 - 2014-12-16 22:28 - 00000000 ____D () C:\Qoobox
2014-12-16 22:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-16 22:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-16 22:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-16 22:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-16 22:15 - 2014-12-16 22:25 - 00000000 ____D () C:\Windows\erdnt
2014-12-16 22:13 - 2014-12-16 22:14 - 05601641 ____R (Swearware) C:\Users\Meister\Desktop\ComboFix.exe
2014-12-16 01:01 - 2014-12-30 21:04 - 00000000 ____D () C:\Users\Meister\Desktop\Trojaner Board
2014-12-15 21:51 - 2014-12-15 21:51 - 00380416 _____ () C:\Users\Meister\Downloads\g3ifzpwh.exe
2014-12-15 21:48 - 2015-01-02 14:53 - 00000000 ____D () C:\FRST
2014-12-15 21:45 - 2014-12-30 21:03 - 02123264 _____ (Farbar) C:\Users\Meister\Desktop\FRST64.exe
2014-12-15 21:45 - 2014-12-15 21:45 - 00000000 _____ () C:\Users\Meister\defogger_reenable
2014-12-15 21:44 - 2014-12-15 21:45 - 00050477 _____ () C:\Users\Meister\Downloads\Defogger.exe
2014-12-15 21:03 - 2014-12-15 21:03 - 16310272 _____ () C:\Windows\system32\config\system.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:02 - 66617344 _____ () C:\Windows\system32\config\software.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00028672 _____ () C:\Windows\system32\config\sam.sav.LOG
2014-12-15 21:01 - 2014-12-15 21:01 - 00024576 _____ () C:\Windows\system32\config\security.sav.LOG
2014-12-15 20:57 - 2014-12-15 21:03 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-12-15 20:57 - 2014-12-15 20:57 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-12-15 20:45 - 2014-12-15 20:46 - 03894696 _____ (solvusoft Corporation ) C:\Users\Meister\Downloads\Mfc42u.dll-Reparaturprogramm-WinThruster.exe
2014-12-13 13:35 - 2014-12-13 13:35 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-13 13:35 - 2014-12-13 13:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-13 13:32 - 2014-12-13 13:32 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-13 13:28 - 2014-12-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-13 13:20 - 2014-12-13 13:20 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\AVAST Software
2014-12-13 12:59 - 2015-01-02 14:51 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-13 12:59 - 2014-12-13 13:36 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-13 12:59 - 2014-12-13 13:35 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-13 12:59 - 2014-12-13 13:35 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-13 12:59 - 2014-12-13 13:34 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-13 12:59 - 2014-12-13 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-13 12:56 - 2014-12-13 12:56 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-13 12:52 - 2014-12-13 12:56 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-13 12:49 - 2014-12-13 12:52 - 131078000 _____ (AVAST Software) C:\Users\Meister\Downloads\avast_free_antivirus_setup.exe
2014-12-13 12:44 - 2015-01-02 14:48 - 00001132 _____ () C:\Windows\setupact.log
2014-12-13 12:44 - 2014-12-17 23:17 - 00081008 _____ () C:\Windows\PFRO.log
2014-12-13 12:44 - 2014-12-13 12:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-12 13:50 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 13:50 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 21:41 - 2014-12-09 21:41 - 00002184 _____ () C:\Users\Public\Desktop\PerfV700_V750 Benutzerhandbuch.lnk
2014-12-09 21:13 - 2014-12-09 21:13 - 00002948 _____ () C:\Windows\System32\Tasks\{C5166266-1E7D-4416-8606-7ADC4D61B1F9}
2014-12-09 20:47 - 2014-12-09 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-09 20:46 - 2014-12-09 21:41 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-12-09 20:46 - 2014-12-09 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2014-12-09 20:46 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2014-12-09 20:46 - 2009-05-01 00:00 - 00017408 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcdev.dll
2014-12-09 20:46 - 2007-11-20 00:00 - 00055808 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiab.dll
2014-12-05 14:35 - 2014-12-05 14:35 - 00003600 ____N () C:\bootsqm.dat
2014-12-05 14:35 - 2014-12-05 14:35 - 00000000 ____D () C:\found.000
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-02 14:54 - 2011-05-06 12:59 - 01114861 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 14:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-01 20:22 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 20:22 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 20:01 - 2012-03-29 18:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 21:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-30 20:57 - 2012-07-10 18:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 20:57 - 2012-07-10 16:45 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job
2014-12-30 20:48 - 2012-03-29 18:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 20:48 - 2012-03-29 18:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-30 20:48 - 2011-05-15 11:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 20:43 - 2011-05-06 13:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-17 23:16 - 2014-02-11 22:12 - 00000000 ____D () C:\Windows\system32\log
