OK. Hab ich gemacht. Nachfolgend das Fix Log, FRST Log und Addition
Ich wünsche ein frohes Weihnachtsfest!!!
Ist der Rechner nun sauber?
Liebe Grüße
Frank Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by FRANK H at 2014-12-24 16:40:42 Run:3
Running from C:\Users\FRANK H\Desktop\Trojaner etc
Loaded Profile: FRANK H (Available profiles: FRANK H & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {CCD56122-80F8-4F3D-BA52-5CF47A6C7235} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {F50D10E3-8870-4783-9998-8C1F4E85973F} - System32\Tasks\4679 => Wscript.exe C:\Users\Frank\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path
S4 Ksidowsraw; No ImagePath
Emptytemp:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCD56122-80F8-4F3D-BA52-5CF47A6C7235}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCD56122-80F8-4F3D-BA52-5CF47A6C7235}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F50D10E3-8870-4783-9998-8C1F4E85973F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F50D10E3-8870-4783-9998-8C1F4E85973F}" => Key deleted successfully.
C:\Windows\System32\Tasks\4679 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4679" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully.
Ksidowsraw => Service deleted successfully.
EmptyTemp: => Removed 239.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by FRANK H (administrator) on FRANK-LAPTOP on 24-12-2014 16:43:11
Running from C:\Users\FRANK H\Desktop\Trojaner etc
Loaded Profile: FRANK H (Available profiles: FRANK H & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AuviTran SARL) C:\Program Files (x86)\AuviTran\AVS-Monitor\AVS-Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Audinate Pty. Ltd.) C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Audinate Pty. Ltd.) C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3697939779-1139795273-3143350014-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3697939779-1139795273-3143350014-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3697939779-1139795273-3143350014-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 08 C:\Program Files (x86)\Audinate\Shared Files\mdnsNSP.dll [170800] (Audinate Pty. Ltd.)
Winsock: Catalog5-x64 08 C:\Program Files\Audinate\Shared Files\mdnsNSP.dll [179712] (Audinate Pty. Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-01-05] () [File not signed]
R2 AuviTranESoundService; C:\Program Files (x86)\AuviTran\AVS-Monitor\AVS-Service.exe [541032 2012-12-10] (AuviTran SARL)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 conmon; C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe [309064 2014-05-13] (Audinate Pty. Ltd.)
R2 DanteDiscovery; C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe [426800 2014-05-13] (Audinate Pty. Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R2 ESDriver; C:\Windows\System32\DRIVERS\ESDriver.sys [69120 2009-07-06] (Digigram)
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [64160 2009-07-13] (O2Micro )
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90928 2012-03-01] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [632752 2012-03-01] (Paragon)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [113960 2013-01-29] (Yamaha Corporation)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 11:57 - 2014-12-20 11:57 - 00119032 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-20 11:57 - 2014-12-20 11:57 - 00000000 ____D () C:\Users\Administrator\Documents\Bluetooth
2014-12-20 11:57 - 2014-12-20 11:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Toshiba
2014-12-20 11:56 - 2014-12-20 11:56 - 00001434 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-20 11:56 - 2014-12-20 11:56 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2013
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2013
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator
2014-12-20 11:56 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2014-12-20 11:56 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Wise Registry Cleaner
2014-12-20 11:56 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-12-20 11:56 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-12-20 11:56 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2014-12-20 11:56 - 2013-03-21 14:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-12-20 11:56 - 2012-12-31 11:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2014-12-20 11:56 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-20 11:56 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-19 14:21 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 14:21 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 19:54 - 2014-12-24 16:41 - 00000896 _____ () C:\Windows\setupact.log
2014-12-18 19:54 - 2014-12-18 19:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-17 22:22 - 2014-12-17 22:22 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-17 21:42 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-17 21:42 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-17 21:42 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-17 21:42 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-17 21:42 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-17 21:42 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-17 21:42 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-17 21:42 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-17 21:42 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-17 21:42 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-17 21:42 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-17 