Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avg durch Gruppenrichtlinie blockiert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.01.2015, 02:10   #1
FaceTheTrace
 
Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Hallo, ich habe seit einiger Zeit Probleme mit meinem Avg Vierenschutz. Ich kann ihn weder starten noch deinstalieren. Ich bekomme jedes Mal die Meldung, dass das Programm durch eine Gruppenrichtlinie blockiert wird. Beim deinstalieren werde ich darauf hingewiesen, dass ich nicht über die Rechte verfüge das Programm zu deinstalieren was ich ebenfalls nicht verstehe, da ich nur das Administratorkonto verwende. Ich freue mich über eure Hilfe

Alt 05.01.2015, 08:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 05.01.2015, 17:50   #3
FaceTheTrace
 
Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Hallo, hier sind die angefragten .txt Dokumente

FRST.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2015
Ran by Администратор (administrator) on DNAPC on 05-01-2015 16:51:45
Running from C:\Users\Администратор\Downloads
Loaded Profile: Администратор (Available profiles: Администратор)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Russisch (Russische Föderation)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
() C:\Windows\CmUCREye.exe
(Vimicro) C:\Windows\VM303_STI.EXE
(Vimicro) C:\Windows\VMSnap3.exe
() C:\Windows\Domino.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Sonix) C:\Windows\vsnp2std.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
() C:\Windows\System32\drivers\WDelMgr20.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmiboot] => C:\Windows\cmiboot.exe [65536 2007-02-07] ()
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro)
HKLM\...\Run: [VMSnap3] => Ђ  !
HKLM\...\Run: [Domino] => Ђ0”и¦mЋД‚   @hРћvzТ‚ш“и¦ 
HKLM\...\Run: [SoundMan] => C:\Windows\VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Windows\Domino.exe [49152 2006-07-04] ()
HKLM\...\Run: [snp2std] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2011-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Windows\vsnp2std.exe [339968 2005-10-20] (Sonix)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\...\Run: [Windows Mobile-based device management] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [EPSON Stylus Photo R220 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE [177664 2006-12-25] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-07] (Samsung)
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=0814av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1114av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1214av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://webalta.ru
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://webalta.ru
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://webalta.ru
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://webalta.ru
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?p=pLsH3anR-Rz0cILJ
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer предоставлен: www.4free.in.ua
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://webalta.ru
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.4free.in.ua/index.php
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.4free.in.ua/index.php
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {117513C1-6909-4230-AD7C-E43D6B6FF3F5} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\.DEFAULT -> {117513C1-6909-4230-AD7C-E43D6B6FF3F5} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 mpa.one.microsoft.com 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NetworkProxy: "ftp", "195.81.186.116"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "195.81.186.116"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.81.186.116"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "195.81.186.116"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @digitalpublishing.de/dpLaunch -> C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2940817598-1931161818-2907281725-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Администратор\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\abs@avira.com [2015-01-04]
FF Extension: Stealthy - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\stealthyextension@gmail.com.xpi [2012-12-18]
FF Extension: Flagfox - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Adblock Plus - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-07]
FF Extension: Adblock Edge - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-04]
FF HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Firefox\Extensions: [Lyrics@LyricsFolder.co] - C:\Program Files\LyricsFolder\125.xpi

