Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Durch die Internetsicherheitseinstellungen wurde verhindert, dass eine oder mehrere Dateien geöffnet wurden". (https://www.trojaner-board.de/161394-internetsicherheitseinstellungen-wurde-verhindert-mehrere-dateien-geoeffnet-wurden.html)

schrauber 15.12.2014 20:22
Also Du hast diese Meldung auch im neu angelegten Konto?

fracar 16.12.2014 06:33
Hallo Schrauber,

keine Ahnung was jetzt wieder los ist. Ich habe in meinem Benutzerprofil im Fenster
"Einstellungen der Benutzerkontensteuerung ändern" auf "Standard" gestellt und die Kiste runtergefahren.

Das Hochfahren geht ganz normal bis kurz vor der Anmeldemaske, da ist für ca. 1 s der Bildschirm schwarz. Dann geht die Anmeldemaske auf und wenn ich mein Kennwort eingeben will sagt mir die Kiste "Die Anmeldung des Dienstes "Benutzerprofildienst" ist fehlgeschlagen. Das Benutzerprofil kann nicht geladen werden."

Im abgesicherten Modus kann ich mich zwar anmelden, habe aber keinen Zugriff auf "Einstellungen der Benutzerkontensteuerung ändern".

Glaubst Du ich hab noch irgendeine Chance, die Kiste wieder zum Laufen zu kriegen?

Bin langsam echt verzweifelt...

DANKE !!!

LG Frank

schrauber 16.12.2014 21:29
Beantworte doch einfach meine Frage.......


In deinem ganzen Text ist nicht festzustellen in welchem Konto du dich anmelden willst. in DEINEM oder DEM NEU ANGELEGTEN????

ICh hab dir weiter oben gesagt du sollst ein neues Profil anlegen. ICh will testen ob dein Profil kaputt is.

fracar 19.12.2014 15:50
Hallo Schrauber,

ich hatte einfach immer nur mal zwischendurch sporadisch die Zeit, an dem Problem weiter zu arbeiten. Ich habe zwischenzeitlich ein neues Benutzerprofil angelegt, mit dem jetzt alles funktioniert, auch der Desktop bleibt erhalten. Ich habe mir die Desktop-Inhalte von dem defekten in das neue Profil rüber kopiert und das alte Profil gelöscht - anscheinend war da irgendwas zerschossen.

Für mein Outlook habe ich von meinem laufenden PC die Profile und die .pst Dateien auf den anderen Rechner gezogen und das läuft jetzt auch wieder einwandfrei.

Bleibt nur noch zu prüfen, ob noch irgend etwas auf dem einst defekten Rechner zurückgeblieben ist. Was kann ich diesbezüglich noch unternehmen?

Danke vielmals für die Unterstützung !!!

Gruss Frank

schrauber 20.12.2014 15:35
GEnau darauf wollte ich hinaus, denn das war meine Vermutung :)

Poste von dem einst defekten Rechner bitte mal FRST Logs.