21:42 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-17 21:42 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-17 21:42 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-17 21:42 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-17 21:42 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-17 21:42 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-17 21:42 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-17 21:42 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-17 21:42 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-17 21:42 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-17 21:42 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-17 21:42 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-17 21:42 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-17 21:42 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-17 21:42 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-17 21:42 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-17 21:42 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-17 21:42 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-17 21:42 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-17 21:42 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-17 21:42 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-17 21:42 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-17 21:42 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-17 21:42 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-17 21:42 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-17 21:42 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-17 21:42 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-17 21:42 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-17 21:42 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-17 21:42 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-17 21:42 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-17 21:42 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-17 21:42 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-17 21:42 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-17 21:42 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-17 21:42 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-17 21:42 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-17 21:42 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-17 21:42 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-17 21:42 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-17 21:42 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-17 21:42 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-17 21:42 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-17 21:42 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-17 21:42 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-17 21:42 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-17 21:42 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-17 21:42 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-17 21:42 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-17 21:41 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-17 21:41 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-17 21:41 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-17 21:41 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-17 21:41 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-17 21:41 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-17 21:41 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-17 21:41 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-17 21:41 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-17 21:41 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-17 21:41 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-17 21:41 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-17 21:41 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-17 21:41 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-17 21:38 - 2014-12-17 21:38 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Macromedia
2014-12-17 19:48 - 2014-12-19 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-17 19:47 - 2014-12-17 19:47 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Apple Computer
2014-12-17 19:47 - 2014-10-01 14:57 - 00038400 _____ () C:\Users\FRANK H\Desktop\BBDBW Unterweisung Helfer.xls
2014-12-17 19:47 - 2014-09-03 20:18 - 00001796 _____ () C:\Users\FRANK H\Desktop\iTunes.lnk
2014-12-17 19:47 - 2014-06-19 11:46 - 00002144 _____ () C:\Users\FRANK H\Desktop\Dante Controller.lnk
2014-12-17 19:47 - 2014-06-08 15:11 - 00001171 _____ () C:\Users\FRANK H\Desktop\LGFCB_ContolCenter.lnk
2014-12-17 19:47 - 2013-01-05 18:27 - 00000482 _____ () C:\Users\FRANK H\Desktop\Adobe Photoshop CS.lnk
2014-12-17 19:47 - 2013-01-05 11:56 - 00000295 _____ () C:\Users\FRANK H\Desktop\AeroFly Professional Deluxe.lnk
2014-12-17 19:47 - 2012-11-02 11:05 - 00027648 _____ () C:\Users\FRANK H\Desktop\Prüfungen Stadthalle A3.xls
2014-12-17 19:45 - 2014-12-17 19:47 - 00000000 ____D () C:\Users\FRANK H\Desktop\Sonstiges
2014-12-17 19:45 - 2014-12-17 19:45 - 00000000 ___RD () C:\Users\FRANK H\Desktop\Pro Audio
2014-12-17 19:45 - 2014-03-06 12:47 - 00551364 _____ () C:\Users\FRANK H\Desktop\STADTHALLE 2014.CLF
2014-12-17 19:45 - 2013-05-05 22:00 - 00041984 _____ () C:\Users\FRANK H\Desktop\Stundenerfassung.xls
2014-12-17 19:10 - 2014-12-19 15:36 - 00000000 ____D () C:\Users\FRANK H\Outlook-Dateien
2014-12-17 18:34 - 2014-12-20 12:16 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Audacity