Chrome: 
=======
CHR Profile: C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2013-05-26]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\836D~1\AppData\Local\funmoods.crx [2012-07-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM\...\Chrome\Extension: [lmgddjncmooacfihfmikfohkldcjjgml] - C:\Program Files\LyricsFolder\133.crx [2013-09-11]
CHR HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\836D~1\AppData\Local\funmoods.crx [2012-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [254328 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [121720 2010-03-30] (AVM Berlin)
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed]
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-12-15] () [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [153464 2010-03-30] (AVM Berlin)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [997664 2014-12-20] (Overwolf LTD)
R2 WDelMgr20; C:\Windows\system32\drivers\WDelMgr20.exe [57344 2002-05-29] () [File not signed]
S4 CamProExpress64; C:\Program Files\AirLive\CamPro Express 64\CamProExpress64.exe [X]
S3 EWSASERV; "C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [118784 2007-03-21] (ATI Technologies Inc.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 CMISTOR; C:\Windows\system32\DRIVERS\cmiucr.SYS [93056 2007-01-12] (C-Media Corporation)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2009-06-10] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hcw99rc; C:\Windows\System32\Drivers\hcw99rc.sys [10368 2007-03-23] (Hauppauge Computer Works, Inc.)
S3 hptmv; C:\Windows\system32\DRIVERS\hptmv.sys [71968 2006-09-27] (HighPoint Technologies, Inc.)
R2 io.sys; C:\Windows\system32\drivers\io.sys [5152 2010-03-31] () [File not signed]
S3 ioatdma; C:\Windows\System32\Drivers\qd26032.sys [37504 2008-01-18] (Intel Corporation)
S3 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36480 2008-01-18] (Intel Corporation)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [75672 2007-06-19] (Intel Corporation)
S3 iteraid; C:\Windows\system32\DRIVERS\iteraid.sys [29184 2007-05-02] (ITE Tech. Inc.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [15200 2008-10-09] (JMicron )
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [84320 2009-02-19] (JMicron Technology Corp.)
S3 m5287; C:\Windows\system32\DRIVERS\m5287.sys [104320 2006-07-20] (ULi Electronics Inc.) [File not signed]
S3 m5288; C:\Windows\system32\DRIVERS\m5288.sys [211072 2006-07-19] (ULi Electronics Inc.) [File not signed]
S3 m5289; C:\Windows\system32\DRIVERS\m5289.sys [52480 2005-07-04] (ULi Electronics Inc.)
S3 MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [397632 2008-06-26] (LSI Corporation, Inc.)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation)
S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [13056 2006-11-14] (DiBcom S.A.)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [5120 2007-03-21] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.)
S3 NBv834x; C:\Windows\system32\DRIVERS\nbv834x.sys [104992 2008-10-19] (Bigfoot Networks, Inc.)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-01-19] (Windows (R) Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70656 2012-01-12] (Windows (R) Win 7 DDK provider)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S1 NtFsLdf20; C:\Windows\system32\Drivers\NtFsLdf20.sys [61440 2002-05-29] () [File not signed]
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [335224 2010-03-30] (AVM Berlin)
S3 PciIsaSerial; C:\Windows\System32\DRIVERS\PciIsaSerial.sys [65536 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [82944 2009-07-23] ()
S3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [115200 2008-12-19] ()
S3 rr172x; C:\Windows\system32\DRIVERS\rr172x.sys [90400 2007-06-12] (HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\DRIVERS\rr2522.sys [112160 2007-07-02] (HighPoint Technologies, Inc.)
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [245248 2006-12-27] (Ralink Technology Inc.)
S3 SI3112; C:\Windows\system32\DRIVERS\SI3112.sys [69168 2007-01-26] (Silicon Image, Inc.)
S3 SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [110128 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\DRIVERS\SI3114.sys [68912 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys [110384 2007-04-11] (Silicon Image, Inc)
R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [210472 2008-04-29] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\DRIVERS\SI3124.sys [76208 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [207152 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
S3 Si3132r5; C:\Windows\system32\DRIVERS\Si3132r5.sys [217128 2008-10-30] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [10446720 2006-02-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [445936 2010-09-21] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R2 STM Parallel Driver; C:\Windows\system32\drivers\parstm.sys [43776 2003-07-09] (STMicroelectronics) [File not signed]
S3 uac4pdt; C:\Windows\System32\DRIVERS\uac4pdt.sys [15232 2007-02-04] (Micronas GmbH)
S3 usb2lpt; C:\Windows\System32\DRIVERS\usb2lpt.sys [15360 2009-11-13] (haftmann#software)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 viamraid; C:\Windows\system32\DRIVERS\viamraid.sys [137880 2008-04-21] (VIA Technologies Inc.,Ltd)
S3 VIAudio; C:\Windows\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
S3 ViBus; C:\Windows\system32\DRIVERS\ViBus.sys [20632 2008-04-15] (VIA Technologies, Inc.)
S3 ViPrt; C:\Windows\system32\DRIVERS\ViPrt.sys [56984 2008-04-15] (VIA Technologies, Inc.)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [475136 2007-03-18] (Vimicro Corporation)
S3 WinTVCIUSB; C:\Windows\system32\DRIVERS\hcw11.sys [91136 2008-02-28] (Hauppauge Computer Works, Inc.)
S3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.)
S3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [28168 2008-01-24] (Logitech Inc.)
S3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [29192 2008-01-24] (Logitech Inc.)
S3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.)
S3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 a76gkme3; C:\Windows\system32\Drivers\a76gkme3.sys [0 ] (VIA Technologies Inc.,Ltd)
S3 giveio; \??\C:\Windows\system32\giveio.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SNPSTD3; system32\DRIVERS\snpstd3.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 ZSMC0303; System32\Drivers\usbVM303.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 16:24 - 2015-01-05 16:52 - 00029212 _____ () C:\Users\Администратор\Downloads\FRST.txt
2015-01-05 16:22 - 2015-01-05 16:52 - 00000000 ____D () C:\FRST
2015-01-05 16:21 - 2015-01-05 16:21 - 01115136 _____ (Farbar) C:\Users\Администратор\Downloads\FRST.exe
2015-01-05 01:29 - 2015-01-05 01:29 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\AVG2015
2015-01-05 01:25 - 2015-01-05 01:25 - 00000911 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-05 01:22 - 2015-01-05 01:29 - 00000000 ___HD () C:\$AVG
2015-01-05 01:16 - 2015-01-05 01:29 - 00000000 ____D () C:\Users\Администратор\AppData\Local\Avg2015
2015-01-05 00:54 - 2015-01-05 01:39 - 00184004 _____ () C:\Windows\PFRO.log
2015-01-05 00:38 - 2015-01-05 11:58 - 00000168 _____ () C:\Windows\setupact.log
2015-01-05 00:38 - 2015-01-05 00:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-04 23:52 - 2015-01-04 23:46 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-04 23:49 - 2015-01-04 23:49 - 00001055 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 __SHD () C:\Users\Администратор\AppData\Local\EmieBrowserModeList
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\Avira
2015-01-04 23:43 - 2015-01-04 23:43 - 00001972 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-04 23:41 - 2015-01-04 23:49 - 00000000 ____D () C:\Program Files\Avira
2015-01-04 23:41 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-04 23:41 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-04 23:41 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-04 23:41 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-01-04 23:39 - 2015-01-04 23:42 - 159747880 _____ (AVG Technologies) C:\Users\Администратор\Downloads\avg_free_x86_all_2015_5645a8758.exe
2015-01-04 23:36 - 2015-01-04 23:39 - 154051656 _____ () C:\Users\Администратор\Downloads\avira_free_antivirus468_de.exe
2015-01-04 23:32 - 2015-01-04 23:32 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\TuneUp Software
2014-12-21 22:24 - 2014-12-21 22:24 - 00002461 _____ () C:\Users\Администратор\Downloads\000000005_watchmaker.fb2.zip
2014-12-19 12:21 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-14 00:28 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-14 00:28 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-14 00:28 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-14 00:28 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-14 00:28 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-13 22:57 - 2014-12-13 22:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 21:48 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 21:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 21:48 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 21:48 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 21:48 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-13 21:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-13 21:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 21:48 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 21:48 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 21:48 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 21:48 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-13 21:48 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-13 21:48 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-13 21:48 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 21:48 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 21:48 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 21:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 21:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 21:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 21:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 21:48 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-13 21:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 21:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 21:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 21:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-13 21:48 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-13 21:48 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-13 21:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 21:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-13 21:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-13 21:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-13 21:39 - 2015-01-05 11:59 - 00000522 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1214av.job
2014-12-13 21:39 - 2015-01-05 11:59 - 00000390 _____ () C:\Windows\Tasks\AVG_SYS_TASK_1214av_DELETE.job
2014-12-08 21:25 - 2014-12-08 21:25 - 00208152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 16:41 - 2012-03-29 20:02 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 16:29 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 16:29 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 14:36 - 2010-03-24 13:38 - 01306838 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 11:59 - 2013-06-22 06:12 - 00000388 _____ () C:\Windows\Tasks\LyricsFolder Update.job
2015-01-05 11:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 01:29 - 2013-07-19 14:18 - 00000000 ____D () C:\Program Files\AVG
2015-01-05 01:18 - 2012-05-03 16:08 - 00000426 _____ () C:\Users\Администратор\Desktop\Keys.txt
2015-01-05 00:34 - 2014-08-24 10:37 - 00000000 ____D () C:\Users\Администратор\Downloads\instal
2015-01-05 00:05 - 2005-12-31 23:10 - 00007600 _____ () C:\Users\Администратор\AppData\Local\resmon.resmoncfg
2015-01-04 23:53 - 2013-09-13 18:34 - 00000000 ____D () C:\Program Files\LyricsFolder
2015-01-04 18:54 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Overwolf
2015-01-04 18:54 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-12-27 20:22 - 2014-10-23 20:08 - 00002181 _____ () C:\Users\Администратор\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-12-27 20:22 - 2014-10-23 20:08 - 00002181 _____ () C:\FoxitReaderUpdateInfo.txt
2014-12-27 20:22 - 2012-05-06 18:01 - 00000000 ____D () C:\Users\Администратор\Documents\1 ЮЛЯ
2014-12-21 20:59 - 2010-03-24 14:50 - 02499712 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 20:59 - 2009-07-14 09:41 - 00719598 _____ () C:\Windows\system32\perfh019.dat
2014-12-21 20:59 - 2009-07-14 09:41 - 00151680 _____ () C:\Windows\system32\perfc019.dat
2014-12-19 12:12 - 2012-12-07 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 13:19 - 2014-10-19 19:47 - 00000000 ____D () C:\Windows\rescache
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-14 00:26 - 2013-08-24 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 00:19 - 2010-10-30 01:31 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 21:41 - 2012-03-29 20:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 21:41 - 2011-06-07 10:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Администратор\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
         