fracar 20.12.2014 18:14
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by FRANK H (administrator) on FRANK-LAPTOP on 20-12-2014 18:06:37
Running from C:\Users\FRANK H\Desktop\Trojaner etc
Loaded Profile: FRANK H (Available profiles: FRANK H & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AuviTran SARL) C:\Program Files (x86)\AuviTran\AVS-Monitor\AVS-Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Audinate Pty. Ltd.) C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Audinate Pty. Ltd.) C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3697939779-1139795273-3143350014-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3697939779-1139795273-3143350014-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3697939779-1139795273-3143350014-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 08 C:\Program Files (x86)\Audinate\Shared Files\mdnsNSP.dll [170800] (Audinate Pty. Ltd.)
Winsock: Catalog5-x64 08 C:\Program Files\Audinate\Shared Files\mdnsNSP.dll [179712] (Audinate Pty. Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-01-05] () [File not signed]
R2 AuviTranESoundService; C:\Program Files (x86)\AuviTran\AVS-Monitor\AVS-Service.exe [541032 2012-12-10] (AuviTran SARL)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 conmon; C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe [309064 2014-05-13] (Audinate Pty. Ltd.)
R2 DanteDiscovery; C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe [426800 2014-05-13] (Audinate Pty. Ltd.)
S4 Ksidowsraw; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R2 ESDriver; C:\Windows\System32\DRIVERS\ESDriver.sys [69120 2009-07-06] (Digigram)
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [64160 2009-07-13] (O2Micro )
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90928 2012-03-01] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [632752 2012-03-01] (Paragon)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [113960 2013-01-29] (Yamaha Corporation)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 11:57 - 2014-12-20 11:57 - 00119032 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-20 11:57 - 2014-12-20 11:57 - 00000000 ____D () C:\Users\Administrator\Documents\Bluetooth
2014-12-20 11:57 - 2014-12-20 11:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Toshiba
2014-12-20 11:56 - 2014-12-20 11:56 - 00001434 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-20 11:56 - 2014-12-20 11:56 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2013
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2013
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator
2014-12-20 11:56 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2014-12-20 11:56 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Wise Registry Cleaner
2014-12-20 11:56 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-12-20 11:56 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-12-20 11:56 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2014-12-20 11:56 - 2013-03-21 14:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-12-20 11:56 - 2012-12-31 11:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2014-12-20 11:56 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-20 11:56 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-19 14:21 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 14:21 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 19:54 - 2014-12-20 16:44 - 00000616 _____ () C:\Windows\setupact.log
2014-12-18 19:54 - 2014-12-18 19:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-17 22:22 - 2014-12-17 22:22 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-17 21:42 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-17 21:42 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-17 21:42 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-17 21:42 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-17 21:42 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-17 21:42 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-17 21:42 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-17 21:42 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-17 21:42 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-17 21:42 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-17 21:42 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-17 21:42 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-17 21:42 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-17 21:42 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-17 21:42 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-17 21:42 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-17 21:42 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-17 21:42 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-17 21:42 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-17 21:42 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-17 21:42 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-17 21:42 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-17 21:42 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-17 21:42 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-17 21:42 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-17 21:42 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-17 21:42 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-17 21:42 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-17 21:42 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-17 21:42 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-17 21:42 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-17 21:42 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-17 21:42 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-17 21:42 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-17 21:42 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-17 21:42 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-17 21:42 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-17 21:42 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-17 21:42 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-17 21:42 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-17 21:42 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-17 21:42 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-17 21:42 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-17 21:42 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-17 21:42 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-17 21:42 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-17 21:42 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-17 21:42 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-17 21:42 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-17 21:42 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-17 21:42 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-17 21:42 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-17 21:42 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-17 21:42 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-17 21:42 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-17 21:42 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-17 21:42 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-17 21:42 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-17 21:42 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-17 21:42 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-17 21:41 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-17 21:41 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-17 21:41 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-17 21:41 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-17 21:41 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-17 21:41 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-17 21:41 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-17 21:41 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-17 21:41 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-17 21:41 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-17 21:41 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-17 21:41 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-17 21:41 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-17 21:41 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-17 21:38 - 2014-12-17 21:38 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Macromedia
2014-12-17 19:48 - 2014-12-19 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-17 19:47 - 2014-12-17 19:47 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Apple Computer
2014-12-17 19:47 - 2014-10-01 14:57 - 00038400 _____ () C:\Users\FRANK H\Desktop\BBDBW Unterweisung Helfer.xls
2014-12-17 19:47 - 2014-09-03 20:18 - 00001796 _____ () C:\Users\FRANK H\Desktop\iTunes.lnk
2014-12-17 19:47 - 2014-06-19 11:46 - 00002144 _____ () C:\Users\FRANK H\Desktop\Dante Controller.lnk
2014-12-17 19:47 - 2014-06-08 15:11 - 00001171 _____ () C:\Users\FRANK H\Desktop\LGFCB_ContolCenter.lnk
2014-12-17 19:47 - 2013-01-05 18:27 - 00000482 _____ () C:\Users\FRANK H\Desktop\Adobe Photoshop CS.lnk
2014-12-17 19:47 - 2013-01-05 11:56 - 00000295 _____ () C:\Users\FRANK H\Desktop\AeroFly Professional Deluxe.lnk
2014-12-17 19:47 - 2012-11-02 11:05 - 00027648 _____ () C:\Users\FRANK H\Desktop\Prüfungen Stadthalle A3.xls
2014-12-17 19:45 - 2014-12-17 19:47 - 00000000 ____D () C:\Users\FRANK H\Desktop\Sonstiges
2014-12-17 19:45 - 2014-12-17 19:45 - 00000000 ___RD () C:\Users\FRANK H\Desktop\Pro Audio
2014-12-17 19:45 - 2014-03-06 12:47 - 00551364 _____ () C:\Users\FRANK H\Desktop\STADTHALLE 2014.CLF
2014-12-17 19:45 - 2013-05-05 22:00 - 00041984 _____ () C:\Users\FRANK H\Desktop\Stundenerfassung.xls
2014-12-17 19:10 - 2014-12-19 15:36 - 00000000 ____D () C:\Users\FRANK H\Outlook-Dateien
2014-12-17 18:34 - 2014-12-20 12:16 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Audacity
2014-12-17 18:32 - 2014-11-18 15:39 - 00016500 ___SH () C:\Users\FRANK H\Desktop\~WRL0290.tmp
2014-12-17 18:00 - 2014-12-17 18:00 - 00002076 _____ () C:\Users\FRANK H\Desktop\2015 BUCHHALTUNG - Verknüpfung.lnk
2014-12-17 18:00 - 2014-12-17 18:00 - 00001513 _____ () C:\Users\FRANK H\Desktop\DOKUMENTE - Verknüpfung.lnk
2014-12-17 17:59 - 2014-12-17 19:23 - 00001999 _____ () C:\Users\FRANK H\Desktop\2014 BUCHHALTUNG - Verknüpfung.lnk
2014-12-17 17:41 - 2014-12-17 19:20 - 00001047 _____ () C:\Users\FRANK H\Desktop\Frank's Büro - Verknüpfung.lnk
2014-12-17 17:22 - 2014-12-17 17:22 - 00119032 _____ () C:\Users\FRANK H\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-17 17:22 - 2014-12-17 17:22 - 00000000 ____D () C:\Users\FRANK H\Documents\Bluetooth
2014-12-17 17:21 - 2014-12-19 15:05 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Apple Computer
2014-12-17 17:21 - 2014-12-17 21:36 - 00000000 __SHD () C:\Users\FRANK H\AppData\Local\EmieUserList
2014-12-17 17:21 - 2014-12-17 21:36 - 00000000 __SHD () C:\Users\FRANK H\AppData\Local\EmieSiteList
2014-12-17 17:21 - 2014-12-17 21:36 - 00000000 __SHD () C:\Users\FRANK H\AppData\Local\EmieBrowserModeList
2014-12-17 17:21 - 2014-12-17 19:10 - 00000000 ____D () C:\Users\FRANK H
2014-12-17 17:21 - 2014-12-17 17:21 - 00001438 _____ () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-17 17:21 - 2014-12-17 17:21 - 00000020 ___SH () C:\Users\FRANK H\ntuser.ini
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Vorlagen
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Startmenü
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Netzwerkumgebung
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Lokale Einstellungen
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Eigene Dateien
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Druckumgebung
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Documents\Eigene Musik
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Documents\Eigene Bilder
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\AppData\Local\Verlauf
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\AppData\Local\Anwendungsdaten
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Anwendungsdaten
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\AVG2013
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\ATI
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Adobe
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Toshiba
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Avg2013
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\ATI
2014-12-17 17:21 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Apple
2014-12-17 17:21 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Wise Registry Cleaner
2014-12-17 17:21 - 2013-03-21 14:48 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Microsoft Help
2014-12-17 17:21 - 2012-12-31 11:55 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\TuneUp Software
2014-12-17 17:21 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-17 17:21 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-17 17:19 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple
2014-12-17 17:19 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple
2014-12-15 12:00 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Wise Registry Cleaner
2014-12-15 12:00 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Wise Registry Cleaner
2014-12-14 13:01 - 2014-12-14 13:01 - 00000000 ____D () C:\RegBackup
2014-12-14 12:41 - 2014-12-14 12:41 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-12 18:19 - 2014-12-12 18:19 - 00000000 ____D () C:\Windows\ERUNT
2014-12-12 18:12 - 2014-12-12 18:14 - 00000000 ____D () C:\AdwCleaner
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-12 17:38 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 17:38 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 17:38 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 17:38 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 17:38 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 17:38 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 17:38 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 17:38 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 17:38 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 17:38 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 18:09 - 2014-12-12 18:11 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-12-11 17:58 - 2014-12-11 18:04 - 00000000 ____D () C:\ComboFix
2014-12-11 17:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 17:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 17:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 17:57 - 2014-12-11 18:04 - 00000000 ____D () C:\Qoobox
2014-12-11 17:57 - 2014-12-11 18:03 - 00000000 ____D () C:\Windows\erdnt
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default\AppData\Local\EmieUserList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default\AppData\Local\EmieSiteList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default\AppData\Local\EmieBrowserModeList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default User\AppData\Local\EmieUserList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default User\AppData\Local\EmieSiteList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default User\AppData\Local\EmieBrowserModeList
2014-12-08 14:17 - 2014-12-20 18:06 - 00000000 ____D () C:\FRST
2014-12-01 21:52 - 2014-12-01 21:52 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-11-27 19:46 - 2014-11-27 19:46 - 00274432 _____ () C:\Windows\Minidump\112714-23462-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 17:57 - 2012-12-31 12:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 17:44 - 2013-01-06 14:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 17:01 - 2012-12-31 11:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-20 16:51 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 16:51 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 16:48 - 2011-04-12 08:43 - 00703214 _____ () C:\Windows\system32\perfh007.dat
2014-12-20 16:48 - 2011-04-12 08:43 - 00150822 _____ () C:\Windows\system32\perfc007.dat
2014-12-20 16:48 - 2009-07-14 06:13 - 01629372 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 16:44 - 2013-01-06 14:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 16:44 - 2013-01-05 13:20 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-20 16:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 16:43 - 2012-12-31 14:39 - 01089938 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 13:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-20 12:00 - 2012-12-31 13:20 - 00000466 _____ () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2014-12-20 11:56 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-19 15:44 - 2013-01-02 13:45 - 00000000 ____D () C:\Users\Frank\Documents\Outlook-Dateien
2014-12-19 14:36 - 2013-01-02 15:19 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-19 14:23 - 2014-02-16 15:35 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-17 22:22 - 2014-05-07 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-17 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-17 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-17 18:42 - 2012-12-31 11:44 - 00000000 ____D () C:\Users\Frank
2014-12-17 17:53 - 2013-09-12 15:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 17:52 - 2012-12-31 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-17 17:52 - 2012-10-11 00:16 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-17 17:37 - 2014-02-27 09:25 - 00079654 _____ () C:\Windows\PFRO.log
2014-12-17 17:09 - 2014-11-19 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-17 17:09 - 2014-06-08 14:20 - 00000000 ____D () C:\Users\TEMP
2014-12-17 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-12-17 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-17 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-12 18:57 - 2012-12-31 12:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 18:57 - 2012-12-31 12:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 18:57 - 2012-12-31 12:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 18:28 - 2013-01-03 17:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-12 17:54 - 2014-02-16 13:34 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\DigitalSites
2014-12-11 18:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-01 16:35 - 2012-12-31 13:34 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-01 16:34 - 2012-12-31 13:34 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-01 16:34 - 2012-12-31 13:18 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Wise Registry Cleaner
2014-12-01 16:34 - 2012-12-31 12:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-01 16:34 - 2012-12-31 12:40 - 00000000 ____D () C:\Windows\Minidump
2014-12-01 16:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-01 16:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2014-12-01 15:23 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 11:15

