Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: AntiVir Blocker

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.02.2015, 16:19   #1
BruderTack
 
AntiVir Blocker - Standard

AntiVir Blocker



Hallo zusammen,

ich habe mir mir eine Verseuchung eingefangen, scheinbar über ein Codex und einen versauten Film. Nun bin ich nach 35J Softwareentwicklung einige sauerein gewohnt, und habe
dann im abgesicherten Modus durch blitzeingaben den Start der Malware unterdrückt, im Anschluß ca 6 Verschiedene Malwarefinder durchlaufen lassen die auch so einiges entfernt haben.

Das System ist wieder sauber, alle Prozesse und Dateien entsprechen der Spezifikation
auch gibt es keine Verweise in der Host datei usw. lediglich "360 Total Security" läuft, zusammen mit einigen anderen Detektoren.

Nun kommts.

Jeder Versuch zB. mser.exe von MS zu starten oder MxAffe,Avira,Kasperski oder sonstige gängige Detektoren schlägt fehl, auch Ms Security. Lediglich Windows Defender gehtnoch über die Systewmsteuerung, kann aber seinen Datenstand nicht nachladen. Außerdem funktionieren noch eine reihe weiterer Virenfinder, keiner wird mehr fündig, die Ausführungsbeschränkung bleibt mir jetzt ein RÄTSEL scheinbar wird unmittelbar nach dem Startversuch der Fortgang abgebrochen.

Selbst über eine indirekte Ausführung oder von einem premission usb stick, bleibt ein Start der Avira/MxAffe/Norton.. und Konsorten -Setups erfolglos, andere Setups die nichts mit Reinigung zu tun haben funktionieren.

Es Laufen keine feindlichen Services oder Prozesse, auch keine obscuren Treiber.

Es muss also eine systemkonforme Ausführungsverhinderungs -Liste geben, in der die namen der Distributouere stehen ? Renamen bringt keine Wirkung.

DEP ist off, was geht da ab ?

Danke für Hinweise
K.

Geändert von BruderTack (04.02.2015 um 16:26 Uhr)

Alt 04.02.2015, 16:49   #2
schrauber
/// the machine
/// TB-Ausbilder
 

AntiVir Blocker - Standard

AntiVir Blocker



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 05.02.2015, 00:27   #3
BruderTack
 