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2015
Ran by Администратор at 2015-01-05 16:53:15
Running from C:\Users\Администратор\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ashampoo WinOptimizer 2013 v.1.0.0 (HKLM\...\{4209F371-7B85-60AD-E5CE-E4409D39E3DE}_is1) (Version: 1.00.00 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{BF1A060D-1D28-6743-F99E-ADF60E51502B}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (Version: 2.01.0000 - ATI Technologies Inc.) Hidden
Auslogics Duplicate File Finder (HKLM\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: version 1.5 - Auslogics Software Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Avira (HKLM\...\{4241d738-563d-4685-803c-e58b90a2e5e8}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!Fernzugang (HKLM\...\{5DC36978-AB9A-4A23-9C12-D90D2BB781B7}) (Version: 1.2.3 - AVM Berlin)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG4200 series Benutzerregistrierung (HKLM\...\Canon MG4200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 2.30 - Piriform)
ChargeProfessional 5000 (HKLM\...\ChargeProfessional 5000) (Version: 2.15 - eQ-3 Entwicklung GmbH)
ChargeProfessional 5000 (Version: 2.15 - eQ-3 Entwicklung GmbH) Hidden
C-Media Card Reader Driver USB2.0 (HKLM\...\C-Media Card Reader Driver USB2.0) (Version:  - )
CPU-Z (HKLM\...\CPU-Z_addon) (Version: v1.50 - oszone.net)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
DipTrace Language Suite (HKLM\...\DipTrace Language Suite) (Version: 1.0 - Novarm Limited)
EAGLE 4.11 (HKLM\...\EAGLE 4.11) (Version:  - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Eprom PCB5.0C 0.98D8 (HKLM\...\Willem Eprom PCB5.0C_is1) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
FileZilla Client 3.3.5.1 (HKLM\...\FileZilla Client) (Version: 3.3.5.1 - )
FinalData Enterprise 2.0 (HKLM\...\FinalData Enterprise 2.0) (Version:  - )
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
FRITZ!Box-Fernzugang einrichten (HKLM\...\{A79408B0-345D-42E8-8EB6-00597320B9E0}) (Version: 1.0.3 - AVM Berlin)
GIMP 2.6.12-2 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
GPU-Z (HKLM\...\GPU-Z_addon) (Version: v0.3.2 - oszone.net)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intelligent IP Installer (HKLM\...\Intelligent IP Installer) (Version: 1.1.16.09 - AirLive)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Lizardtech DjVu Control (HKLM\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Обновление (KB963678) (HKLM\...\{90120000-0016-0419-0000-0000000FF1CE}_ENTERPRISE_{420938DB-BF97-4664-BE29-0C68B4802C00}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Обновление (KB963677) (HKLM\...\{90120000-001A-0419-0000-0000000FF1CE}_ENTERPRISE_{E9D6C0F9-9879-4FC4-8E13-BF0D3953E0E6}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Обновление (KB963669) (HKLM\...\{90120000-0018-0419-0000-0000000FF1CE}_ENTERPRISE_{BD1C2AC7-63F3-4C75-8B44-DE3D700B3BC8}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Обновление (KB963665) (HKLM\...\{90120000-001B-0419-0000-0000000FF1CE}_ENTERPRISE_{D3A002FB-0F62-4840-80AD-2D2C63F83449}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\MyFreeCodec) (Version:  - )
Need for Speed™ Most Wanted (HKLM\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
Nosgoth (HKLM\...\Steam App 200110) (Version: 141028.95912 - Square Enix Ltd)
Notepad++ (HKLM\...\Notepad++) (Version:  - )
Novarm DipTrace (HKLM\...\Novarm DipTrace) (Version: 2.1 - Novarm)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Overwolf (HKLM\...\Overwolf) (Version: 0.81.36.0 - Overwolf Ltd.)
PCI Multi-IO Controller (HKLM\...\MosChip Technology) (Version:  - )
Piriform Utils v9.7.3 (HKLM\...\Piriform Utils_is1) (Version:  - )
Platform (Version: 1.24 - VIA Technologies, Inc.) Hidden
Project 64 version 2.1.0.1 (HKLM\...\Project 64_is1) (Version: 2.1.0.1 - )
QuickTime (HKLM\...\QuickTime) (Version:  - )
RadarSync PC Updater 2010  (HKLM\...\RadarSync PC Updater 2010) (Version:  - RadarSync Ltd)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.37 - Realtek Semiconductor Corp.)
RealUpgrade 1.0 (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.1.71009 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.71009 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Split/Second Demo (HKLM\...\{6A782F9A-57EB-48C8-91CD-D017A376F372}) (Version: 1.00.0000 - Disney Interactive Studios)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.0.7545  - TeamViewer GmbH)
The Sims 2: Ultimate Collection (HKLM\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Tony Hawks Pro Skater 4 (HKLM\...\Tony Hawks Pro Skater 4_is1) (Version:  - )
Uninstall Tool 2.6.3.4081 (HKLM\...\Uninstall Tool_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Диспетчер устройств платформы (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
VoIPVoice Integration (HKLM\...\{A02AEE90-9B8F-4159-A992-805E70ECF0EF}) (Version: 1.1 - Promotion And Display Technology Limited)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1500 - Broadcom Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\9B930C353B70A8D589052B35FD6D22DF019FA7A4) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\745D2949D37D22B578F30B5527277D1FB8BB0709) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WMV9/VC-1 Video Playback (Version: 1.0.60419.2210 - ATI Technologies Inc.) Hidden
ZC0301PLH_Driver_Setup (HKLM\...\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}) (Version: 1.00.0000 - Vimicro)
Архиватор WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2940817598-1931161818-2907281725-500_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> "C:\Users\Администратор\AppData\Local\Yandex\Updater\yupdate-executor.exe" No File
CustomCLSID: HKU\S-1-5-21-2940817598-1931161818-2907281725-500_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Администратор\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2940817598-1931161818-2907281725-500_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> "C:\Users\Администратор\AppData\Local\Yandex\Updater\yupdate-executor.exe" No File

==================== Restore Points  =========================

05-01-2015 00:24:47 Removed AVG 2014
05-01-2015 00:26:57 Removed AVG 2014
05-01-2015 01:17:51 Installed AVG 2015
05-01-2015 01:19:01 Installed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2010-04-08 13:32 - 00000858 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 mpa.one.microsoft.com 