==================== End Of Log ============================
--- --- ---

--- --- ---
[/CODE

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by FRANK H at 2014-12-20 18:13:23
Running from C:\Users\FRANK H\Desktop\Trojaner etc
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{914F7627-B645-9895-F723-BAEAAC865E75}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArrayCalc (HKLM-x32\...\{12A03609-5AED-42F5-853C-79A5309E80D6}) (Version: 6.7.15 - d&b audiotechnik GmbH)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AuviTran AVS-Monitor (HKLM-x32\...\AuviTran AVS-Monitor) (Version:  - )
Auvitran Firmware Updater (HKLM-x32\...\Auvitran Firmware Updater) (Version:  - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4253 - AVG Technologies) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Editor 4.2 (HKLM-x32\...\InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}) (Version: 4.2 - Brother Industries, Ltd.)
Brother P-touch Editor 4.2 (x32 Version: 4.2 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2300 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{A598BEC3-4F02-413E-9649-C5A1879DB558}) (Version: 1.0.0010 - Brother Industries, Ltd.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series Benutzerregistrierung (HKLM-x32\...\Canon MX870 series Benutzerregistrierung) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CAPS (HKLM-x32\...\{7FEA5EEA-91C7-4387-9585-682A98DE5EB3}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
CrystalDiskInfo 5.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.1.0 - Crystal Dew World)
Dante Control and Monitoring (HKLM-x32\...\{32B9C78C-6BA0-456F-8053-5BA6305AEA37}) (Version: 1.7.8.2 - Audinate Pty. Ltd.)
Dante Controller (HKLM-x32\...\{de711cd0-3404-49b5-8d8b-251ceaf5ae35}) (Version: 3.5.3.1 - Audinate Pty. Ltd.)
Dante Controller (x32 Version: 3.5.3.1 - Audinate) Hidden
Dante Discovery (HKLM\...\{BB809BBB-7F71-402D-B0C0-603008B0BB59}) (Version: 1.0.5.1 - Audinate Pty. Ltd.)
Dante Firmware Update Manager (HKLM-x32\...\{60b610c7-22c6-4005-b252-181b2126425e}) (Version: 1.4.7.1 - Audinate Pty. Ltd.)
Dante Firmware Update Manager Core (x32 Version: 1.4.7.1 - Audinate Pty. Ltd.) Hidden
dsdminst (x32 Version: 1.01.0002 - Brother Industries, Ltd.) Hidden
EASE Focus 2 (HKLM-x32\...\InstallShield_{C5A2F0B5-6725-49A5-9E8E-A5FD86C07423}) (Version: 2.0.11 - AFMG)
EASE Focus 2 (x32 Version: 2.0.11 - AFMG) Hidden
EtherSound Runtime x64 v3.12 d (HKLM\...\{0751579A-00BC-425C-A9D9-E6C81A2C54CC}) (Version: 3.12.3 - EtherSound)
FirSoft build 908 - Firnet Controller Software (HKLM-x32\...\{D7820CF7-5420-42AA-B006-768911C8E001}_is1) (Version:  - HKaudio)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LG-FCB ControlCenter 1.1 (HKLM-x32\...\LG-FCB ControlCenter) (Version: 1.1 - GORDIUS)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro Flash Memory Card Reader Driver (HKLM\...\{729F014A-9E91-49A6-B5F2-E8AA941452AE}) (Version: 3.31.03.A - O2Micro)
Paragon Festplatten Manager™ 12 Professional (HKLM-x32\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PodWare (HKLM-x32\...\{2D9894BE-4FDD-4F2C-9A41-3B683CB90736}) (Version: 5.46.0 - Linea Research)
P-touch Editor 3.2 (HKLM-x32\...\P-touch Editor ver 3.2) (Version:  - )
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Soundcraft Virtual Vi 4.7.0 (HKLM-x32\...\SoundcraftVirtualVi) (Version: 4.7.0 - Soundcraft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Registry Cleaner 7.61 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{E976141F-5B03-429D-84C2-392E6BB1A45A}) (Version: 1.7.3 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.7.3 - Yamaha Corporation) Hidden
YAMAHA THR Editor (HKLM-x32\...\{5115B75F-32BF-42CB-A8BC-2F0A71C4DF93}) (Version: 1.0.0 - Yamaha Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3697939779-1139795273-3143350014-1004_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)

==================== Restore Points  =========================

17-12-2014 22:20:09 Windows Update
19-12-2014 16:10:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-11 18:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CA4762D-C498-470B-B41F-A6ED504F4C91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.)
Task: {41F32A97-0CC6-4647-A133-A35662D4A7B0} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-12-25] (WiseCleaner.com)
Task: {76701015-8E62-4CD8-A2D9-6D3484490910} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.)
Task: {B1C44252-1BD1-4366-85BF-EF82418846E0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C1E86DA9-8445-4C1F-BF86-7CFD03D79E02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CCD56122-80F8-4F3D-BA52-5CF47A6C7235} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {E10BF578-A8DE-46D8-8BA2-C3849292AA99} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {E391B2C1-86FD-4E6A-AAD9-EE90B988B698} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {F1152E3B-7622-4801-81CF-6160718DE352} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {F50D10E3-8870-4783-9998-8C1F4E85973F} - System32\Tasks\4679 => Wscript.exe C:\Users\Frank\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3697939779-1139795273-3143350014-500 - Administrator - Enabled) => C:\Users\Administrator
FRANK H (S-1-5-21-3697939779-1139795273-3143350014-1004 - Administrator - Enabled) => C:\Users\FRANK H
Gast (S-1-5-21-3697939779-1139795273-3143350014-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3697939779-1139795273-3143350014-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2014 04:46:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:36:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:28:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:26:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/20/2014 00:26:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.

Error: (12/20/2014 00:25:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:16:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:44:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:43:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/20/2014 10:43:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.


System errors:
=============
Error: (12/20/2014 04:46:50 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (12/20/2014 04:45:10 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (12/20/2014 04:44:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467262.

Error: (12/20/2014 04:44:59 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (12/20/2014 04:44:59 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/20/2014 04:44:58 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (12/20/2014 04:43:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Dante Control and Monitoring" wurde mit folgendem Fehler beendet:
%%12

Error: (12/20/2014 04:43:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (12/20/2014 00:34:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Dante Control and Monitoring" wurde mit folgendem Fehler beendet:
%%12

Error: (12/20/2014 00:34:19 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5


Microsoft Office Sessions:
=========================
Error: (12/20/2014 04:46:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:36:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:28:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:26:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/20/2014 00:26:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.

Error: (12/20/2014 00:25:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 00:16:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:44:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:43:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/20/2014 10:43:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.


CodeIntegrity Errors:
===================================
  Date: 2014-12-11 18:02:51.025
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-11 18:02:50.931
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 33%
Total physical RAM: 4094.43 MB
Available physical RAM: 2707.96 MB
Total Pagefile: 8187.04 MB
Available Pagefile: 6503.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (F1 - SSD Win7) (Fixed) (Total:111.79 GB) (Free:11.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (F2 - Hitachi) (Fixed) (Total:232.89 GB) (Free:174.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2D5D03CE)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: B2FC597E)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 21.12.2014 16:38
Haben wir an dem Rechner schon was gemacht? Sorry, Überblick verloren.

fracar 22.12.2014 11:35
Hallo Schrauber,

ja, wir haben an dem Rechner seit ca. 2 Wochen rumgefutschelt und ihn auch dank Deiner Hilfe wieder zum Laufen bekommen.