AntiVir Blocker - Standard

logs



Hi,
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015
Ran by PC-100 (administrator) on PC-100 on 04-02-2015 17:57:36
Running from C:\TMP
Loaded Profiles: PC-100 (Available profiles: PC-100)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(MicroWorld Technologies Inc.) C:\Users\PC-100\AppData\Local\Temp\ECONSER.EXE.15646299.mwt
(MicroWorld Technologies Inc.) C:\Users\PC-100\AppData\Local\Temp\ECONCEAL.EXE.37242191.mwt
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [2037360 2015-02-03] ()
HKU\S-1-5-21-2056609738-4234774501-2886495833-1000\...\Run: [] => [X]
Startup: C:\Users\PC-100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msert.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2056609738-4234774501-2886495833-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de
HKU\S-1-5-21-2056609738-4234774501-2886495833-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = 
SearchScopes: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000 -> {F75FB101-C036-463F-ACC2-BC30FDA6FDD1} URL = 
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\PC-100\AppData\Roaming\Mozilla\Firefox\Profiles\qnypfzlz.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files\Common Files\Spigot\GC\nta_1.0_0.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files\Arc\ArcService.exe [88400 2015-01-08] (Perfect World Entertainment Inc)
R2 asHmComSvc; C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [667520 2015-01-31] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S4 CZCanSrv; C:\Program Files\Common Files\Carl Zeiss\CZCanSrv.exe [332800 2013-11-13] (Carl Zeiss Microscopy GmbH) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2014-03-15] (Flexera Software LLC)
S4 hasplms; C:\Windows\system32\hasplms.exe [2869760 2009-04-21] (Aladdin Knowledge Systems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 mi-raysat_3dsmax2013_32; C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe [86016 2011-09-14] () [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [791152 2015-02-03] ()
S3 Te.Service; C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [73360 2014-07-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [X]
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X]
R4 EconService; c:\progra~1\escan\EconSer.exe [X]
S3 GfExperienceService; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe" [X]
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]
S2 NvNetworkService; "C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" [X]
S4 ServiceLayer; "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394CMDR; C:\Windows\System32\DRIVERS\1394cmdr.sys [59280 2011-08-21] (CMU Robotics Institute)
R3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [88136 2015-02-03] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [65608 2015-02-03] (360.cn)
R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [202312 2015-02-03] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2015-02-03] (360.cn)
R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [174536 2015-02-03] (360安全中心)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [352256 2009-01-16] (Aladdin Knowledge Systems Ltd.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-08-24] ()
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [101352 2011-06-02] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [317416 2011-06-02] (ASMedia Technology Inc)
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [169040 2015-02-03] (Qihu 360 Software Co., Ltd.)
S3 BRESSER; C:\Windows\System32\Drivers\BRESSER.sys [27216 2013-11-29] (TSUSB_FX2)
R0 DsArk; C:\Windows\system32\Drivers\DsArk.sys [99912 2015-02-03] (360.cn)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-05-05] (Disc Soft Ltd)
U4 econceal; C:\Windows\System32\DRIVERS\econceal.sys [37096 2014-05-12] (MicroWorld Technologies Inc.)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23752 2015-02-03] (360安全中心)
R0 firedrv; C:\Windows\System32\DRIVERS\firedrv.sys [107552 2011-11-25] (intek (Darmstadt))
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [587776 2009-07-09] (Aladdin Knowledge Systems Ltd.)
R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [58440 2015-02-03] (360安全中心)
S3 ISRegFlt; C:\Program Files\InstallShield\2013LE\System\ISRegFlt.sys [34648 2012-08-07] (Flexera Software)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2014-12-31] (hxxp://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [257352 2015-02-03] (360.cn)
R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [45896 2015-02-03] (360.cn)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188320 2010-06-11] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2010-06-11] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation                           )
S3 sonydcam; C:\Windows\System32\DRIVERS\sonydcam.sys [26752 2009-07-14] (Microsoft Corporation)
S3 TUCSEN; C:\Windows\System32\Drivers\Tucsen.sys [27144 2012-12-05] (TSUSB_FX2)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S0 28481771; system32\DRIVERS\28481771.sys [X]
S0 39451045; system32\DRIVERS\39451045.sys [X]
S0 50877872; system32\DRIVERS\50877872.sys [X]
S0 89277599; system32\DRIVERS\89277599.sys [X]
S3 ARDRIVER; \??\C:\Windows\system32\DRIVERS\ARDRIVER.SYS [X]
S4 avchv; system32\DRIVERS\avchv.sys [X]
R4 bdfsfltr; system32\DRIVERS\bdfsfltr.sys [X]
S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [X]
S3 BRDriver_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver.sys [X]
U4 ProcObsrv; \??\c:\progra~1\escan\ProcObsrv.sys [X]
R4 ProcObsrves; \??\C:\PROGRA~1\eScan\ProcObsrves.sys [X]
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.6.15950.224\QMUdisk.sys [X]
S3 rtlss; System32\Drivers\rtlss.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 17:57 - 2015-02-04 17:57 - 00000000 ____D () C:\FRST
2015-02-04 17:55 - 2015-02-04 17:57 - 00006274 _____ () C:\Windows\system32\DB3626637921
2015-02-04 17:50 - 2015-02-04 17:50 - 00006876 _____ () C:\Windows\mailremv.log
2015-02-04 17:50 - 2015-02-04 17:50 - 00000555 _____ () C:\Windows\INST_TSP.LOG
2015-02-04 17:45 - 2015-02-04 17:45 - 00000000 ____D () C:\Windows\$ESUPD_ROLLBACK$
2015-02-04 17:42 - 2015-02-04 17:42 - 00000000 ____D () C:\Program Files\QS
2015-02-04 17:41 - 2015-02-04 17:41 - 00000000 ____D () C:\Users\PC-100\temp
2015-02-04 17:32 - 2015-02-04 17:32 - 00000000 ____D () C:\FBackup
2015-02-04 17:31 - 2015-02-04 17:31 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2015-02-04 17:31 - 2015-02-04 17:31 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2015-02-04 17:31 - 2015-02-04 17:31 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2015-02-04 17:31 - 2015-02-04 17:31 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2015-02-04 17:31 - 2015-02-04 17:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-04 17:31 - 2015-02-04 17:31 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\MicroWorld
2015-02-04 17:30 - 2015-02-04 17:31 - 00001742 _____ () C:\Windows\MAILINST.LOG
2015-02-04 17:29 - 2015-02-04 17:38 - 00001297 _____ () C:\Windows\frights.log
2015-02-04 17:28 - 2015-02-04 17:28 - 00209564 _____ () C:\Windows\winsbak2.reg
2015-02-04 17:28 - 2015-02-04 17:28 - 00024940 _____ () C:\Windows\winsbak.reg
2015-02-04 17:28 - 2015-02-04 17:28 - 00000602 _____ () C:\Windows\sporder.exe.manifest
2015-02-04 17:28 - 2015-02-04 17:28 - 00000152 _____ () C:\Windows\ERS.BAT
2015-02-04 17:27 - 2015-02-04 17:50 - 00032726 _____ () C:\Windows\ESCAN.LOG
2015-02-04 17:27 - 2015-02-04 17:31 - 00014482 _____ () C:\Windows\ESCANX.LOG
2015-02-04 17:27 - 2014-06-21 19:32 - 00080616 _____ (MicroWorld Technologies Inc.) C:\Windows\killproc.exe
2015-02-04 17:27 - 2014-05-12 13:38 - 00037096 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\Drivers\econceal.sys
2015-02-04 17:26 - 2015-02-04 17:50 - 00000000 ____D () C:\Program Files\eScan
2015-02-04 17:26 - 2015-02-04 17:50 - 00000000 ____D () C:\Program Files\Common Files\MicroWorld
2015-02-04 17:26 - 2014-12-04 21:45 - 01375464 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\mwtsp.dll
2015-02-04 17:26 - 2014-12-04 21:45 - 00173288 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\mwnsp.dll
2015-02-04 17:26 - 2014-12-04 21:42 - 01649384 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\contfilt.dll
2015-02-04 17:26 - 2014-12-04 20:52 - 02001128 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\test2.exe
2015-02-04 17:26 - 2014-06-21 19:32 - 00208616 _____ (MicroWorld Technologies Inc.) C:\Windows\inst_tspx.exe
2015-02-04 17:26 - 2014-06-21 19:32 - 00083176 _____ (MicroWorld Technologies Inc.) C:\Windows\inst_tsp.exe
2015-02-04 17:26 - 2014-06-21 19:31 - 00690408 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eslogon.dll
2015-02-04 17:26 - 2014-06-21 19:30 - 03100392 _____ (Commtouch) C:\Windows\system32\ASAPSDK.DLL
2015-02-04 17:26 - 2011-02-15 14:58 - 00408072 _____ () C:\Windows\system32\wget.exe
2015-02-04 17:26 - 2010-05-09 16:08 - 00293896 _____ () C:\Windows\system32\curl.exe