2014-12-17 23:16 - 2011-05-15 13:21 - 00000979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-17 23:16 - 2011-05-15 13:21 - 00000967 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-12-17 23:16 - 2011-05-06 13:03 - 00000000 ____D () C:\Users\Meister
2014-12-16 22:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-16 22:14 - 2010-11-21 07:50 - 00696832 _____ () C:\Windows\system32\perfh007.dat
2014-12-16 22:14 - 2010-11-21 07:50 - 00148128 _____ () C:\Windows\system32\perfc007.dat
2014-12-16 22:14 - 2009-07-14 06:13 - 01613340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 13:32 - 2011-05-06 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-13 13:29 - 2011-05-06 16:35 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\DivX
2014-12-13 13:29 - 2011-05-06 13:38 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-13 13:29 - 2011-05-06 13:37 - 00000000 ____D () C:\ProgramData\DivX
2014-12-13 13:28 - 2011-05-06 13:38 - 00000000 ____D () C:\Program Files\DivX
2014-12-13 12:49 - 2013-12-01 13:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 12:49 - 2011-10-16 15:12 - 00000000 ____D () C:\ProgramData\Avira
2014-12-12 16:31 - 2014-08-29 19:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 16:31 - 2011-05-06 13:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 16:29 - 2014-08-29 22:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 21:46 - 2013-04-13 11:07 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\EPSON
2014-12-09 21:44 - 2013-04-13 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-12-09 21:42 - 2013-04-13 10:02 - 00000000 ____D () C:\Program Files (x86)\epson
2014-12-09 20:37 - 2013-04-13 10:09 - 00000000 ____D () C:\Users\Meister\AppData\Roaming\ArcSoft
2014-12-09 20:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-05 19:28 - 2011-05-07 09:24 - 00000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2014-12-05 19:28 - 2011-05-07 09:18 - 00000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2014-12-05 19:28 - 2011-05-06 16:42 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT
Files to move or delete:
====================
C:\Users\Meister\install_flashplayer12x32au_mssa_awb_aih.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-09 15:43
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Meister at 2015-01-02 14:55:28
Running from C:\Users\Meister\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.36 beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.4 3.4.4 (HKLM-x32\...\BookSmart® 3.4.4 3.4.4) (Version: - Blurb, Inc)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.5 - NIKON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.3.0.20 - DivX, LLC)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google Chrome (HKU\S-1-5-21-4289249302-2505303769-1399656917-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minolta DiMAGE Scan ver 1.1 (HKLM-x32\...\{AFB2133B-BCEE-49E5-AB1D-F54E7798D533}) (Version: - )
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PerfV700_V750 Benutzerhandbuch (HKLM-x32\...\PerfV700_V750 Benutzerhandbuch) (Version: - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
Russisch für Deutsche - empfohlen (HKLM\...\{4C47DA93-303F-4165-918B-BCBAD9099DB8}) (Version: 1.0.3.40 - Uni Leipzig)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.26 - SSW Software GmbH)
Saal Design Software (x32 Version: 3.2.26 - SSW Software GmbH) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4289249302-2505303769-1399656917-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Meister\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
12-12-2014 16:27:27 Windows Update
13-12-2014 12:55:27 avast! antivirus system restore point
13-12-2014 13:33:43 avast! antivirus system restore point
13-12-2014 13:48:02 Windows Update
15-12-2014 20:53:58 WinThruster Mo, Dez 15, 14 20:53
17-12-2014 22:45:18 Windows Update
30-12-2014 20:41:39 Windows Update
30-12-2014 20:55:51 Installed Java 7 Update 71 (64-bit)
01-01-2015 20:37:46 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-16 22:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {036E8C82-7DDD-4731-A048-4237E855E232} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {0E5037CA-F68B-4988-8C0E-CCFFE170F837} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {1E8D942B-F494-4B6E-A5C4-CEDEE06F80BA} - System32\Tasks\{D211CDEC-C4EC-4E0B-BFD9-42AA74CA49F6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {31EE70D1-F7FF-48A0-B171-273EC38FF11A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-30] (Adobe Systems Incorporated)
Task: {5236106A-1A0D-4F5E-A1CB-422B77B1270E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E310931-CDB1-4191-9A48-22AEB4D65D33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {62F9153C-46DF-4A19-B588-A0C4D9A5E36D} - System32\Tasks\{925304C0-FF2D-476D-9B3A-5C948A15E372} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {6BBD94BF-3F76-4F75-A4D5-1071782E065C} - System32\Tasks\{3F8E0070-CFC8-4E2B-9189-162C57E635EB} => pcalua.exe -a "D:\Eigene Dateien\Progs\SkypeSetupFull-55.exe" -d "D:\Eigene Dateien\Progs"
Task: {785AD318-D073-44F6-A6C2-F25F3D3B6C65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {988F2D2F-CDD5-4E24-9181-CFC9B23724DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-13] (AVAST Software)
Task: {9A57BB27-1505-45C2-B059-E454D7547B92} - System32\Tasks\{C5166266-1E7D-4416-8606-7ADC4D61B1F9} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-28] (SEIKO EPSON CORP.)