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1160C3-96CF-4D6E-8398-07368C3AEBB9} - System32\Tasks\{8EE08E29-BCCD-4704-8D2E-7780844E32FB} => pcalua.exe -a "E:\bin\MAXON Installer.exe" -d E:\bin
Task: {0E770069-C61C-4AC1-AC08-71EE81B2314E} - System32\Tasks\{CE7536B8-8A1F-4739-B674-09C39A564024} => C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09] (VIA Technologies, Inc.)
Task: {125458F7-F957-43E3-9467-A43796E8F7DB} - System32\Tasks\{185FBD8F-ED30-4C92-B5ED-1D1EEAD8407C} => pcalua.exe -a C:\Users\Администратор\Desktop\MP10Setup.exe -d C:\Users\Администратор\Desktop
Task: {1EB93D2E-30FE-48B9-B7B6-B2948E598368} - System32\Tasks\{1AFB8B2C-57A5-478F-A464-7891485E36F0} => C:\Users\Администратор\Desktop\NETZ\arhi\archpr\setup.exe
Task: {21863AA3-ED1F-42B2-8086-942874F88DF3} - System32\Tasks\{15618B33-25B4-4F90-BF9C-E4F73E4DE354} => pcalua.exe -a G:\Хек\ST62xxx\PortControl\PortControl\PortControl.exe -d G:\Хек\ST62xxx\PortControl\PortControl
Task: {23B9B5E6-9D46-4141-A487-962B598B4459} - System32\Tasks\AVG_SYS_TASK_1214av_DELETE => C:\ProgramData\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe
Task: {24B5FA86-88DC-42BF-B28F-A4D9BD0B24F1} - System32\Tasks\{61A90220-A8F5-4766-B87B-A276D3E16A1C} => C:\Users\Администратор\Desktop\NETZ\arhi\archpr\setup.exe
Task: {291057C4-0A5A-4AA7-A502-7BE80221A6B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2940817598-1931161818-2907281725-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2EFF92A6-674C-4010-98D5-0BB3BE4103D3} - System32\Tasks\{553B834A-7D3F-43F4-A06F-B884561E1C7C} => pcalua.exe -a C:\Users\Администратор\Desktop\lide20lide30n670un676un1240uvst7031a_xpen\SetupSG.exe -d C:\Users\Администратор\Desktop\lide20lide30n670un676un1240uvst7031a_xpen
Task: {30655CAC-2612-4BB8-91A7-2E8B1637EBA1} - System32\Tasks\{DD604F77-C552-4FC9-BC1A-3BAF2CFD097B} => C:\Program Files\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
Task: {319F512F-4A2B-4920-9D36-7BB97922BDD4} - System32\Tasks\LyricsFolder Update => C:\Program Files\LyricsFolder\LrcsFdrUpdr.exe <==== ATTENTION
Task: {4D963898-ACD2-4951-860E-5BC6F4E63859} - System32\Tasks\{D1F979F2-F08C-434B-ADF3-C5E96E2E967C} => pcalua.exe -a C:\Users\Администратор\Desktop\ТМ\vinyl_v700b\Vinyl_V700b\SETUP.EXE -d C:\Users\Администратор\Desktop\ТМ\vinyl_v700b\Vinyl_V700b
Task: {4F48B581-17BA-4FF0-A7F6-A010A3C96F57} - System32\Tasks\{87FA654D-1B0F-42F2-8302-90CD7F4F23B6} => C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09] (VIA Technologies, Inc.)
Task: {61DF9601-16C2-44C8-BE3F-6C524A8CFD72} - System32\Tasks\{E1F1FFF5-07B0-435E-9F8B-D24EDCA4570D} => C:\Users\Администратор\Desktop\PS\AP_CS5_Extended_v12.0.3___Plugins\Portable Photoshop CS5 Multi.exe
Task: {6BC32588-BD91-401A-85CA-1BB98FFE92D3} - System32\Tasks\{06231494-1967-4295-B0CD-B4C3A0C63915} => pcalua.exe -a C:\Users\Администратор\Desktop\Elektriks\Haus\daemontool\DTLite4356-0091.exe -d C:\Users\Администратор\Desktop\Elektriks\Haus\daemontool
Task: {6DBDE81F-61D9-4B00-92AA-F152E339480F} - System32\Tasks\{25170B25-F90A-4032-BA42-2B3AA42CA230} => C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09] (VIA Technologies, Inc.)
Task: {735DE5B2-4D5A-4F07-8AC7-423577421C1A} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2014-12-20] (Overwolf LTD)
Task: {73C98DA7-6862-4644-A177-0BF4EBBADBA8} - System32\Tasks\{831D017C-8757-43E4-9B1D-A265D4EDCBDD} => pcalua.exe -a C:\Users\Администратор\Desktop\NETZ\arhi\archpr\setup.exe -d C:\Users\Администратор\Desktop\NETZ\arhi\archpr
Task: {752E43D1-CB29-4EAD-8C90-84C908F066B3} - System32\Tasks\{83DDE3E3-7643-4511-B4DF-4C01FF5A5B95} => C:\Users\Администратор\Desktop\NETZ\arhi\archpr\setup.exe
Task: {847D6ADC-9479-409D-A224-123CED0822A2} - System32\Tasks\AVG_SYS_TASK_1214av => C:\ProgramData\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe
Task: {8836458D-5B5E-4363-8105-983855907D8A} - System32\Tasks\{2333A62F-3FBE-4D1C-B5E4-1B7620C3DAB7} => pcalua.exe -a C:\Users\Администратор\AppData\Roaming\.minecraft\mod\JinRyuus-Mod-Installer-0.11.exe -d C:\Users\Администратор\AppData\Roaming\.minecraft\mod
Task: {8874CE1C-9B1E-4402-9A8E-FEF6E65B6CA6} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {8B6A8090-C8EF-4358-8955-931F0452D30D} - System32\Tasks\AdobeAAMUpdater-1.0-DNAPC-Администратор => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-02-22] (Adobe Systems Incorporated)
Task: {8CB384CF-4DF7-40C8-B0AB-B5DCF7F5C478} - System32\Tasks\{1212F032-8184-4472-8B68-D6E2AF29F456} => pcalua.exe -a "C:\Program Files\Uninstall Tool\utool.exe" -d C:\Users\Администратор\Desktop
Task: {92177D9F-DC38-4379-803D-5A610FB3AE6B} - System32\Tasks\{C2CAFD00-8B62-4E96-BB0A-062D49935D1B} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe"
Task: {9DA073A2-E259-4E4A-92FE-971789DCE503} - System32\Tasks\{ED04CA6E-84E4-4C1E-9BA3-FD5EB91FFE8B} => pcalua.exe -a "F:\SIMS3\Final Version Patch\Sims3_1.0.632.00002_from_1.0.631.00002.exe" -d "F:\SIMS3\Final Version Patch"
Task: {9DA78B6F-46BB-4DE0-B8AA-A60CC8E6DA44} - System32\Tasks\{B86EFCFE-8956-4DCA-AE94-034789C0AEBA} => pcalua.exe -a C:\Users\Администратор\Desktop\Ant\PDF.Converter\converter.exe -d C:\Users\Администратор\Desktop\Ant\PDF.Converter
Task: {A40330DF-0859-4320-9B48-CBA10545D6A7} - System32\Tasks\{AE427017-E6CF-4B9D-A56F-F037E2ECC073} => pcalua.exe -a C:\Users\Администратор\Desktop\R220\jre-6u22-windows-i586-iftw-rv.exe -d C:\Users\Администратор\Desktop\R220