2015-02-04 17:26 - 2010-01-14 23:53 - 00137224 _____ (MWTI) C:\Windows\system32\ZIPDLL.DLL
2015-02-04 17:26 - 2010-01-14 23:53 - 00132104 _____ (MWTI) C:\Windows\system32\UNZDLL.DLL
2015-02-04 17:26 - 2009-07-22 22:39 - 00013056 _____ (Microsoft Corporation) C:\Windows\sporder.exe
2015-02-04 17:26 - 2009-07-15 19:08 - 00013840 _____ (Microsoft Corporation) C:\Windows\system32\sporder.dll
2015-02-04 17:26 - 2009-07-15 19:08 - 00013840 _____ (Microsoft Corporation) C:\Windows\sporder.dll
2015-02-04 17:26 - 2009-07-14 22:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-04 17:01 - 2015-02-04 17:01 - 00013337 _____ () C:\Users\PC-100\Desktop\cmd - Shortcut.lnk
2015-02-04 16:57 - 2015-02-04 17:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 16:56 - 2015-02-04 16:56 - 00262926 _____ () C:\Windows\msxml4-KB2758694-chs.LOG
2015-02-04 16:21 - 2015-02-04 16:21 - 00160640 _____ () C:\Windows\Minidump\020415-19593-01.dmp
2015-02-04 14:35 - 2015-02-04 14:35 - 00131120 _____ () C:\Windows\Minidump\020415-47985-01.dmp
2015-02-04 14:34 - 2015-02-04 14:39 - 03820336 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-04 13:29 - 2015-02-04 14:48 - 00119664 _____ () C:\Users\PC-100\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-04 12:32 - 2015-02-03 13:12 - 00099912 _____ (360.cn) C:\Windows\system32\Drivers\DsArk.sys
2015-02-04 12:10 - 2015-02-04 17:49 - 00125857 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 11:41 - 2015-02-04 17:37 - 00000859 _____ () C:\Windows\setupact.log
2015-02-04 11:41 - 2015-02-04 11:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-04 11:40 - 2015-02-04 17:37 - 00007254 _____ () C:\Windows\PFRO.log
2015-02-04 11:32 - 2015-02-04 11:32 - 00000419 _____ () C:\Users\PC-100\Desktop\Avira Rescue System vom USB-Stick starten.website
2015-02-04 10:55 - 2015-02-04 10:55 - 00000185 _____ () C:\Windows\CPERROR.LOG
2015-02-04 10:53 - 2015-02-04 10:53 - 00000079 _____ () C:\Windows\wininit.ini
2015-02-04 10:52 - 2015-02-04 17:45 - 00001532 _____ () C:\Windows\general.log
2015-02-04 10:47 - 2015-02-04 10:47 - 00000064 _____ () C:\Windows\QMNetworkMgr.ini
2015-02-04 10:40 - 2015-02-04 14:58 - 00000000 __SHD () C:\$360Section
2015-02-04 10:03 - 2015-02-04 10:03 - 00000000 ____D () C:\Program Files\Common Files\Tencent
2015-02-04 10:01 - 2015-02-04 11:01 - 00000810 _____ () C:\Users\PC-100\Desktop\Anbieter von Sicherheitssoftware für Heimanwender - Microsoft Windows.website
2015-02-04 10:01 - 2015-02-04 10:01 - 00000000 ____D () C:\Windows\Tasks\360Disabled
2015-02-04 09:59 - 2015-02-04 17:06 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\360safe
2015-02-04 09:59 - 2015-02-04 12:56 - 00000000 _RSHD () C:\360SANDBOX
2015-02-04 09:59 - 2015-02-04 10:42 - 00001113 _____ () C:\Users\Public\Desktop\360 Total Security.lnk
2015-02-04 09:59 - 2015-02-04 10:26 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\Tencent
2015-02-04 09:59 - 2015-02-03 13:12 - 00202312 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys
2015-02-04 09:59 - 2015-02-03 13:12 - 00174536 _____ (360安全中心) C:\Windows\system32\Drivers\360SelfProtection.sys
2015-02-04 09:59 - 2015-02-03 13:12 - 00088136 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker.sys
2015-02-04 09:59 - 2015-02-03 13:12 - 00045896 _____ (360.cn) C:\Windows\system32\Drivers\qutmipc.sys
2015-02-04 09:59 - 2015-02-03 13:12 - 00034888 _____ (360.cn) C:\Windows\system32\Drivers\360Camera.sys
2015-02-04 09:58 - 2015-02-03 13:12 - 00257352 _____ (360.cn) C:\Windows\system32\Drivers\qutmdrv.sys
2015-02-04 09:58 - 2015-02-03 13:12 - 00169040 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\BAPIDRV.SYS
2015-02-04 09:58 - 2015-02-03 13:12 - 00065608 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-02-04 09:58 - 2015-02-03 13:12 - 00058440 _____ (360安全中心) C:\Windows\system32\Drivers\hookport.sys
2015-02-04 09:58 - 2015-02-03 13:12 - 00023752 _____ (360安全中心) C:\Windows\system32\Drivers\efimon.sys
2015-02-04 09:56 - 2015-02-04 09:56 - 00000000 ____D () C:\Program Files\360
2015-02-04 09:55 - 2015-02-04 09:56 - 00000000 ____D () C:\Users\PC-100\Documents\MYCommunicator
2015-02-04 09:55 - 2015-02-04 09:55 - 00000000 ____D () C:\Program Files\Common Files\MYSecurityCenter
2015-02-04 09:42 - 2015-02-04 09:42 - 00000000 ____D () C:\Users\PC-100\AppData\Local\GHISLER
2015-02-04 09:19 - 2015-02-04 09:19 - 00000020 ___SH () C:\Users\PC-100\ntuser.ini
2015-02-04 01:37 - 2011-06-21 11:24 - 00032768 _____ () C:\Windows\system32\Drivers\sp_rsdrv2.sys
2015-02-04 01:24 - 2015-02-04 01:24 - 00000000 _____ () C:\autoexec.bat
2015-02-04 01:18 - 2015-02-04 01:18 - 00000000 __SHD () C:\Users\PC-100\AppData\Local\EmieUserList
2015-02-04 01:18 - 2015-02-04 01:18 - 00000000 __SHD () C:\Users\PC-100\AppData\Local\EmieSiteList
2015-02-04 01:18 - 2015-02-04 01:18 - 00000000 __SHD () C:\Users\PC-100\AppData\Local\EmieBrowserModeList
2015-02-04 00:54 - 2015-02-04 00:54 - 00000000 ____D () C:\Program Files\Common Files\Services
2015-02-03 22:35 - 2015-02-04 16:29 - 00000000 ____D () C:\Users\PC-100\AppData\Local\Adobe
2015-02-03 22:09 - 2015-02-03 22:09 - 00000000 ____D () C:\Users\PC-100\AppData\Local\Windows Live Writer
2015-02-03 21:17 - 2015-02-03 21:17 - 01182220 _____ () C:\Windows\system32\CFG3626637921
2015-02-03 20:01 - 2015-02-03 20:01 - 00000000 ____D () C:\Users\PC-100\Documents\ProcAlyzer Dumps
2015-02-03 18:19 - 2015-02-03 18:19 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-02-03 18:17 - 2015-02-03 18:17 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\QuickScan
2015-02-03 17:31 - 2015-02-04 12:39 - 00000000 ____D () C:\Users\PC-100\AppData\Local\Deployment
2015-02-03 16:35 - 2015-02-03 21:13 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
2015-01-29 08:41 - 2015-02-01 22:38 - 00000132 _____ () C:\Windows\PatDetectD.INI
2015-01-28 21:33 - 2015-02-02 00:11 - 00000131 _____ () C:\Windows\PatDetect.INI
2015-01-26 12:12 - 2015-02-04 12:15 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\picolay
2015-01-26 12:12 - 2015-02-03 21:14 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\data
2015-01-26 01:07 - 2015-01-26 01:07 - 00000000 ____D () C:\Program Files\Microsoft Visual SourceSafe Upgrade
2015-01-26 00:53 - 2015-01-26 00:54 - 00000000 ____D () C:\Program Files\Microsoft Team Foundation Server 12.0
2015-01-25 20:27 - 2015-01-25 20:28 - 00009885 _____ () C:\Users\PC-100\Documents\Uninstall STAR WARS The Old Republic.log
2015-01-25 13:18 - 2015-01-25 13:19 - 00013748 _____ () C:\Users\PC-100\Documents\Install STAR WARS The Old Republic.log
2015-01-25 04:42 - 2015-01-25 04:42 - 00000251 _____ () C:\PSPUD.FLT
2015-01-22 10:53 - 2015-01-22 10:53 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\NVIDIA
2015-01-22 08:41 - 2015-01-22 08:41 - 00003352 ____N () C:\bootsqm.dat
2015-01-22 04:38 - 2015-01-22 04:38 - 00000000 ____D () C:\Users\PC-100\AppData\Local\NVIDIA
2015-01-22 02:55 - 2015-01-23 23:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-22 02:54 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-22 02:54 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-22 02:54 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-22 02:54 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-22 02:54 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-22 02:54 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-22 02:40 - 2014-08-19 22:16 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-01-22 02:40 - 2014-07-02 20:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-22 02:40 - 2014-07-02 20:42 - 03063256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-01-22 02:40 - 2014-07-02 20:42 - 02556360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-22 02:40 - 2014-07-02 20:42 - 00670552 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-22 02:40 - 2014-07-02 20:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-22 02:40 - 2014-07-02 20:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-22 02:40 - 2014-07-02 06:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-18 15:59 - 2001-11-08 01:27 - 00237568 _____ () C:\Windows\system32\glut32.dll
2015-01-18 15:58 - 1998-08-18 16:25 - 00169984 ____R () C:\Windows\system32\glut.dll
2015-01-12 18:52 - 2015-02-04 16:56 - 00000000 ____D () C:\Users\PC-100\Documents\MyProject
2015-01-12 00:01 - 2015-01-25 13:30 - 00000000 ____D () C:\Program Files\Star Trek Online_de
2015-01-11 23:54 - 2015-01-19 03:06 - 00000000 ____D () C:\Program Files\Arc
2015-01-11 23:54 - 2015-01-11 23:59 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\Arc
2015-01-11 23:54 - 2015-01-11 23:54 - 00000000 ____D () C:\Users\Public\Documents\Arc
2015-01-11 17:15 - 2015-01-11 17:15 - 00000000 ___RD () C:\Users\PC-100\Virtual Machines
2015-01-09 01:10 - 2015-01-09 01:10 - 00000011 ____R () C:\Windows\amunres.lsl
2015-01-05 17:10 - 2015-01-05 17:10 - 00001409 _____ () C:\Windows\nisystem.fot
2015-01-05 17:10 - 2015-01-05 17:10 - 00001409 _____ () C:\Windows\ni7seg.fot