Task: {BFDA13FA-69C0-413C-A98C-02A75D599412} - System32\Tasks\{1665758C-D66E-4AC8-BB07-D28BAC910A57} => pcalua.exe -a C:\Users\Meister\Desktop\S-CNX2__-020305WU-___DE-ALL___.exe -d C:\Users\Meister\Desktop
Task: {DDA69226-D513-4F74-A289-2A0F0B78336E} - System32\Tasks\{70323D67-B236-419F-8DB2-E11D7E2CA5E3} => c:\program files (x86)\opera\opera.exe [2014-04-25] (Opera Software)
Task: {E2282B8F-5791-4829-A930-73965E96145A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000Core.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4289249302-2505303769-1399656917-1000UA.job => C:\Users\Meister\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-01 16:06 - 2015-01-01 16:06 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\15010100\algo.dll
2015-01-02 14:48 - 2015-01-02 14:48 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010200\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-09 21:44 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 21:44 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-12-13 13:34 - 2014-12-13 13:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-13 13:04 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 13:04 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 13:04 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 13:04 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\Meister\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
========================= Accounts: ==========================
Administrator (S-1-5-21-4289249302-2505303769-1399656917-500 - Administrator - Disabled)
Gast (S-1-5-21-4289249302-2505303769-1399656917-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4289249302-2505303769-1399656917-1002 - Limited - Enabled)
Meister (S-1-5-21-4289249302-2505303769-1399656917-1000 - Administrator - Enabled) => C:\Users\Meister
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/02/2015 02:49:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2015 07:58:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2015 04:11:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2015 04:11:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/01/2015 04:09:58 PM) (Source: Windows Search Service) (EventID: 3084) (User: )
Description: Fehler beim Laden des Protokollhandlers Csc. Fehlerbeschreibung: Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde. (HRESULT : 0x800703fa).
Error: (01/01/2015 04:06:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/30/2014 09:35:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/30/2014 08:37:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/30/2014 08:35:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/20/2014 06:39:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/02/2015 02:50:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Error: (01/02/2015 02:49:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Error: (01/02/2015 02:49:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Error: (01/02/2015 02:49:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Error: (01/02/2015 02:49:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Error: (01/02/2015 02:49:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Error: (01/02/2015 02:49:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Error: (01/02/2015 02:49:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Error: (01/02/2015 02:49:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Error: (01/02/2015 02:49:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%127
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-16 22:24:39.834
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-16 22:24:39.787
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 61%
Total physical RAM: 2047.05 MB
Available physical RAM: 793.97 MB
Total Pagefile: 4094.11 MB
Available Pagefile: 2507.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:91.7 GB) (Free:32.49 GB) NTFS
Drive d: (Daten) (Fixed) (Total:206.29 GB) (Free:178.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B61BB61B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=91.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=206.3 GB) - (Type=OF Extended)
==================== End Of Log ============================
Ich bin jetzt nochmal weg bis zum 8.1., also keine Eile und nicht wundern |
|
| Themen zu Windows 7 Gerätemanager Problem mit MFC42u.dll |
| .dll datei, antivirus, awesomehp, awesomehp entfernen, ccsetup, computer, downloader, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 28, fehlercode windows, flash player, homepage, lightning, lightning speeddial, lightning speeddial entfernen, mobogenie, mobogenie entfernen, programm, registry, trackid, win32/sbwatchman.d, win32/speedbit.a, win32/toolbar.babylon.e, win32/toolbar.babylon.f, win64/systweak.a, windows 7, ytdownloader |
WARNUNG an die MITLESER: 
Textbox.
Linear-Darstellung