Task: {A6E26B04-664D-4682-B3D9-C7F5FE22E436} - System32\Tasks\{82BE9DE1-C03B-4555-8207-3CF8F54102A7} => pcalua.exe -a "C:\Users\Администратор\Desktop\StarCam370i_15.0.498\MSI Star Cam 370i.exe" -d C:\Users\Администратор\Desktop\StarCam370i_15.0.498
Task: {ACB7383C-D0BB-49F8-811A-D2F4B3D8BE26} - System32\Tasks\{360323C3-2FC7-4111-B34E-FC57441D5E75} => pcalua.exe -a "G:\Хек\ST62xxx\Новая папка\Driver_Win732\Driver_Win732\Win7_32Bit\MOSCHIP_Setup.exe" -d "G:\Хек\ST62xxx\Новая папка\Driver_Win732\Driver_Win732\Win7_32Bit"
Task: {AE1E9AB5-3C77-4375-B6B2-C06C57A70288} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {B0D6419A-20FB-4512-AA14-29646D0647FF} - System32\Tasks\{42491372-E442-4F31-B96C-5CD79DEF9303} => pcalua.exe -a "C:\Program Files\Electronic Arts\Harry Potter and the Order of the Phoenix\eauninstall.exe" -d "C:\Program Files\Electronic Arts\Harry Potter and the Order of the Phoenix"
Task: {B274B901-1DAC-4E54-8FCF-2E44122980C9} - System32\Tasks\{EF457F6D-29BD-4A05-940B-B53253B3B3B6} => C:\Program Files\AVG\AVG2014\avgcfgex.exe
Task: {BD8BCED8-6105-4BA3-AD15-F1B6A0301310} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BDB29F41-9E33-436C-AAAC-7EED8AEB00D6} - System32\Tasks\{54666117-E6A7-4226-B52C-D2F774FFE87E} => pcalua.exe -a C:\ATI\Support\10-1_vista32_win7_32_dd_ccc_wdm_enu\Driver\Setup.exe -d C:\ATI\Support\10-1_vista32_win7_32_dd_ccc_wdm_enu\Driver
Task: {BEBF60C6-7B07-40BB-B196-58BBAD83C725} - System32\Tasks\{4613374B-19A3-4401-94AD-D118C6FDCD82} => C:\Program Files\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
Task: {D79D9FFF-D94C-4F2F-B16F-B1A9CE452757} - System32\Tasks\{A145C56F-EE38-4084-9D5E-71A661FF0D83} => pcalua.exe -a C:\Windows\unvise32qt.exe -c C:\Windows\system32\QuickTime\Uninstall.log
Task: {E06977FB-34B5-4B4E-A82C-2A6DA7BAE3D6} - System32\Tasks\{66BAD940-9EC2-410A-A3F0-FE5E1D62C160} => pcalua.exe -a "C:\Users\Администратор\Desktop\ddd\Microsoft Office 2007 Enterprise SP2 Rus (Activated)\SETUP.EXE" -d "C:\Users\Администратор\Desktop\ddd\Microsoft Office 2007 Enterprise SP2 Rus (Activated)"
Task: {E6D94C0F-FA47-4AFB-AE0B-C7B01F553769} - System32\Tasks\{D2E7C9A4-14BF-4E7C-BCCD-C3BBE7DD3EEE} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -c -runfromtemp -l0x0019 -removeonly
Task: {E76C57AE-B098-4347-8B9E-3D467BA21049} - System32\Tasks\{77B377F4-1B01-41ED-B5DE-4DD2942CED50} => pcalua.exe -a C:\Users\Администратор\Desktop\R220\Pampers\sscservr.exe -d C:\Users\Администратор\Desktop\R220\Pampers
Task: {ED2EB95F-AA04-4ECF-8CCD-77670C6F0407} - System32\Tasks\{8CDF4B2C-DF12-41DC-8395-517A03328EA3} => pcalua.exe -a "C:\Program Files\MOSCHIP\MOSCHIP_PciUninst.exe" -d "C:\Program Files\MOSCHIP"
Task: {F079FCAD-9343-487F-B10A-17B6919E4919} - System32\Tasks\{B18D19F5-0AF4-4C71-BFCA-5D783E6A4934} => C:\Program Files\AVG\AVG2014\avgcfgex.exe
Task: {F106675F-6B37-4F91-B315-5F9DA8BBDD3D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2940817598-1931161818-2907281725-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F5DD5DEB-9DDD-431E-8A0D-A1F71787D226} - System32\Tasks\{0BCE0845-9853-41D0-B0F7-AEB91D866256} => C:\Program Files\AVG\AVG2014\avgcfgex.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1214av.job => C:\ProgramData\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_1214av_DELETE.job => C:\ProgramData\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe
Task: C:\Windows\Tasks\LyricsFolder Update.job => C:\Program Files\LyricsFolder\LrcsFdrUpdr.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-01-24 15:36 - 2009-11-05 07:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files\AAVUpdateManager\aavus.exe
2014-04-08 22:07 - 2012-03-28 13:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2010-11-21 15:54 - 2010-11-21 15:54 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-03-24 14:44 - 2008-10-01 02:08 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-07 09:13 - 2010-03-07 09:13 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-03-24 13:28 - 2006-12-19 11:04 - 00241664 ____R () C:\Windows\CmUCReye.exe
2010-04-09 14:14 - 2006-07-04 13:16 - 00049152 _____ () C:\Windows\Domino.exe
2014-10-18 20:18 - 2014-10-18 20:18 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\e3d243bc30df3870d18e28528093cac1\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-10-18 20:19 - 2014-10-18 20:19 - 15006720 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\c5752f2496b778265a71a07b5d76269a\Kies.Theme.ni.dll
2014-10-18 20:18 - 2014-10-18 20:18 - 01865216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\316f86acfe7648a2a448653990fc853b\Kies.UI.ni.dll
2014-10-18 20:18 - 2014-10-18 20:18 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\3491c39f3c197a413a8359f2c72d7b25\Kies.MVVM.ni.dll
2014-10-18 20:18 - 2014-10-18 20:18 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll
2012-12-25 16:38 - 2002-05-29 18:34 - 00057344 _____ () C:\Windows\system32\drivers\WDelMgr20.exe
2014-12-13 22:57 - 2014-12-13 22:57 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:AstInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Администратор (S-1-5-21-2940817598-1931161818-2907281725-500 - Administrator - Enabled) => C:\Users\Администратор
Гость (S-1-5-21-2940817598-1931161818-2907281725-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 04:51:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 4.1.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d84