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 17:57 - 2014-09-13 09:20 - 00000000 ____D () C:\TMP
2015-02-04 17:50 - 2014-03-14 04:00 - 00004351 _____ () C:\Windows\WINCMD.INI
2015-02-04 17:50 - 2009-07-14 03:04 - 00000716 _____ () C:\Windows\win.ini
2015-02-04 17:46 - 2014-03-14 03:47 - 00855020 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 17:44 - 2009-07-14 05:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 17:44 - 2009-07-14 05:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 17:41 - 2014-03-14 03:42 - 00000000 ____D () C:\Users\PC-100
2015-02-04 17:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 16:57 - 2014-03-14 18:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 16:57 - 2014-03-14 18:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 16:56 - 2014-03-16 03:54 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-02-04 16:47 - 2014-03-18 14:28 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-04 16:29 - 2014-03-15 16:34 - 00009852 _____ () C:\Windows\UEDIT32.INI
2015-02-04 16:21 - 2014-03-16 16:58 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 15:45 - 2014-11-29 14:37 - 00000000 ____D () C:\Users\PC-100\AppData\Local\CrashDumps
2015-02-04 15:29 - 2014-08-09 09:07 - 00000000 ____D () C:\Users\PC-100\AppData\Local\FirestormOS
2015-02-04 15:29 - 2014-08-09 09:03 - 00000000 ____D () C:\Program Files\FirestormOS-Release
2015-02-04 14:17 - 2012-01-05 14:39 - 00000000 ____D () C:\Temp
2015-02-04 14:16 - 2012-01-05 14:39 - 00000000 ____D () C:\Tools
2015-02-04 14:12 - 2014-03-14 15:24 - 00000000 ____D () C:\Program Files\ASUS
2015-02-04 10:28 - 2014-07-11 23:52 - 00000000 ____D () C:\Program Files\Steam
2015-02-04 10:28 - 2014-06-23 05:54 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\FileZilla
2015-02-04 10:28 - 2014-03-14 17:26 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\TeamViewer
2015-02-04 10:27 - 2014-07-09 19:15 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\vlc
2015-02-04 10:27 - 2014-03-14 20:15 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\Skype
2015-02-04 10:21 - 2014-03-14 11:55 - 00000000 ____D () C:\Windows\Panther
2015-02-04 09:16 - 2014-03-14 16:39 - 00000000 ____D () C:\Users\PC-100\Documents\Visual Studio 2013
2015-02-04 01:16 - 2014-08-18 06:12 - 00000000 ____D () C:\Users\PC-100\AppData\Local\Downloaded Installations
2015-02-03 22:57 - 2009-07-14 05:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-03 22:38 - 2012-01-07 16:04 - 00000000 ___RD () C:\Program Files\Skype
2015-02-03 21:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-03 21:14 - 2014-12-25 13:02 - 00000000 ____D () C:\Program Files\IrfanView
2015-02-03 21:14 - 2014-07-13 06:33 - 00000000 ____D () C:\Program Files\Common Files\FlashIntegro
2015-02-03 21:14 - 2014-06-20 07:10 - 00000000 ____D () C:\Users\PC-100\AppData\Local\Apps\2.0
2015-02-03 21:14 - 2014-04-02 15:33 - 00000000 ____D () C:\Users\PC-100\AppData\Local\Mozilla
2015-02-03 21:14 - 2012-07-01 10:27 - 00000000 ____D () C:\Public
2015-02-03 21:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 21:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-03 21:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-31 23:34 - 2014-06-19 23:28 - 00000000 ____D () C:\Users\PC-100\AppData\Local\ArmA 2 OA
2015-01-31 23:34 - 2014-03-14 21:46 - 00000000 ____D () C:\Program Files\Common Files\BattlEye
2015-01-28 22:36 - 2014-03-14 18:20 - 00000000 ____D () C:\Program Files\Google
2015-01-28 22:28 - 2014-03-14 04:01 - 00000837 _____ () C:\Windows\wcx_ftp.ini
2015-01-28 17:59 - 2014-12-12 05:54 - 00007630 _____ () C:\Users\PC-100\AppData\Local\Resmon.ResmonCfg
2015-01-28 06:24 - 2014-03-14 16:34 - 00000000 ____D () C:\Users\PC-100\Documents\Bandicam
2015-01-26 08:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-25 20:28 - 2014-03-20 00:51 - 00000000 ____D () C:\Program Files\Common Files\BioWare
2015-01-22 04:27 - 2009-07-14 03:03 - 18612224 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2015-01-22 04:27 - 2009-07-14 03:03 - 128188416 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2015-01-22 04:27 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2015-01-22 04:18 - 2009-07-14 03:03 - 06815744 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2015-01-22 04:18 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2015-01-22 04:02 - 2014-03-14 16:37 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zeta Producer 11
2015-01-22 03:02 - 2014-03-14 04:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-22 02:57 - 2014-03-14 04:27 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-22 02:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2015-01-21 13:14 - 2014-03-14 20:11 - 00000000 ____D () C:\Users\PC-100\Documents\3dsMax
2015-01-17 18:00 - 2014-05-29 00:59 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\Firestorm
2015-01-17 16:54 - 2014-06-27 06:03 - 00000000 ____D () C:\Users\PC-100\AppData\Roaming\ISCapture
2015-01-17 06:24 - 2009-07-14 03:04 - 00017582 _____ () C:\Windows\system32\Drivers\etc\services
2015-01-17 05:50 - 2014-03-14 20:09 - 00000000 ____D () C:\Program Files\Autodesk
2015-01-11 23:54 - 2014-03-14 03:47 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-08 15:22 - 2014-03-14 20:55 - 00000000 ____D () C:\Users\PC-100\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2003-05-12 09:33 - 2003-05-12 09:33 - 0000013 _____ () C:\Program Files\Common Files\wins32771965.bin
2014-12-12 05:54 - 2015-01-28 17:59 - 0007630 _____ () C:\Users\PC-100\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\PC-100\AppData\Local\Temp\avpM.exe
C:\Users\PC-100\AppData\Local\Temp\AvpmApp.exe
C:\Users\PC-100\AppData\Local\Temp\avpmhook.dll
C:\Users\PC-100\AppData\Local\Temp\BayesDll.dll
C:\Users\PC-100\AppData\Local\Temp\bdfltlib.dll
C:\Users\PC-100\AppData\Local\Temp\CleanDB.exe
C:\Users\PC-100\AppData\Local\Temp\Cleanup.exe
C:\Users\PC-100\AppData\Local\Temp\ConsCtl.exe
C:\Users\PC-100\AppData\Local\Temp\ConsCtlX.exe
C:\Users\PC-100\AppData\Local\Temp\contf64.dll
C:\Users\PC-100\AppData\Local\Temp\contfilt.dll
C:\Users\PC-100\AppData\Local\Temp\CREADLL.dll
C:\Users\PC-100\AppData\Local\Temp\dnslib.dll
C:\Users\PC-100\AppData\Local\Temp\encdec.dll
C:\Users\PC-100\AppData\Local\Temp\escanipc.exe
C:\Users\PC-100\AppData\Local\Temp\escanmon10.exe
C:\Users\PC-100\AppData\Local\Temp\eScanS64.dll
C:\Users\PC-100\AppData\Local\Temp\eScanShx.dll
C:\Users\PC-100\AppData\Local\Temp\eslogon.dll
C:\Users\PC-100\AppData\Local\Temp\esupd.exe
C:\Users\PC-100\AppData\Local\Temp\Exch2000.dll
C:\Users\PC-100\AppData\Local\Temp\FSSync.dll
C:\Users\PC-100\AppData\Local\Temp\Getvlist.exe
C:\Users\PC-100\AppData\Local\Temp\ikave.dll
C:\Users\PC-100\AppData\Local\Temp\initoreg.exe
C:\Users\PC-100\AppData\Local\Temp\Inst_TSP.EXE
C:\Users\PC-100\AppData\Local\Temp\inst_tspx.exe
C:\Users\PC-100\AppData\Local\Temp\IpcSrvr.dll
C:\Users\PC-100\AppData\Local\Temp\kave.dll
C:\Users\PC-100\AppData\Local\Temp\kavssd.dll
C:\Users\PC-100\AppData\Local\Temp\KILLPROC.exe
C:\Users\PC-100\AppData\Local\Temp\LAUNCH.exe
C:\Users\PC-100\AppData\Local\Temp\libeay32.dll
C:\Users\PC-100\AppData\Local\Temp\MADO_Conn.dll
C:\Users\PC-100\AppData\Local\Temp\mailadm.exe
C:\Users\PC-100\AppData\Local\Temp\MAILDISP.exe
C:\Users\PC-100\AppData\Local\Temp\MAILREMV.exe
C:\Users\PC-100\AppData\Local\Temp\MAILSCAN.exe
C:\Users\PC-100\AppData\Local\Temp\main.dll
C:\Users\PC-100\AppData\Local\Temp\MonInter.dll
C:\Users\PC-100\AppData\Local\Temp\MReader.exe
C:\Users\PC-100\AppData\Local\Temp\msvclnt.dll
C:\Users\PC-100\AppData\Local\Temp\msvcr71.dll
C:\Users\PC-100\AppData\Local\Temp\msvl64.dll
C:\Users\PC-100\AppData\Local\Temp\MWISO.dll
C:\Users\PC-100\AppData\Local\Temp\mwnsp.dll
C:\Users\PC-100\AppData\Local\Temp\mwnsp64.dll
C:\Users\PC-100\AppData\Local\Temp\mwtsp.dll
C:\Users\PC-100\AppData\Local\Temp\mwtsp64.dll
C:\Users\PC-100\AppData\Local\Temp\prLoader.dll
C:\Users\PC-100\AppData\Local\Temp\Reload.exe
C:\Users\PC-100\AppData\Local\Temp\rp.exe
C:\Users\PC-100\AppData\Local\Temp\RunFile.exe
C:\Users\PC-100\AppData\Local\Temp\sc.exe
C:\Users\PC-100\AppData\Local\Temp\scan.dll
C:\Users\PC-100\AppData\Local\Temp\ScanningProcess.exe
C:\Users\PC-100\AppData\Local\Temp\SCANREMV.exe
C:\Users\PC-100\AppData\Local\Temp\setpriv.exe
C:\Users\PC-100\AppData\Local\Temp\smtp.exe
C:\Users\PC-100\AppData\Local\Temp\smtpsend.exe
C:\Users\PC-100\AppData\Local\Temp\spooler.exe
C:\Users\PC-100\AppData\Local\Temp\ssleay32.dll
C:\Users\PC-100\AppData\Local\Temp\test2.exe
C:\Users\PC-100\AppData\Local\Temp\Traycser.exe
C:\Users\PC-100\AppData\Local\Temp\TRAYESER.exe
C:\Users\PC-100\AppData\Local\Temp\TRAYSSER.EXE
C:\Users\PC-100\AppData\Local\Temp\tvqsapp.exe
C:\Users\PC-100\AppData\Local\Temp\unrar.dll
C:\Users\PC-100\AppData\Local\Temp\URLFilt.dll
C:\Users\PC-100\AppData\Local\Temp\USBDLL.dll
C:\Users\PC-100\AppData\Local\Temp\USBDLLX.dll
C:\Users\PC-100\AppData\Local\Temp\wgwin.exe
C:\Users\PC-100\AppData\Local\Temp\Wreport.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-28 23:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---