Meine letzte Frage war, ob noch was zu machen ist und Du wolltest noch einmal die aktuellen Ergebnisse von FRST haben, welche ich Dir oben gepostet habe. Natürlich kann ich an den Logfiles nicht erkennen, ob noch irgendwas faul ist, aber Du sicherlich.

Ich bin auf jeden Fall sehr dankbar für Deine bisherigen (und auch weiteren?) Bemühungen!!!

Wie auch immer, es eilt nicht. Freue mich aber trotzdem, wenn Du mir irgendwann bestätigen könntest, dass mein Rechner sauber ist oder was noch zu tun ist.

Erst mal frohes Fest, falls ich bis dahin nix mehr höre....!

LG Frank

schrauber 23.12.2014 11:49
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {CCD56122-80F8-4F3D-BA52-5CF47A6C7235} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {F50D10E3-8870-4783-9998-8C1F4E85973F} - System32\Tasks\4679 => Wscript.exe C:\Users\Frank\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path
S4 Ksidowsraw; No ImagePath
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte, dann sollten wir durch sein.

fracar 24.12.2014 16:48
OK. Hab ich gemacht. Nachfolgend das Fix Log, FRST Log und Addition


Ich wünsche ein frohes Weihnachtsfest!!!


Ist der Rechner nun sauber?

Liebe Grüße

Frank



Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by FRANK H at 2014-12-24 16:40:42 Run:3
Running from C:\Users\FRANK H\Desktop\Trojaner etc
Loaded Profile: FRANK H (Available profiles: FRANK H & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {CCD56122-80F8-4F3D-BA52-5CF47A6C7235} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {F50D10E3-8870-4783-9998-8C1F4E85973F} - System32\Tasks\4679 => Wscript.exe C:\Users\Frank\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path
S4 Ksidowsraw; No ImagePath
Emptytemp:

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCD56122-80F8-4F3D-BA52-5CF47A6C7235}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCD56122-80F8-4F3D-BA52-5CF47A6C7235}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F50D10E3-8870-4783-9998-8C1F4E85973F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F50D10E3-8870-4783-9998-8C1F4E85973F}" => Key deleted successfully.
C:\Windows\System32\Tasks\4679 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4679" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully.
Ksidowsraw => Service deleted successfully.
EmptyTemp: => Removed 239.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by FRANK H (administrator) on FRANK-LAPTOP on 24-12-2014 16:43:11
Running from C:\Users\FRANK H\Desktop\Trojaner etc
Loaded Profile: FRANK H (Available profiles: FRANK H & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AuviTran SARL) C:\Program Files (x86)\AuviTran\AVS-Monitor\AVS-Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Audinate Pty. Ltd.) C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Audinate Pty. Ltd.) C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3697939779-1139795273-3143350014-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3697939779-1139795273-3143350014-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3697939779-1139795273-3143350014-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 08 C:\Program Files (x86)\Audinate\Shared Files\mdnsNSP.dll [170800] (Audinate Pty. Ltd.)
Winsock: Catalog5-x64 08 C:\Program Files\Audinate\Shared Files\mdnsNSP.dll [179712] (Audinate Pty. Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-01-05] () [File not signed]
R2 AuviTranESoundService; C:\Program Files (x86)\AuviTran\AVS-Monitor\AVS-Service.exe [541032 2012-12-10] (AuviTran SARL)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 conmon; C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe [309064 2014-05-13] (Audinate Pty. Ltd.)
R2 DanteDiscovery; C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe [426800 2014-05-13] (Audinate Pty. Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R2 ESDriver; C:\Windows\System32\DRIVERS\ESDriver.sys [69120 2009-07-06] (Digigram)
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [64160 2009-07-13] (O2Micro )
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90928 2012-03-01] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [632752 2012-03-01] (Paragon)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [113960 2013-01-29] (Yamaha Corporation)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 11:57 - 2014-12-20 11:57 - 00119032 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-20 11:57 - 2014-12-20 11:57 - 00000000 ____D () C:\Users\Administrator\Documents\Bluetooth
2014-12-20 11:57 - 2014-12-20 11:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Toshiba
2014-12-20 11:56 - 2014-12-20 11:56 - 00001434 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-20 11:56 - 2014-12-20 11:56 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2013
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2013
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-12-20 11:56 - 2014-12-20 11:56 - 00000000 ____D () C:\Users\Administrator
2014-12-20 11:56 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2014-12-20 11:56 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Wise Registry Cleaner
2014-12-20 11:56 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-12-20 11:56 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-12-20 11:56 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2014-12-20 11:56 - 2013-03-21 14:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-12-20 11:56 - 2012-12-31 11:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2014-12-20 11:56 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-20 11:56 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-12-19 14:36 - 2014-12-19 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-19 14:21 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 14:21 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 19:54 - 2014-12-24 16:41 - 00000896 _____ () C:\Windows\setupact.log
2014-12-18 19:54 - 2014-12-18 19:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-17 22:22 - 2014-12-17 22:22 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-17 21:42 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-17 21:42 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-17 21:42 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-17 21:42 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-17 21:42 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-17 21:42 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-17 21:42 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-17 21:42 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-17 21:42 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-17 21:42 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-17 21:42 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-17 21:42 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-17 21:42 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-17 21:42 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-17 21:42 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-17 21:42 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-17 21:42 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-17 21:42 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-17 21:42 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-17 21:42 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-17 21:42 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-17 21:42 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-17 21:42 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-17 21:42 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-17 21:42 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-17 21:42 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-17 21:42 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-17 21:42 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-17 21:42 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-17 21:42 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-17 21:42 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-17 21:42 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-17 21:42 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-17 21:42 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-17 21:42 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-17 21:42 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-17 21:42 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-17 21:42 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-17 21:42 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-17 21:42 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-17 21:42 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-17 21:42 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-17 21:42 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-17 21:42 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-17 21:42 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-17 21:42 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-17 21:42 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-17 21:42 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-17 21:42 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-17 21:42 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-17 21:42 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-17 21:42 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-17 21:42 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-17 21:42 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-17 21:42 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-17 21:42 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-17 21:42 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-17 21:42 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-17 21:42 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-17 21:42 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-17 21:42 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-17 21:41 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-17 21:41 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-17 21:41 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-17 21:41 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-17 21:41 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-17 21:41 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-17 21:41 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-17 21:41 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-17 21:41 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-17 21:41 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-17 21:41 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-17 21:41 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-17 21:41 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-17 21:41 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-17 21:38 - 2014-12-17 21:38 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Macromedia
2014-12-17 19:48 - 2014-12-19 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-17 19:47 - 2014-12-17 19:47 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Apple Computer
2014-12-17 19:47 - 2014-10-01 14:57 - 00038400 _____ () C:\Users\FRANK H\Desktop\BBDBW Unterweisung Helfer.xls
2014-12-17 19:47 - 2014-09-03 20:18 - 00001796 _____ () C:\Users\FRANK H\Desktop\iTunes.lnk
2014-12-17 19:47 - 2014-06-19 11:46 - 00002144 _____ () C:\Users\FRANK H\Desktop\Dante Controller.lnk
2014-12-17 19:47 - 2014-06-08 15:11 - 00001171 _____ () C:\Users\FRANK H\Desktop\LGFCB_ContolCenter.lnk
2014-12-17 19:47 - 2013-01-05 18:27 - 00000482 _____ () C:\Users\FRANK H\Desktop\Adobe Photoshop CS.lnk
2014-12-17 19:47 - 2013-01-05 11:56 - 00000295 _____ () C:\Users\FRANK H\Desktop\AeroFly Professional Deluxe.lnk