Startzeit: 01d028fb440dcee7

Endzeit: 16

Anwendungspfad: C:\Users\Администратор\Downloads\FRST.exe

Berichts-ID: aa461d86-94f2-11e4-9531-0013d4f80d9f

Error: (01/05/2015 04:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 14.0.7.462 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1098

Startzeit: 01d028fbe55ab6ca

Endzeit: 60000

Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: 2ef566ff-94ef-11e4-9531-0013d4f80d9f

Error: (01/05/2015 02:05:22 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile  Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (01/05/2015 00:12:37 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={DCF527DE-6DB4-4406-A354-FF238C5144CD}: Der Benutzer "DNAPC\Администратор" hat eine Verbindung mit dem Namen "BluetoothConnection" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 633.

Error: (01/05/2015 00:12:16 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={4A2DFAEF-3794-4CFA-B039-15F59444EBE9}: Der Benutzer "DNAPC\Администратор" hat eine Verbindung mit dem Namen "BluetoothConnection" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 633.

Error: (01/05/2015 00:11:16 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={3A73F93C-1709-4016-BC38-AAB1AC166B65}: Der Benutzer "DNAPC\Администратор" hat eine Verbindung mit dem Namen "BluetoothConnection" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 633.

Error: (01/05/2015 01:41:24 AM) (Source: Узел службы Avira) (EventID: 0) (User: )
Description: Невозможно запустить службу. Процесс службы не может установить связь с контроллером службы

Error: (01/05/2015 00:47:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WINWORD.EXE, Version 12.0.6713.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 208

Startzeit: 01d028786816b6d0

Endzeit: 47

Anwendungspfad: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

Berichts-ID:

Error: (01/05/2015 00:28:23 AM) (Source: MsiInstaller) (EventID: 11321) (User: DNAPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1321. SA_Error1321: StandardAction(0xC0070529): Das Installationsprogramm besitzt keine ausreichenden Berechtigungen, um die Datei 'C:\Program Files\AVG\AVG2014\TBD3585.tmp' zu ändern.

Error: (01/05/2015 00:28:11 AM) (Source: MsiInstaller) (EventID: 11404) (User: DNAPC)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1404. SA_Error1404: StandardAction(0xC007057C): Schlüssel konnte nicht gelöscht werden: \SOFTWARE\AVG\AVG2014. Systemfehler: . Überprüfen Sie, ob Sie ausreichende Zugriffsrechte auf diesen Schlüssel besitzen oder wenden Sie sich an den Support.


System errors:
=============
Error: (01/05/2015 00:01:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
johci
NtFsLdf20

Error: (01/05/2015 00:01:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: для конкретного приложенияЛокальныйЗапуск{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYсистемаS-1-5-18LocalHost (с использованием LRPC)

Error: (01/05/2015 02:11:33 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/05/2015 01:43:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Узел универсальных PNP-устройств" ist vom Dienst "Обнаружение SSDP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (01/05/2015 01:43:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Обнаружение SSDP" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/05/2015 01:43:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Обнаружение SSDP erreicht.

Error: (01/05/2015 01:43:34 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (01/05/2015 01:42:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
johci
NtFsLdf20

Error: (01/05/2015 01:41:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: для конкретного приложенияЛокальныйЗапуск{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYсистемаS-1-5-18LocalHost (с использованием LRPC)

Error: (01/05/2015 01:37:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (12/13/2014 10:23:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6707.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2898 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (06/29/2014 09:16:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/29/2014 09:15:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/20/2014 10:09:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1718 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/11/2014 06:34:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 520 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (05/01/2014 10:48:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 127 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/15/2013 02:23:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2953 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (09/17/2012 09:54:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3392 seconds with 1500 seconds of active time.  This session ended with a crash.

Error: (07/20/2012 10:42:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12744 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (06/17/2012 10:56:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 140 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
Percentage of memory in use: 57%
Total physical RAM: 3071.55 MB
Available physical RAM: 1307.12 MB
Total Pagefile: 6143.11 MB
Available Pagefile: 3888.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.81 MB

==================== Drives ================================
         
__________________

Alt 05.01.2015, 19:31   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.01.2015, 22:22   #5
FaceTheTrace
 
Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Hier ist die neuerstellte Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-01-2015
Ran by Администратор at 2015-01-05 21:16:42 Run:1
Running from C:\Users\Администратор\Desktop
Loaded Profile: Администратор (Available profiles: Администратор)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog 21:16:42 ====
         

Die nächste Logdatei erstelle ich jetzt und sende sie anschließend

Hier ist der C:\Combofix.txt Bericht

Vor dem Scan habe ich Avira deinstaliert und AVG deaktiviert. Combifix hat dann einen Neustart eingeleitet und AVG wurde wieder aktiviert. ich habe es vorsichtshalber wieder deaktiviert