SECOND



FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-02-2015
Ran by PC-100 at 2015-02-04 17:58:21
Running from C:\TMP
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Tools for .Net 3.5 (Version: 3.11.50727 - Microsoft Corporation) Hidden
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
360 Total Security (HKLM\...\360TotalSecurity) (Version: 6.0.0.1131 - 360 Security Center)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Application Insights Tools for Visual Studio 2013 (Version: 2.4 - Microsoft Corporation) Hidden
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM\...\Steam App 219540) (Version:  - )
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Asterisk Key 10.0 (HKLM\...\asterisk key) (Version:  - )
Autodesk 3ds Max 2013 32-bit (HKLM\...\Autodesk 3ds Max 2013 32-bit) (Version: 15.6.164.0 - Autodesk)
Autodesk 3ds Max 2013 32-bit (Version: 15.6.164.0 - Autodesk) Hidden
Autodesk 3ds Max 2013 32-bit Product Update 6 (HKLM\...\Autodesk 3ds Max 2013 32-bit SP6) (Version: 15.6.164.0 - Autodesk)
Autodesk Backburner 2013.0.0 (HKLM\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk DirectConnect 2013 32-bit (HKLM\...\Autodesk DirectConnect 2013 32-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 32-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Essential Skills Movies for 3ds Max 2013 32-bit (HKLM\...\{5061ACBA-7A0A-42FE-93FF-403B2099D200}) (Version: 1.0.0.1 - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max 2013) (Version:  - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2013 32-bit (HKLM\...\{696BB53C-28E6-1632-974E-D42FFF5B8E04}) (Version: 15.0 - Autodesk)
Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 32-bit (HKLM\...\{06E18300-BB64-1632-8E6A-2593FC67BB74}) (Version: 1.0.0.1 - Autodesk)
AVT FirePackage (HKLM\...\{AD7105A3-9B75-4B96-9C1A-E992D1A001BA}) (Version: 3.1.0 - Allied Vision Technologies GmbH)
AzureTools.Notifications (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Bandicam (HKLM\...\Bandicam) (Version: 1.9.4.505 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandisoft.com)
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
Behaviors SDK (Windows Phone) for Visual Studio 2013 (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - x86 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon MF3200 Serie (HKLM\...\{269DBC9C-CAFC-472d-B1F1-0D327C2FFA76}) (Version:  - )
CMEX-1300x Twain (HKLM\...\CMEX-1300x Twain1.0) (Version: 1.0 - Euromex)
CMU 1394 Digital Camera Driver (HKLM\...\CMU 1394 Digital Camera Driver) (Version: 6.4.6.200 - Carnegie Mellon University)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (Version: 11.1.3442.2 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (Version: 11.1.3442.2 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (Version: 11.1.3442.2 - Microsoft Corporation) Hidden
Composite 2013 (HKLM\...\{92203FA0-7C43-429F-857C-0AE197D8199C}) (Version: 8.0.0 - Autodesk)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ Commander (HKLM\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dotfuscator and Analytics Community Edition (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Euromex Camera Directshow and Twain Plug-in Version 3.5 (HKLM\...\{7C9AAF57-3B51-4EE3-9970-BF07E220F303}_is1) (Version:  - Euromex Microscopes Holland)
Euromex CMEX-1300x and CMEX-5000 Version 1.0 (HKLM\...\{CBFDEBDC-D6DB-4EAC-B45B-1E9E9CAAF2DC}_is1) (Version:  - )
FileZilla Client 3.8.1 (HKLM\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
FirestormOS-Release (remove only) (HKLM\...\FirestormOS-Release) (Version: 4.6.7.42398 - The Phoenix Firestorm Project, Inc.)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Fritz 12 (HKLM\...\{4F4182DA-3D58-41E3-913D-480F8DA5C863}) (Version: 12.0.0 - ChessBase)
Fritz 12 (Version: 12.0.0 - ChessBase) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDSDR 2.70 (HKLM\...\{DB200CBD-9E3E-4C72-B711-B46D6817BC51}_is1) (Version:  - DG0JBJ)
IDA Pro Free v5.0 (HKLM\...\IDA Pro Free_is1) (Version:  - Hex-Rays SA)
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
ImageFocus v3.0.0.1 Build B11 (HKLM\...\{EF2F0F77-1ECB-4DC8-8CC7-1D7DD3B805CA}) (Version: 3.0.0.1 - Euromex microscopen bv)
Image-Pro Plus (HKLM\...\InstallShield_{19EC8B55-481F-442F-B214-5B60D8FB264D}) (Version: 6.00.0000 - Media Cybernetics, Inc.)
Image-Pro Plus (Version: 6.00.0000 - Media Cybernetics, Inc.) Hidden
InstallShield 2013 Limited Edition (HKLM\...\{6781C524-2DA2-4182-908C-8B204E0DD47C}) (Version: 20.00.0000 - Flexera Software LLC)
Internet Camera (HKLM\...\{305C55E5-5AE0-40DF-BF4E-2E8901FD2454}) (Version: 1.00.000 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
ISCapture 3.7.7 (HKLM\...\{236CB285-D601-45D0-A9E8-501D1DDAF540}_is1) (Version:  - Tucsen)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kit SDK de vérification de Visual Studio*2012 - fra (Version: 12.0.30501 - Microsoft Corporation) Hidden
Kits Configuration Installer (Version: 8.100.26638 - Microsoft) Hidden
K-Lite Mega Codec Pack 10.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
LocalESPC (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (Version: 8.100.25984 - Microsoft) Hidden
Memory Profiler (Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Developer Tools for Visual Studio 2013 - November 2014 Update (HKLM\...\{ac415136-ae46-4301-b23e-6559062bfa7b}) (Version: 12.0.31105.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (HKLM\...\{903B0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{FE939060-416C-4ECD-890E-13776E2707C4}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E7654811-38F9-4225-9688-827FDA716582}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{4A1DEB7A-341B-453E-A3AF-7EA9902F9711}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{E9C3861A-B0E6-4A1A-983B-E1938C01224A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41025.0) (HKLM\...\{6793668D-6A81-4DCC-8034-ACF44E84B1D0}) (Version: 12.0.41025.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools 2013 (HKLM\...\{2768bca6-2ff2-4cb2-b6fc-654f7b5d6af0}) (Version: 12.0.41025.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Team Foundation Server Express 2013 Update 4 (HKLM\...\{854f2238-3dbe-4517-9630-a260f590c2c2}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM\...\{8c13edfc-064c-4ba0-91cd-5b04248be882}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{D58573E7-F82D-41E4-B10B-3041202A51D2}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Module Microsoft Report Viewer pour Visual Studio*2013 (Version: 11.1.3442.2 - Microsoft Corporation) Hidden