2014-12-17 19:47 - 2012-11-02 11:05 - 00027648 _____ () C:\Users\FRANK H\Desktop\Prüfungen Stadthalle A3.xls
2014-12-17 19:45 - 2014-12-17 19:47 - 00000000 ____D () C:\Users\FRANK H\Desktop\Sonstiges
2014-12-17 19:45 - 2014-12-17 19:45 - 00000000 ___RD () C:\Users\FRANK H\Desktop\Pro Audio
2014-12-17 19:45 - 2014-03-06 12:47 - 00551364 _____ () C:\Users\FRANK H\Desktop\STADTHALLE 2014.CLF
2014-12-17 19:45 - 2013-05-05 22:00 - 00041984 _____ () C:\Users\FRANK H\Desktop\Stundenerfassung.xls
2014-12-17 19:10 - 2014-12-19 15:36 - 00000000 ____D () C:\Users\FRANK H\Outlook-Dateien
2014-12-17 18:34 - 2014-12-20 12:16 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Audacity
2014-12-17 18:32 - 2014-11-18 15:39 - 00016500 ___SH () C:\Users\FRANK H\Desktop\~WRL0290.tmp
2014-12-17 18:00 - 2014-12-17 18:00 - 00002076 _____ () C:\Users\FRANK H\Desktop\2015 BUCHHALTUNG - Verknüpfung.lnk
2014-12-17 18:00 - 2014-12-17 18:00 - 00001513 _____ () C:\Users\FRANK H\Desktop\DOKUMENTE - Verknüpfung.lnk
2014-12-17 17:59 - 2014-12-17 19:23 - 00001999 _____ () C:\Users\FRANK H\Desktop\2014 BUCHHALTUNG - Verknüpfung.lnk
2014-12-17 17:41 - 2014-12-17 19:20 - 00001047 _____ () C:\Users\FRANK H\Desktop\Frank's Büro - Verknüpfung.lnk
2014-12-17 17:22 - 2014-12-17 17:22 - 00119032 _____ () C:\Users\FRANK H\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-17 17:22 - 2014-12-17 17:22 - 00000000 ____D () C:\Users\FRANK H\Documents\Bluetooth
2014-12-17 17:21 - 2014-12-19 15:05 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Apple Computer
2014-12-17 17:21 - 2014-12-17 21:36 - 00000000 __SHD () C:\Users\FRANK H\AppData\Local\EmieUserList
2014-12-17 17:21 - 2014-12-17 21:36 - 00000000 __SHD () C:\Users\FRANK H\AppData\Local\EmieSiteList
2014-12-17 17:21 - 2014-12-17 21:36 - 00000000 __SHD () C:\Users\FRANK H\AppData\Local\EmieBrowserModeList
2014-12-17 17:21 - 2014-12-17 19:10 - 00000000 ____D () C:\Users\FRANK H
2014-12-17 17:21 - 2014-12-17 17:21 - 00001438 _____ () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-17 17:21 - 2014-12-17 17:21 - 00000020 ___SH () C:\Users\FRANK H\ntuser.ini
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Vorlagen
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Startmenü
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Netzwerkumgebung
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Lokale Einstellungen
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Eigene Dateien
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Druckumgebung
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Documents\Eigene Musik
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Documents\Eigene Bilder
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\AppData\Local\Verlauf
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\AppData\Local\Anwendungsdaten
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 _SHDL () C:\Users\FRANK H\Anwendungsdaten
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\AVG2013
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\ATI
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Adobe
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Toshiba
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Avg2013
2014-12-17 17:21 - 2014-12-17 17:21 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\ATI
2014-12-17 17:21 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Apple
2014-12-17 17:21 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\Wise Registry Cleaner
2014-12-17 17:21 - 2013-03-21 14:48 - 00000000 ____D () C:\Users\FRANK H\AppData\Local\Microsoft Help
2014-12-17 17:21 - 2012-12-31 11:55 - 00000000 ____D () C:\Users\FRANK H\AppData\Roaming\TuneUp Software
2014-12-17 17:21 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-17 17:21 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\FRANK H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-17 17:19 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple
2014-12-17 17:19 - 2014-12-17 17:19 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple
2014-12-15 12:00 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Wise Registry Cleaner
2014-12-15 12:00 - 2014-12-17 17:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Wise Registry Cleaner
2014-12-14 13:01 - 2014-12-14 13:01 - 00000000 ____D () C:\RegBackup
2014-12-14 12:41 - 2014-12-14 12:41 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-12 18:19 - 2014-12-12 18:19 - 00000000 ____D () C:\Windows\ERUNT
2014-12-12 18:12 - 2014-12-12 18:14 - 00000000 ____D () C:\AdwCleaner
2014-12-12 17:44 - 2014-12-12 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-12 17:38 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 17:38 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 17:38 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 17:38 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 17:38 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 17:38 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 17:38 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 17:38 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 17:38 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 17:38 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 18:09 - 2014-12-12 18:11 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-12-11 17:58 - 2014-12-11 18:04 - 00000000 ____D () C:\ComboFix
2014-12-11 17:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 17:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 17:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 17:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 17:57 - 2014-12-11 18:04 - 00000000 ____D () C:\Qoobox
2014-12-11 17:57 - 2014-12-11 18:03 - 00000000 ____D () C:\Windows\erdnt
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default\AppData\Local\EmieUserList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default\AppData\Local\EmieSiteList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default\AppData\Local\EmieBrowserModeList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default User\AppData\Local\EmieUserList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default User\AppData\Local\EmieSiteList
2014-12-08 15:26 - 2014-12-08 15:26 - 00000000 __SHD () C:\Users\Default User\AppData\Local\EmieBrowserModeList
2014-12-08 14:17 - 2014-12-24 16:43 - 00000000 ____D () C:\FRST
2014-12-01 21:52 - 2014-12-01 21:52 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-11-27 19:46 - 2014-11-27 19:46 - 00274432 _____ () C:\Windows\Minidump\112714-23462-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 16:42 - 2013-01-06 14:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 16:42 - 2013-01-05 13:20 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-24 16:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 16:40 - 2012-12-31 14:39 - 01170733 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 16:27 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 16:27 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 16:24 - 2011-04-12 08:43 - 00703214 _____ () C:\Windows\system32\perfh007.dat
2014-12-24 16:24 - 2011-04-12 08:43 - 00150822 _____ () C:\Windows\system32\perfc007.dat
2014-12-24 16:24 - 2009-07-14 06:13 - 01629372 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 15:57 - 2012-12-31 12:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-24 15:44 - 2013-01-06 14:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 15:01 - 2012-12-31 11:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-23 12:00 - 2012-12-31 13:20 - 00000466 _____ () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2014-12-20 13:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-20 11:56 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-19 15:44 - 2013-01-02 13:45 - 00000000 ____D () C:\Users\Frank\Documents\Outlook-Dateien
2014-12-19 14:36 - 2013-01-02 15:19 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-19 14:23 - 2014-02-16 15:35 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-17 22:22 - 2014-05-07 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-17 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-17 22:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-17 18:42 - 2012-12-31 11:44 - 00000000 ____D () C:\Users\Frank
2014-12-17 17:53 - 2013-09-12 15:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 17:52 - 2012-12-31 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-17 17:52 - 2012-10-11 00:16 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-17 17:37 - 2014-02-27 09:25 - 00079654 _____ () C:\Windows\PFRO.log
2014-12-17 17:09 - 2014-11-19 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-17 17:09 - 2014-06-08 14:20 - 00000000 ____D () C:\Users\TEMP
2014-12-17 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-12-17 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-17 17:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-12 18:57 - 2012-12-31 12:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 18:57 - 2012-12-31 12:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 18:57 - 2012-12-31 12:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 18:28 - 2013-01-03 17:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-12 17:54 - 2014-02-16 13:34 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\DigitalSites
2014-12-11 18:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-01 16:35 - 2012-12-31 13:34 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-01 16:34 - 2012-12-31 13:34 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-01 16:34 - 2012-12-31 13:18 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Wise Registry Cleaner
2014-12-01 16:34 - 2012-12-31 12:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-01 16:34 - 2012-12-31 12:40 - 00000000 ____D () C:\Windows\Minidump
2014-12-01 16:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-01 16:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2014-12-01 15:23 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 11:15