Die Log ist zu lang und ich kann sie nicht hier rein posten

Code:
ATTFilter
ComboFix 15-01-05.01 - ????????????? . 01. 2015  21:44:06.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1049.18.3072.1893 [GMT 1:00]
ausgefьhrt von:: c:\users\Администратор\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 0 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Lцschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LyricsFolder
c:\program files\LyricsFolder\01.crx
c:\program files\LyricsFolder\01a.xpi
c:\program files\LyricsFolder\133.crx
c:\program files\LyricsFolder\133.dat
c:\program files\LyricsFolder\133.xpi
c:\program files\LyricsFolder\sqlite3.dll
c:\programdata\elsterformular
c:\programdata\elsterformular\elfoinstall.log
c:\programdata\elsterformular\elfouninstall.log
c:\programdata\elsterformular\pica\elfo.ini
c:\programdata\elsterformular\pica\update\12_2_0_6412p.RTD
c:\programdata\elsterformular\pica\update\12_2_0_6412p_update_win.txt
c:\programdata\elsterformular\pica\update\ElsterFormular_update-12_2_0_6412p.exe
c:\programdata\elsterformular\setup\uninstall.dat
c:\programdata\elsterformular\setup\uninstall.exe
c:\programdata\Microsoft Help
c:\programdata\Microsoft Help\Hx.hxn
c:\programdata\Microsoft Help\Hx_1049_MKWD_K.HxW
c:\programdata\Microsoft Help\Hx_1049_MKWD_NamedURL.HxW
c:\programdata\Microsoft Help\Hx_1049_MTOC_Hx.HxH
c:\programdata\Microsoft Help\Hx_1049_MValidator.HxD
c:\programdata\Microsoft Help\Hx_1049_MValidator.Lck
c:\programdata\Microsoft Help\MS.Dexplore.v80.en.hxn
c:\programdata\Microsoft Help\MS.EXCEL.12.1049.hxn
c:\programdata\Microsoft Help\MS.EXCEL.DEV.12.1049.hxn
c:\programdata\Microsoft Help\MS.GRAPH.12.1049.hxn
c:\programdata\Microsoft Help\MS.GROOVE.12.1049.hxn
c:\programdata\Microsoft Help\MS.INFOPATH.12.1049.hxn
c:\programdata\Microsoft Help\MS.INFOPATHEDITOR.12.1049.hxn
c:\programdata\Microsoft Help\MS.IPVSTA12.12.1049.hxn
c:\programdata\Microsoft Help\MS.MSACCESS.12.1049.hxn
c:\programdata\Microsoft Help\MS.MSACCESS.DEV.12.1049.hxn
c:\programdata\Microsoft Help\MS.MSE.12.1049.hxn
c:\programdata\Microsoft Help\MS.MSPUB.12.1049.hxn
c:\programdata\Microsoft Help\MS.MSPUB.DEV.12.1049.hxn
c:\programdata\Microsoft Help\MS.MSTORE.12.1049.hxn
c:\programdata\Microsoft Help\MS.OIS.12.1049.hxn
c:\programdata\Microsoft Help\MS.ONENOTE.12.1049.hxn
c:\programdata\Microsoft Help\MS.OUTLOOK.12.1049.hxn
c:\programdata\Microsoft Help\MS.OUTLOOK.DEV.12.1049.hxn
c:\programdata\Microsoft Help\MS.POWERPNT.12.1049.hxn
c:\programdata\Microsoft Help\MS.POWERPNT.DEV.12.1049.hxn
c:\programdata\Microsoft Help\MS.RIBBON.12.1049.hxn
c:\programdata\Microsoft Help\MS.SETLANG.12.1049.hxn
c:\programdata\Microsoft Help\MS.VSTA.v80.en.hxn
c:\programdata\Microsoft Help\MS.VSTACC.v80.hxn
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MKWD_A.HxW
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MKWD_B.HxW
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MKWD_F.HxW
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MKWD_K.HxW
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MKWD_S.HxW
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MKWD_Samples.HxW
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MKWD_VSTAccNamedUrls.HxW
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MTOC_vstacc.HxH
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MValidator.HxD
c:\programdata\Microsoft Help\MS.VSTACC.v80_1049_MValidator.Lck
c:\programdata\Microsoft Help\MS.WINWORD.12.1049.hxn
c:\programdata\Microsoft Help\MS.WINWORD.12.1049_1049_MKWD_F.HxW
c:\programdata\Microsoft Help\MS.WINWORD.12.1049_1049_MKWD_K.HxW
c:\programdata\Microsoft Help\MS.WINWORD.12.1049_1049_MTOC_WINWORD_COL.HxH
c:\programdata\Microsoft Help\MS.WINWORD.12.1049_1049_MValidator.HxD
c:\programdata\Microsoft Help\MS.WINWORD.12.1049_1049_MValidator.Lck
c:\programdata\Microsoft Help\MS.WINWORD.DEV.12.1049.hxn
c:\programdata\Microsoft Help\nslist.hxl
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\I41145_0812179861
c:\programdata\MPK\1\I41145_0846900926
c:\programdata\MPK\1\I41145_0881622685
c:\programdata\MPK\1\I41145_0916345023
c:\programdata\MPK\1\I41145_0985789468
c:\programdata\MPK\1\I41145_1020511458
c:\programdata\MPK\1\I41145_1159400463
c:\programdata\MPK\1\I41145_1194123495
c:\programdata\MPK\1\I41145_1228845139
c:\programdata\MPK\1\I41145_1263566898
c:\programdata\MPK\1\I41145_1298289583
c:\programdata\MPK\1\I41145_1333011458
c:\programdata\MPK\1\I41145_1402455787
c:\programdata\MPK\1\I41145_1437178009
c:\programdata\MPK\1\I41145_7880653356
c:\programdata\MPK\1\I41145_7915375926
c:\programdata\MPK\1\I41145_7950097801
c:\programdata\MPK\1\I41145_7984819907
c:\programdata\MPK\1\I41145_8019542361
c:\programdata\MPK\1\I41145_8054264468
c:\programdata\MPK\1\I41145_8088987847
c:\programdata\MPK\1\I41145_8123709375
c:\programdata\MPK\1\I41145_8158430903
c:\programdata\MPK\1\I41145_8193153241
c:\programdata\MPK\1\I41145_8227875463
c:\programdata\MPK\1\I41145_8262597917
c:\programdata\MPK\1\I41145_8297320023
c:\programdata\MPK\1\I41145_8392943634
c:\programdata\MPK\1\I41145_8427665741
c:\programdata\MPK\1\I41145_8462388194
c:\programdata\MPK\1\I41145_8497110301
c:\programdata\MPK\1\I41145_8531832639
c:\programdata\MPK\1\I41145_8566554514
c:\programdata\MPK\1\I41145_8642174769
c:\programdata\MPK\1\I41145_8676898148
c:\programdata\MPK\1\I41145_9267183912
c:\programdata\MPK\1\I41145_9301906134
c:\programdata\MPK\1\I41145_9336628819
c:\programdata\MPK\1\I41145_9371351736
c:\programdata\MPK\1\I41145_9406073380
c:\programdata\MPK\1\I41145_9440795602
c:\programdata\MPK\1\I41145_9475517245
c:\programdata\MPK\1\I41145_9510239468
c:\programdata\MPK\1\I41145_9544961921
c:\programdata\MPK\1\I41145_9579684028
c:\programdata\MPK\1\I41145_9614406250
c:\programdata\MPK\1\I41145_9649128819
c:\programdata\MPK\1\I41145_9683850463