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (Version: 2.5.5631 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PICOLAY  2014-10-12 (HKLM\...\{DDD22E1E-09FB-4754-9916-F3BF22B0670C}) (Version:  - Heribert Cypionka)
Power Sound Editor Free v8.5.4 (HKLM\...\Power Sound Editor Free_is1) (Version:  - Copyright(C) 2005-2014 PowerSE, Inc.)
PowreShellIntegration.Notifications (Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PremiumSoft Navicat 8.2 for MySQL (HKLM\...\PremiumSoft Navicat 8.2 for MySQL_is1) (Version:  - PremiumSoft CyberTech Ltd.)
Prerequisites for SSDT  (HKLM\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (Version: 1.3 - Microsoft Corporation) Hidden
RealSpeak Solo fur Deutsch - Steffi (HKLM\...\{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}) (Version: 4.00.0000 - ScanSoft)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
Release Management for Visual Studio 2013 (Version: 1.0 - Microsoft Corporation) Hidden
SDK ARM Additions (Version: 8.100.26638 - Microsoft Corporation) Hidden
SDK ARM Additions EULA (Version: 8.100.26638 - Microsoft Corporations) Hidden
SDK ARM Redistributables (Version: 8.100.26638 - Microsoft Corporation) Hidden
SDK de comprobación de Visual Studio 2012 - esn (Version: 12.0.30501 - Microsoft Corporation) Hidden
SDK Debuggers ARM (Version: 8.100.26638 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95150003-1163-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1002 - Microsoft Corporation)
SharePoint Client Components (HKLM\...\{95160002-1163-0409-0000-0000000FF1CE}) (Version: 16.0.3104.1200 - Microsoft Corporation)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
TSView 7.3.1.7 (HKLM\...\{886318EB-D40C-4A0F-A689-B3A9E07D6994}_is1) (Version:  - Tucsen)
Tucsen Camera (H Series) Directshow and Twain Plug-in Version 1.0 (HKLM\...\{5591CF60-D4C4-48D6-AFD5-7CF442D04AFB}_is1) (Version:  - Tucsen)
Tucsen Camera Driver (H Series) Version 4.0 (HKLM\...\{8737D01D-44F9-4A2F-9FDF-4844E76BD802}_is1) (Version:  - Tucsen)
Tucsen Driver Version 2.0 (HKLM\...\{189D9E5F-05C4-40D6-B51F-3F6B1CC5DD3B}_is1) (Version:  - Tucsen)
TypeScript Power Tool (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (Version: 1.0.5.0 - Microsoft Corporation) Hidden
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.1 - uvnc bvba)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual C++ MFC MBCS Library for Visual Studio 2013 (HKLM\...\{91501789-1ec3-422d-9043-b1065a88d603}) (Version: 12.0.21005.1 - Microsoft Corporation)
Visual SourceSafe Upgrade to Visual Studio Team Foundation Server (HKLM\...\{4f57faef-1501-47e0-b8ff-856af4d6277d}) (Version: 11.0.60315.1 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VS Update core components (Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Kit for Windows 8.1 (HKLM\...\{da762e25-7812-4a12-871c-93574078d85a}) (Version: 8.100.26638 - Microsoft Corporation)
Windows Driver Package - %Tucsen% (TUCSEN) Image  (12/05/2012 2.0.0.0) (HKLM\...\FF4A0352B1B3E837145093020825A75B8DBDBF20) (Version: 12/05/2012 2.0.0.0 - %Tucsen%)
Windows Driver Package - %Tucsen% (TucsenH) Image  (02/21/2014 2.0.0.0) (HKLM\...\4F49E697D51DD87FD1A9DB3E0A098BADF1577979) (Version: 02/21/2014 2.0.0.0 - %Tucsen%)
Windows Driver Package - Carl Zeiss Microscopy GmbH (tvmcam) Image  (10/06/2010 8.2.0.0) (HKLM\...\B8D098E79A64AB4C236E7AC30C34EF0F01BFC497) (Version: 10/06/2010 8.2.0.0 - Carl Zeiss Microscopy GmbH)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Winprint HylaFAX (HKLM\...\{769252B2-FF9A-4006-A986-F1DB0E29A638}) (Version: 1.2 - Michael Stowe)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
ZEN 2012 SP2 x86 (HKLM\...\{D0239DDA-C7AF-40EC-9458-1CB0099C4410}) (Version: 1.1.0001 - Carl Zeiss Microscopy GmbH)
Zeta Producer 11 11.4.2 (remove only) (HKU\S-1-5-21-2056609738-4234774501-2886495833-1000\...\ZetaProducer11) (Version: 11.4.2 - Zeta Software GmbH)
Надстройка Microsoft Report Viewer для Visual Studio 2013 (Version: 11.1.3442.2 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (Version: 12.0.30501 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (Version: 11.1.3442.2 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{011AC7E4-9A27-386E-A424-A7AF794F6C9F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{02862C1C-C761-3BF8-B11A-946DB0C5AA7D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{394E0F7F-1EAB-39C7-B855-88FB8AC5C0E3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{3AE968A8-18BA-350D-A974-B0728A4BD541}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{3CF03EE1-E8A8-3B9F-9045-590C7B0E8351}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{41FCE31B-96CD-35EF-AEBC-139E90DD9A3B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{5A82E80C-3334-3D4F-BEE6-CB0704D58EC7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{7A9C2658-67FF-4B62-991A-890572E191BB}\InprocServer32 -> C:\Program Files\Windows Kits\8.1\Debuggers\x86\xkdebug.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{921433FA-DEAF-4594-A196-8C3B94E41BEE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{B806418F-25F2-3619-83AC-31412C9A2311}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{CD4F467C-31DC-35B0-9F2D-0C8252DBBC15}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{D332CDDA-15C3-464A-864C-3365C0E577FA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{F2A18272-91C4-3067-8F88-401AD54807EB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{F913A0DF-BE31-4E54-92B4-896F8DC8E1B3}\InprocServer32 -> C:\Program Files\Windows Kits\8.1\Debuggers\x86\xkdebug.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{F91972FD-5A43-47C7-A0C5-6052DB26FAAC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2056609738-4234774501-2886495833-1000_Classes\CLSID\{FDF01632-DBB0-4E32-9427-32CE0C8ECB5E}\InprocServer32 -> C:\Program Files\Windows Kits\8.1\Debuggers\x86\xkdebug.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-02-2015 01:43:06 Spyware Terminator 2012 (04.02.2015 01:43:05)
04-02-2015 14:16:49 Installed Windows 7 USB/DVD Download Tool
04-02-2015 17:28:08 Device Driver Package Install: MicroWorld Technologies Inc. Network Service