2014-12-17 18:32 - 2014-11-18 15:39 - 00016500 ___SH () C:\Users\FRANK H\Desktop\~WRL0290.tmp
2014-12-17 18:00 - 2014-12-17 18:00 - 00002076 _____ () C:\Users\FRANK H\Desktop\2015 BUCHHALTUNG - Verknüpfung.lnk
2014-12-17 18:00 - 2014-12-17 18:00 - 00001513 _____ () C:\Users\FRANK H\Desktop\DOKUMENTE - Verknüpfung.lnk
2014-12-17 17:59 - 2014-12-17 19:23 - 00001999 _____ () C:\Users\FRANK H\Desktop\2014 BUCHHALTUNG - Verknüpfung.lnk
2014-12-17 17:41 - 2014-12-17 19:20 - 00001047 _____ () C:\Users\FRANK H\Desktop\Frank's Büro - Verknüpfung.lnk
2014-12-17 17:22 - 2014-12-17 17:22 - 00119032 _____ () C:\Users\FRANK H\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-17 17:22 - 2014-12-17 17:22 - 00000000 ____D () C:\Users\FRANK H\Documents\Bluetooth
2014-12-17 17:21 - 2014-12-19 15:05 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Apple Computer
2014-12-17 17:21 - 2014-12-17 21:36 - 00000000 __SHD () C:\Users\FRANK H\AppData\Local\EmieUserList
2014-12-17 17:21 - 2014-12-17 21:36 - 00000000 __SHD () C:\Users\FRANK H\AppData\Local\EmieSiteList
2014-12-17 17:21 - 2014-12-17 21:36 - 00000000 __SHD () C:\Users\FRANK H\AppData\Local\EmieBrowserModeList
2014-12-17 17:21 - 2014-12-17 19:10 - 00000000 ____D () C:\Users\FRANK H
2014-12-17 17:21 - 2014-12-17 17:21 - 00001438 _____ () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-17 17:21 - 2014-12-17 17:21 - 00000020 ___SH () C:\Users\FRANK H\ntuser.ini
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Vorlagen
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Startmenü
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Netzwerkumgebung
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Lokale Einstellungen
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Eigene Dateien
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Druckumgebung
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Documents\Eigene Musik
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Documents\Eigene Bilder
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\AppData\Local\Verlauf
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\AppData\Local\Anwendungsdaten
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Anwendungsdaten
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\AVG2013
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\ATI
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Adobe
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Toshiba
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Avg2013
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\ATI
2014-12-17 17:21 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Apple
2014-12-17 17:21 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Wise Registry Cleaner
2014-12-17 17:21 - 2013-03-21 14:48 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Microsoft Help
2014-12-17 17:21 - 2012-12-31 11:55 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\TuneUp Software
2014-12-17 17:21 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-17 17:21 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-17 17:19 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple
2014-12-17 17:19 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple
2014-12-15 12:00 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Wise Registry Cleaner
2014-12-15 12:00 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Wise Registry Cleaner
2014-12-14 13:01 - 2014-12-14 13:01 - 00000000 ____D () C:\RegBackup
2014-12-14 12:41 - 2014-12-14 12:41 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-12 18:19 - 2014-12-12 18:19 - 00000000 ____D () C:\Windows\ERUNT
2014-12-12 18:12 - 2014-12-12 18:14 - 00000000 ____D () C:\AdwCleaner
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-12 17:38 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 17:38 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 17:38 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 17:38 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 17:38 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 17:38 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 17:38 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 17:38 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 17:38 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 17:38 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 18:09 - 2014-12-12 18:11 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-12-11 17:58 - 2014-12-11 18:04 - 00000000 ____D () C:\ComboFix
2014-12-11 17:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 17:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 17:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 17:57 - 2014-12-11 18:04 - 00000000 ____D () C:\Qoobox
2014-12-11 17:57 - 2014-12-11 18:03 - 00000000 ____D () C:\Windows\erdnt
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default\AppData\Local\EmieUserList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default\AppData\Local\EmieSiteList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default\AppData\Local\EmieBrowserModeList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default User\AppData\Local\EmieUserList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default User\AppData\Local\EmieSiteList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default User\AppData\Local\EmieBrowserModeList
2014-12-08 14:17 - 2014-12-24 16:43 - 00000000 ____D () C:\FRST