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by FRANK H at 2014-12-24 16:43:48
Running from C:\Users\FRANK H\Desktop\Trojaner etc
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{914F7627-B645-9895-F723-BAEAAC865E75}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArrayCalc (HKLM-x32\...\{12A03609-5AED-42F5-853C-79A5309E80D6}) (Version: 6.7.15 - d&b audiotechnik GmbH)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AuviTran AVS-Monitor (HKLM-x32\...\AuviTran AVS-Monitor) (Version:  - )
Auvitran Firmware Updater (HKLM-x32\...\Auvitran Firmware Updater) (Version:  - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4253 - AVG Technologies) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Editor 4.2 (HKLM-x32\...\InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}) (Version: 4.2 - Brother Industries, Ltd.)
Brother P-touch Editor 4.2 (x32 Version: 4.2 - Brother Industries, Ltd.) Hidden
Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2300 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{A598BEC3-4F02-413E-9649-C5A1879DB558}) (Version: 1.0.0010 - Brother Industries, Ltd.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series Benutzerregistrierung (HKLM-x32\...\Canon MX870 series Benutzerregistrierung) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CAPS (HKLM-x32\...\{7FEA5EEA-91C7-4387-9585-682A98DE5EB3}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
CrystalDiskInfo 5.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.1.0 - Crystal Dew World)
Dante Control and Monitoring (HKLM-x32\...\{32B9C78C-6BA0-456F-8053-5BA6305AEA37}) (Version: 1.7.8.2 - Audinate Pty. Ltd.)
Dante Controller (HKLM-x32\...\{de711cd0-3404-49b5-8d8b-251ceaf5ae35}) (Version: 3.5.3.1 - Audinate Pty. Ltd.)
Dante Controller (x32 Version: 3.5.3.1 - Audinate) Hidden
Dante Discovery (HKLM\...\{BB809BBB-7F71-402D-B0C0-603008B0BB59}) (Version: 1.0.5.1 - Audinate Pty. Ltd.)
Dante Firmware Update Manager (HKLM-x32\...\{60b610c7-22c6-4005-b252-181b2126425e}) (Version: 1.4.7.1 - Audinate Pty. Ltd.)
Dante Firmware Update Manager Core (x32 Version: 1.4.7.1 - Audinate Pty. Ltd.) Hidden
dsdminst (x32 Version: 1.01.0002 - Brother Industries, Ltd.) Hidden
EASE Focus 2 (HKLM-x32\...\InstallShield_{C5A2F0B5-6725-49A5-9E8E-A5FD86C07423}) (Version: 2.0.11 - AFMG)
EASE Focus 2 (x32 Version: 2.0.11 - AFMG) Hidden
EtherSound Runtime x64 v3.12 d (HKLM\...\{0751579A-00BC-425C-A9D9-E6C81A2C54CC}) (Version: 3.12.3 - EtherSound)
FirSoft build 908 - Firnet Controller Software (HKLM-x32\...\{D7820CF7-5420-42AA-B006-768911C8E001}_is1) (Version:  - HKaudio)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LG-FCB ControlCenter 1.1 (HKLM-x32\...\LG-FCB ControlCenter) (Version: 1.1 - GORDIUS)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro Flash Memory Card Reader Driver (HKLM\...\{729F014A-9E91-49A6-B5F2-E8AA941452AE}) (Version: 3.31.03.A - O2Micro)
Paragon Festplatten Manager™ 12 Professional (HKLM-x32\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PodWare (HKLM-x32\...\{2D9894BE-4FDD-4F2C-9A41-3B683CB90736}) (Version: 5.46.0 - Linea Research)
P-touch Editor 3.2 (HKLM-x32\...\P-touch Editor ver 3.2) (Version:  - )
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Soundcraft Virtual Vi 4.7.0 (HKLM-x32\...\SoundcraftVirtualVi) (Version: 4.7.0 - Soundcraft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Registry Cleaner 7.61 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{E976141F-5B03-429D-84C2-392E6BB1A45A}) (Version: 1.7.3 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.7.3 - Yamaha Corporation) Hidden
YAMAHA THR Editor (HKLM-x32\...\{5115B75F-32BF-42CB-A8BC-2F0A71C4DF93}) (Version: 1.0.0 - Yamaha Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3697939779-1139795273-3143350014-1004_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)