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-04-24 02:09 - 00001028 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4BCE484C-3FE3-4B4B-8D2D-32C0293B4B3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2015-02-04 09:58 - 2015-02-03 13:12 - 00791152 _____ () C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
2015-01-22 04:35 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2008-03-21 13:56 - 2008-03-21 13:56 - 00166912 _____ () C:\Windows\System32\HylaPrintMon.dll
2010-12-02 03:15 - 2010-12-02 03:15 - 00915584 _____ () C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
2014-06-01 10:08 - 2014-06-01 10:08 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2015-02-04 09:58 - 2015-02-03 13:12 - 00426096 _____ () C:\Program Files\360\Total Security\MenuEx.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2011-09-14 23:19 - 2011-09-14 23:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
2003-07-11 01:09 - 2003-07-11 01:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00282304 _____ () C:\Program Files\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: CZCanSrv => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MTBService_2.2.0.6 => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => 
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart

========================= Accounts: ==========================

Administrator (S-1-5-21-2056609738-4234774501-2886495833-500 - Administrator - Disabled)
Guest (S-1-5-21-2056609738-4234774501-2886495833-501 - Limited - Disabled)
PC-100 (S-1-5-21-2056609738-4234774501-2886495833-1000 - Administrator - Enabled) => C:\Users\PC-100

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/04/2015 05:50:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MWAgent service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/04/2015 05:49:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The eScan Server-Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/04/2015 05:38:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
28481771
39451045
50877872
89277599

Error: (02/04/2015 05:37:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%2

Error: (02/04/2015 04:51:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/04/2015 04:46:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
28481771
39451045
50877872
89277599

Error: (02/04/2015 04:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%2

Error: (02/04/2015 04:40:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (02/04/2015 04:37:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (02/04/2015 04:36:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-04 17:48:14.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\MicroWorld\eScanBD\avcuf32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-04 17:36:45.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\MicroWorld\eScanBD\avcuf32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 970 Processor
Percentage of memory in use: 46%
Total physical RAM: 3199.1 MB
Available physical RAM: 1699.84 MB
Total Pagefile: 6396.48 MB
Available Pagefile: 4343.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.17 MB

==================== Drives ================================

Drive c: (HD) (Fixed) (Total:465.66 GB) (Free:205.05 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EA7FE7F4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---


Es ist scheinbar so, das windows selber verhindert mehrere Virendetectoren vorzuhalten, erst einen löschen dann kannst du auch den anderen installieren, das es keine Hinweisdialoge gibt war neu, nun nach 50 Stunden Virenscannen und suchen und entfernen wurde W10 Preview installiert, um die Sache abzurunden, das hat sich gelohnt !

Also PROBLEM ERLEDIGT W10 is running good installed via update on W7 nice nice
__________________

Alt 05.02.2015, 09:27   #4
schrauber
/// the machine
/// TB-Ausbilder
 

AntiVir Blocker - Standard

AntiVir Blocker



Win10 als Update? Auf ein laufendes Produktives System? Aud ein laufendes System auf dem laut Log ersichtlich Malware war?

Hut ab
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 10:12   #5
BruderTack
 
AntiVir Blocker - Standard

Angst



Hallo, aber selbst verständlich. Nach Sicherstellung das alle System relevanten
Teile konform in der Size sind, und alle Startverweise auf dubiose entfernt wurden, ist
ein System wieder wie neu. Ich Surfe im Internet seit den 90ziger Jahren stehst ohne Firewall und ohne Virendetektoren. Man merkt sehr schnell wenn etwas nicht stimmt, hat man
erst eine Symbiose mit einem System hergestellt.

Die meisten Viren sind von den Viren-entfernern selber hergestellt

Früher waren Viren auch richtig böse Zerstörer, son kleiner Botnetz Teilnehmer ist nun wirklich das kleinste Übel.