2014-12-01 21:52 - 2014-12-01 21:52 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-11-27 19:46 - 2014-11-27 19:46 - 00274432 _____ () C:\Windows\Minidump\112714-23462-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-24 16:42 - 2013-01-06 14:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 16:42 - 2013-01-05 13:20 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-24 16:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 16:40 - 2012-12-31 14:39 - 01170733 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 16:27 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 16:27 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 16:24 - 2011-04-12 08:43 - 00703214 _____ () C:\Windows\system32\perfh007.dat
2014-12-24 16:24 - 2011-04-12 08:43 - 00150822 _____ () C:\Windows\system32\perfc007.dat
2014-12-24 16:24 - 2009-07-14 06:13 - 01629372 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 15:57 - 2012-12-31 12:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-24 15:44 - 2013-01-06 14:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 15:01 - 2012-12-31 11:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-23 12:00 - 2012-12-31 13:20 - 00000466 _____ () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2014-12-20 13:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-20 11:56 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-19 15:44 - 2013-01-02 13:45 - 00000000 ____D () C:\Users\Frank\Documents\Outlook-Dateien
2014-12-19 14:36 - 2013-01-02 15:19 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-19 14:23 - 2014-02-16 15:35 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-17 22:22 - 2014-05-07 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-17 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-17 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-17 18:42 - 2012-12-31 11:44 - 00000000 ____D () C:\Users\Frank
2014-12-17 17:53 - 2013-09-12 15:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 17:52 - 2012-12-31 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-17 17:52 - 2012-10-11 00:16 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-17 17:37 - 2014-02-27 09:25 - 00079654 _____ () C:\Windows\PFRO.log
2014-12-17 17:09 - 2014-11-19 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-17 17:09 - 2014-06-08 14:20 - 00000000 ____D () C:\Users\TEMP
2014-12-17 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-12-17 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-17 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-12 18:57 - 2012-12-31 12:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 18:57 - 2012-12-31 12:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 18:57 - 2012-12-31 12:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 18:28 - 2013-01-03 17:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-12 17:54 - 2014-02-16 13:34 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\DigitalSites
2014-12-11 18:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-01 16:35 - 2012-12-31 13:34 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-01 16:34 - 2012-12-31 13:34 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-01 16:34 - 2012-12-31 13:18 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Wise Registry Cleaner
2014-12-01 16:34 - 2012-12-31 12:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-01 16:34 - 2012-12-31 12:40 - 00000000 ____D () C:\Windows\Minidump
2014-12-01 16:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-01 16:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2014-12-01 15:23 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 11:15
==================== End Of Log ============================ --- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by FRANK H at 2014-12-24 16:43:48
Running from C:\Users\FRANK H\Desktop\Trojaner etc
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{914F7627-B645-9895-F723-BAEAAC865E75}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArrayCalc (HKLM-x32\...\{12A03609-5AED-42F5-853C-79A5309E80D6}) (Version: 6.7.15 - d&b audiotechnik GmbH)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AuviTran AVS-Monitor (HKLM-x32\...\AuviTran AVS-Monitor) (Version: - )
Auvitran Firmware Updater (HKLM-x32\...\Auvitran Firmware Updater) (Version: - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4253 - AVG Technologies) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Editor 4.2 (HKLM-x32\...\InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}) (Version: 4.2 - Brother Industries, Ltd.)
Brother P-touch Editor 4.2 (x32 Version: 4.2 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2300 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{A598BEC3-4F02-413E-9649-C5A1879DB558}) (Version: 1.0.0010 - Brother Industries, Ltd.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series Benutzerregistrierung (HKLM-x32\...\Canon MX870 series Benutzerregistrierung) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CAPS (HKLM-x32\...\{7FEA5EEA-91C7-4387-9585-682A98DE5EB3}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
CrystalDiskInfo 5.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.1.0 - Crystal Dew World)
Dante Control and Monitoring (HKLM-x32\...\{32B9C78C-6BA0-456F-8053-5BA6305AEA37}) (Version: 1.7.8.2 - Audinate Pty. Ltd.)
Dante Controller (HKLM-x32\...\{de711cd0-3404-49b5-8d8b-251ceaf5ae35}) (Version: 3.5.3.1 - Audinate Pty. Ltd.)
Dante Controller (x32 Version: 3.5.3.1 - Audinate) Hidden
Dante Discovery (HKLM\...\{BB809BBB-7F71-402D-B0C0-603008B0BB59}) (Version: 1.0.5.1 - Audinate Pty. Ltd.)
Dante Firmware Update Manager (HKLM-x32\...\{60b610c7-22c6-4005-b252-181b2126425e}) (Version: 1.4.7.1 - Audinate Pty. Ltd.)