==================== Restore Points  =========================

17-12-2014 22:20:09 Windows Update
19-12-2014 16:10:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-11 18:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CA4762D-C498-470B-B41F-A6ED504F4C91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.)
Task: {41F32A97-0CC6-4647-A133-A35662D4A7B0} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-12-25] (WiseCleaner.com)
Task: {76701015-8E62-4CD8-A2D9-6D3484490910} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.)
Task: {B1C44252-1BD1-4366-85BF-EF82418846E0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C1E86DA9-8445-4C1F-BF86-7CFD03D79E02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E10BF578-A8DE-46D8-8BA2-C3849292AA99} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {E391B2C1-86FD-4E6A-AAD9-EE90B988B698} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {F1152E3B-7622-4801-81CF-6160718DE352} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3697939779-1139795273-3143350014-500 - Administrator - Enabled) => C:\Users\Administrator
FRANK H (S-1-5-21-3697939779-1139795273-3143350014-1004 - Administrator - Enabled) => C:\Users\FRANK H
Gast (S-1-5-21-3697939779-1139795273-3143350014-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3697939779-1139795273-3143350014-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2014 04:43:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 04:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/24/2014 04:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.

Error: (12/24/2014 04:22:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 04:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/24/2014 04:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.

Error: (12/24/2014 01:37:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 11:08:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/23/2014 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.


System errors:
=============
Error: (12/24/2014 04:43:54 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (12/24/2014 04:42:14 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (12/24/2014 04:42:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467262.

Error: (12/24/2014 04:42:04 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (12/24/2014 04:41:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Dante Control and Monitoring" wurde mit folgendem Fehler beendet:
%%12

Error: (12/24/2014 04:40:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (12/24/2014 04:33:16 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/24/2014 04:33:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467262.

Error: (12/24/2014 04:33:02 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (12/24/2014 04:22:32 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002


Microsoft Office Sessions:
=========================
Error: (12/24/2014 04:43:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 04:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/24/2014 04:41:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.

Error: (12/24/2014 04:22:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 04:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/24/2014 04:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.

Error: (12/24/2014 01:37:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 11:08:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  20 46.178.168.192.in-addr.arpa. PTR Frank-Laptop.local.

Error: (12/23/2014 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.46:5353  22 46.178.168.192.in-addr.arpa. PTR Frank-Laptop-2.local.


CodeIntegrity Errors:
===================================
  Date: 2014-12-11 18:02:51.025
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-11 18:02:50.931
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 34%
Total physical RAM: 4094.43 MB
Available physical RAM: 2684.56 MB
Total Pagefile: 8187.04 MB
Available Pagefile: 6542.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (F1 - SSD Win7) (Fixed) (Total:111.79 GB) (Free:18.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (F2 - Hitachi) (Fixed) (Total:232.89 GB) (Free:174.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2D5D03CE)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: B2FC597E)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 25.12.2014 16:47
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:22 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129