Interessant ist auch das die Viren bekämpfer genau die selben Eigenschaften vorweisen, sie übertragen Daten an die Urhaber sie starten früh über die registry, sie installieren services und machen exact das selbe wie ein Virus, es gibt quasi keinen Unterschied Ist das nicht interessant ?


Die wichtigsten Werkzeuge sind Sfc.exe / Netstat.exe und Regedit.exe

Dennoch freut man sich über Tools die helfen beim saubermachen.

Jo Windows 10 läuft , kann ich weiterempfehlen alle kernfunkrionen nebst VisualStudio 2013 arbeiten korrekt.

Grüße und Erfolg
K.


Alt 05.02.2015, 12:15   #6
schrauber
/// the machine
/// TB-Ausbilder
 

AntiVir Blocker - Standard

AntiVir Blocker



Zitat:
Hallo, aber selbst verständlich. Nach Sicherstellung das alle System relevanten
Teile konform in der Size sind, und alle Startverweise auf dubiose entfernt wurden, ist
ein System wieder wie neu. Ich Surfe im Internet seit den 90ziger Jahren stehst ohne Firewall und ohne Virendetektoren. Man merkt sehr schnell wenn etwas nicht stimmt, hat man
erst eine Symbiose mit einem System hergestellt.

Die meisten Viren sind von den Viren-entfernern selber hergestellt

Früher waren Viren auch richtig böse Zerstörer, son kleiner Botnetz Teilnehmer ist nun wirklich das kleinste Übel.

Interessant ist auch das die Viren bekämpfer genau die selben Eigenschaften vorweisen, sie übertragen Daten an die Urhaber sie starten früh über die registry, sie installieren services und machen exact das selbe wie ein Virus, es gibt quasi keinen Unterschied Ist das nicht interessant ?


Die wichtigsten Werkzeuge sind Sfc.exe / Netstat.exe und Regedit.exe
Sorry, ich hab aber selten so einen Quatsch gelesen.
__________________
--> AntiVir Blocker

Alt 05.02.2015, 12:27   #7
BruderTack
 
AntiVir Blocker - Standard

:)



Du weißt halt nicht wer es geschrieben hat, das ist der Grund deiner Ungläubigkeit, schade.

Alt 05.02.2015, 13:23   #8
schrauber
/// the machine
/// TB-Ausbilder
 

AntiVir Blocker - Standard

AntiVir Blocker



da ich wenig Lust habe so eine Diskussion schon wieder anzufangen, lassen wir es einfach mal so stehen. Is ja schön falls Du der erste von den 1000 Leuten mit gleichem Text bist, der auch wirklich das drauf hat was er da schreibt, bringt dich trotzdem nicht weiter, bei Befall sind deine Daten schon weg bevor Du auch nur Regedit geöffnet hast, aber ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.02.2015, 15:29   #9
TrojaHelper
/// Avira Support
 
AntiVir Blocker - Standard

AntiVir Blocker



Zitat:
Zitat von BruderTack Beitrag anzeigen
[...]
Die meisten Viren sind von den Viren-entfernern selber hergestellt

Früher waren Viren auch richtig böse Zerstörer, son kleiner Botnetz Teilnehmer ist nun wirklich das kleinste Übel.

Interessant ist auch das die Viren bekämpfer genau die selben Eigenschaften vorweisen, sie übertragen Daten an die Urhaber sie starten früh über die registry, sie installieren services und machen exact das selbe wie ein Virus, es gibt quasi keinen Unterschied Ist das nicht interessant ?
[...]
Grüße und Erfolg
K.
Hallo BruderTack,

dass Antivirenfirmen Viren selbst schreiben stammt aus dem Bereich der Mythen.

Egal welche Art von Malware den Computer befällt, ungefährlich ist dies keineswegs. Wenn Daten entwendet oder mit Lösegelderpressung verschlüsselt werden, der Computer für illegale Aktivitäten als Teil eines Botnetz missbraucht wird (und der Besitzer dann Post von der Staatsanwaltschaft oder Besuch von der Polizei zur Konfiszierung erhält), wird dann spätestens klar dass man einen digitalen Schutz benötigt. Weiteres Beispiel: Spionagesoftware ist auf eine unauffällige Arbeitsweise ausgelegt - kein Mensch kann diese manuell durch Analyse des Netzwerkverkehr und aller Lese- und Schreiboperationen auf der Festplatte / im Arbeitsspeicher in Echtzeit(!) aufspüren.

Es ist wichtig dass ein Virenschutz so früh wie möglich auf dem Computer zur Prävention aktiv wird - schafft es ein Rootkit vorher aktiv zu werden, kann es schon zu spät sein.
__________________
Working@Avira

Alt 09.02.2015, 17:19   #10
schrauber
/// the machine
/// TB-Ausbilder
 

AntiVir Blocker - Standard

AntiVir Blocker



Meine Rede, du kannst so mächtig unterwegs sein wie Du willst mit Regedit und Co. Findest Du die Malware mit Regedit, ist sie schon auf dem Rechner, und deine Kontodaten vielleicht gerade beim Versteigern für den Meistbietenden
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu AntiVir Blocker
abgesicherten, antivir, avira, avira u.a. geblockt, bli, datei, defender, funktionieren, gen, hallo zusammen, malware, modus, namen, prozesse, security, services, start, starten, stick, system, total, total security, ups, usb, usb stick, windows



Ähnliche Themen: AntiVir Blocker


  1. firefox31: pop-up-blocker
    Log-Analyse und Auswertung - 24.09.2014 (7)
  2. Pop ups trotz Pop up Blocker
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (6)
  3. Pop up trotz pop up Blocker
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (5)
  4. Chrome Javascript blocker
    Antiviren-, Firewall- und andere Schutzprogramme - 10.09.2013 (1)
  5. Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafz
    Log-Analyse und Auswertung - 19.08.2013 (4)
  6. TR/Ransom.Blocker.cafz
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (3)
  7. TR/Ransom.Blocker mein OTL-Log
    Log-Analyse und Auswertung - 29.07.2013 (15)
  8. Trojan/Win32.Blocker
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (3)
  9. Internetseiten Blocker
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (19)
  10. Windows Blocker 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (12)
  11. Windows 50 Euro blocker
    Log-Analyse und Auswertung - 11.02.2012 (1)
  12. Malware Defense,Antivir Blocker,Kaspersky Blocker
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (19)
  13. Malware Defense, Antivir Blocker, Kaspersky Blocker
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (2)
  14. Google.de Blocker
    Plagegeister aller Art und deren Bekämpfung - 28.09.2005 (22)
  15. Hardware Dialer-Blocker
    Plagegeister aller Art und deren Bekämpfung - 10.05.2005 (32)
  16. Ip Blocker
    Antiviren-, Firewall- und andere Schutzprogramme - 21.11.2004 (1)
  17. Dialer Blocker bei Conrad
    Plagegeister aller Art und deren Bekämpfung - 03.08.2003 (14)

Zum Thema AntiVir Blocker - Hallo zusammen, ich habe mir mir eine Verseuchung eingefangen, scheinbar über ein Codex und einen versauten Film. Nun bin ich nach 35J Softwareentwicklung einige sauerein gewohnt, und habe dann im - AntiVir Blocker...
Archiv
Du betrachtest: AntiVir Blocker auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.