Dante Firmware Update Manager Core (x32 Version: 1.4.7.1 - Audinate Pty. Ltd.) Hidden
dsdminst (x32 Version: 1.01.0002 - Brother Industries, Ltd.) Hidden
EASE Focus 2 (HKLM-x32\...\InstallShield_{C5A2F0B5-6725-49A5-9E8E-A5FD86C07423}) (Version: 2.0.11 - AFMG)
EASE Focus 2 (x32 Version: 2.0.11 - AFMG) Hidden
EtherSound Runtime x64 v3.12 d (HKLM\...\{0751579A-00BC-425C-A9D9-E6C81A2C54CC}) (Version: 3.12.3 - EtherSound)
FirSoft build 908 - Firnet Controller Software (HKLM-x32\...\{D7820CF7-5420-42AA-B006-768911C8E001}_is1) (Version: - HKaudio)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LG-FCB ControlCenter 1.1 (HKLM-x32\...\LG-FCB ControlCenter) (Version: 1.1 - GORDIUS)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro Flash Memory Card Reader Driver (HKLM\...\{729F014A-9E91-49A6-B5F2-E8AA941452AE}) (Version: 3.31.03.A - O2Micro)
Paragon Festplatten Manager™ 12 Professional (HKLM-x32\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PodWare (HKLM-x32\...\{2D9894BE-4FDD-4F2C-9A41-3B683CB90736}) (Version: 5.46.0 - Linea Research)
P-touch Editor 3.2 (HKLM-x32\...\P-touch Editor ver 3.2) (Version: - )
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Soundcraft Virtual Vi 4.7.0 (HKLM-x32\...\SoundcraftVirtualVi) (Version: 4.7.0 - Soundcraft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Registry Cleaner 7.61 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: - WiseCleaner.com, Inc.)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{E976141F-5B03-429D-84C2-392E6BB1A45A}) (Version: 1.7.3 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.7.3 - Yamaha Corporation) Hidden
YAMAHA THR Editor (HKLM-x32\...\{5115B75F-32BF-42CB-A8BC-2F0A71C4DF93}) (Version: 1.0.0 - Yamaha Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3697939779-1139795273-3143350014-1004_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
==================== Restore Points =========================
17-12-2014 22:20:09 Windows Update
19-12-2014 16:10:42 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-11 18:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1CA4762D-C498-470B-B41F-A6ED504F4C91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.)
Task: {41F32A97-0CC6-4647-A133-A35662D4A7B0} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-12-25] (WiseCleaner.com)
Task: {76701015-8E62-4CD8-A2D9-6D3484490910} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.)
Task: {B1C44252-1BD1-4366-85BF-EF82418846E0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C1E86DA9-8445-4C1F-BF86-7CFD03D79E02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E10BF578-A8DE-46D8-8BA2-C3849292AA99} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {E391B2C1-86FD-4E6A-AAD9-EE90B988B698} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {F1152E3B-7622-4801-81CF-6160718DE352} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3697939779-1139795273-3143350014-500 - Administrator - Enabled) => C:\Users\Administrator
FRANK H (S-1-5-21-3697939779-1139795273-3143350014-1004 - Administrator - Enabled) => C:\Users\FRANK H
Gast (S-1-5-21-3697939779-1139795273-3143350014-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3697939779-1139795273-3143350014-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/24/2014 04:43:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2014 04:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.
Error: (12/24/2014 04:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353 22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.
Error: (12/24/2014 04:22:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2014 04:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.
Error: (12/24/2014 04:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353 22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.
Error: (12/24/2014 01:37:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2014 11:08:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2014 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.
Error: (12/23/2014 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353 22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.
System errors:
=============
Error: (12/24/2014 04:43:54 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
Error: (12/24/2014 04:42:14 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
Error: (12/24/2014 04:42:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467262.
Error: (12/24/2014 04:42:04 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
Error: (12/24/2014 04:41:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Dante Control and Monitoring" wurde mit folgendem Fehler beendet:
%%12
Error: (12/24/2014 04:40:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/24/2014 04:33:16 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/24/2014 04:33:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467262.
Error: (12/24/2014 04:33:02 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
Error: (12/24/2014 04:22:32 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
Microsoft Office Sessions:
=========================
Error: (12/24/2014 04:43:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2014 04:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.
Error: (12/24/2014 04:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353 22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.
Error: (12/24/2014 04:22:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2014 04:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.
Error: (12/24/2014 04:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353 22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.
Error: (12/24/2014 01:37:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2014 11:08:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2014 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.
Error: (12/23/2014 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353 22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.
CodeIntegrity Errors:
===================================
Date: 2014-12-11 18:02:51.025
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-11 18:02:50.931
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 34%
Total physical RAM: 4094.43 MB
Available physical RAM: 2684.56 MB
Total Pagefile: 8187.04 MB
Available Pagefile: 6542.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (F1 - SSD Win7) (Fixed) (Total:111.79 GB) (Free:18.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (F2 - Hitachi) (Fixed) (Total:232.89 GB) (Free:174.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2D5D03CE)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: B2FC597E)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================ |