c:\programdata\MPK\1\I41145_9718574421
c:\programdata\MPK\1\I41145_9753295139
c:\programdata\MPK\1\I41145_9926906134
c:\programdata\MPK\1\I41145_9961628819
c:\programdata\MPK\1\I41146_0343573264
c:\programdata\MPK\1\I41146_0378295139
c:\programdata\MPK\1\I41146_0482463079
c:\programdata\MPK\1\I41146_5551800463
c:\programdata\MPK\1\I41146_5586522801
c:\programdata\MPK\1\I41146_5621243866
c:\programdata\MPK\1\I41146_5655966435
c:\programdata\MPK\1\I41146_5690688310
c:\programdata\MPK\1\I41146_5725411227
c:\programdata\MPK\1\I41146_5760132870
c:\programdata\MPK\1\I41146_5794855440
c:\programdata\MPK\1\I41146_5829577431
c:\programdata\MPK\1\I41146_5864299421
c:\programdata\MPK\1\I41146_6246244907
c:\programdata\MPK\1\I41146_6280965972
c:\programdata\MPK\1\I41146_6315688310
c:\programdata\MPK\1\I41146_6350410532
c:\programdata\MPK\1\I41146_6385132986
c:\programdata\MPK\1\I41146_6419854977
c:\programdata\MPK\1\I41146_6489300000
c:\programdata\MPK\1\I41146_6524022685
c:\programdata\MPK\1\I41146_6558744097
c:\programdata\MPK\1\I41146_6593466667
c:\programdata\MPK\1\I41146_6628188426
c:\programdata\MPK\1\I41146_6662910880
c:\programdata\MPK\1\I41146_6697632986
c:\programdata\MPK\1\I41146_6732354861
c:\programdata\MPK\1\I41146_6767077778
c:\programdata\MPK\1\I41146_6801799537
c:\programdata\MPK\1\I41146_6836521643
c:\programdata\MPK\1\I41146_6871243982
c:\programdata\MPK\1\I41146_6905970255
c:\programdata\MPK\1\I41146_6940688194
c:\programdata\MPK\1\I41146_6975410648
c:\programdata\MPK\1\I41146_7010132755
c:\programdata\MPK\1\I41146_7044855324
c:\programdata\MPK\1\I41146_7079577431
c:\programdata\MPK\1\I41146_7114299537
c:\programdata\MPK\1\I41146_7149021643
c:\programdata\MPK\1\I41146_7183743866
c:\programdata\MPK\1\I41146_7218466319
c:\programdata\MPK\1\I41146_7253188426
c:\programdata\MPK\1\I41146_7287911111
c:\programdata\MPK\1\I41146_7322632755
c:\programdata\MPK\1\I41146_7357355208
c:\programdata\MPK\1\I41146_7392077431
c:\programdata\MPK\1\I41146_7426799421
c:\programdata\MPK\1\I41146_7461521875
c:\programdata\MPK\1\I41146_7496243982
c:\programdata\MPK\1\I41146_7530965972
c:\programdata\MPK\1\I41146_7565689699
c:\programdata\MPK\1\I41146_7600410417
c:\programdata\MPK\1\I41146_7635136343
c:\programdata\MPK\1\I41146_7669855556
c:\programdata\MPK\1\I41146_7704577315
c:\programdata\MPK\1\I41146_7739299769
c:\programdata\MPK\1\I41146_7774022222
c:\programdata\MPK\1\I41146_7808744676
c:\programdata\MPK\1\I41146_7843466551
c:\programdata\MPK\1\I41146_7878188542
c:\programdata\MPK\1\I41146_7912910532
c:\programdata\MPK\1\I41146_7947632870
c:\programdata\MPK\1\I41146_7982354977
c:\programdata\MPK\1\I41146_8017077431
c:\programdata\MPK\1\I41146_8051799306
c:\programdata\MPK\1\I41146_8086521875
c:\programdata\MPK\1\I41146_8121244329
c:\programdata\MPK\1\I41146_8155966204
c:\programdata\MPK\1\I41146_8190688310
c:\programdata\MPK\1\I41146_8225410764
c:\programdata\MPK\1\I41146_8260132755
c:\programdata\MPK\1\I41146_8294855440
c:\programdata\MPK\1\I41146_8329577199
c:\programdata\MPK\1\I41146_8364299653
c:\programdata\MPK\1\I41146_8399022801
c:\programdata\MPK\1\I41146_8433744097
c:\programdata\MPK\1\I41146_8468466435
c:\programdata\MPK\1\I41146_8503188426
c:\programdata\MPK\1\I41146_8537910880
c:\programdata\MPK\1\I41146_8572632870
c:\programdata\MPK\1\I41146_8607354861
c:\programdata\MPK\1\I41146_8642077431
c:\programdata\MPK\1\I41146_8676799884
c:\programdata\MPK\1\I41146_8711521759
c:\programdata\MPK\1\I41146_8746243982
c:\programdata\MPK\1\I41146_8780965972
c:\programdata\MPK\1\I41146_8815688542
c:\programdata\MPK\1\I41146_9294700579
c:\programdata\MPK\1\I41146_9329422222
c:\programdata\MPK\1\I41147_3263035301
c:\programdata\MPK\1\I41147_3297757523
c:\programdata\MPK\1\I41147_3332479745
c:\programdata\MPK\1\I41147_3367201968
c:\programdata\MPK\1\I41147_3401924306
c:\programdata\MPK\1\I41147_3436646528
c:\programdata\MPK\1\I41147_3471368634
c:\programdata\MPK\1\I41147_3506090972
c:\programdata\MPK\1\I41147_3540813079
c:\programdata\MPK\1\I41147_3575535301
c:\programdata\MPK\1\I41147_3610257755
c:\programdata\MPK\1\I41147_3644979745
c:\programdata\MPK\1\I41147_3679702199
c:\programdata\MPK\1\I41147_3714424421
c:\programdata\MPK\1\I41147_3749146644
c:\programdata\MPK\1\I41147_3783868634
c:\programdata\MPK\1\I41147_3818591204
c:\programdata\MPK\1\I41147_3853313079
c:\programdata\MPK\1\I41147_3888035301
c:\programdata\MPK\1\I41147_3922757755
c:\programdata\MPK\1\I41147_3957479745
c:\programdata\MPK\1\I41147_3992202199
c:\programdata\MPK\1\I41147_4026924190
c:\programdata\MPK\1\I41147_4061646412
c:\programdata\MPK\1\I41147_4096368634
c:\programdata\MPK\1\I41147_4131091088
c:\programdata\MPK\1\I41147_4165813079
c:\programdata\MPK\1\I41147_4200535417
c:\programdata\MPK\1\I41147_4235257523
c:\programdata\MPK\1\I41147_4269979745
c:\programdata\MPK\1\I41147_4304701968
c:\programdata\MPK\1\I41147_4339424190
c:\programdata\MPK\1\I41147_4374146412
c:\programdata\MPK\1\I41147_4408869676
c:\programdata\MPK\1\I41147_4443591088
c:\programdata\MPK\1\I41147_4478313310
c:\programdata\MPK\1\I41147_4513035301
c:\programdata\MPK\1\I41147_4547757986
c:\programdata\MPK\1\I41147_4582479745
c:\programdata\MPK\1\I41147_4617202083
c:\programdata\MPK\1\I41147_4651924421
c:\programdata\MPK\1\I41147_4686646412
c:\programdata\MPK\1\I41147_4721368866
c:\programdata\MPK\1\I41147_4756091435
c:\programdata\MPK\1\I41147_4790813657
c:\programdata\MPK\1\I41147_4825535532
c:\programdata\MPK\1\I41147_4860257755
c:\programdata\MPK\1\I41147_4894980440
c:\programdata\MPK\1\I41147_4929701968
c:\programdata\MPK\1\I41147_4964424537
c:\programdata\MPK\1\I41147_4999146412
c:\programdata\MPK\1\I41147_5033868981
c:\programdata\MPK\1\I41147_5068592593
c:\programdata\MPK\1\I41147_5103315162
c:\programdata\MPK\1\I41147_5138037731
c:\programdata\MPK\1\I41147_5172759375
c:\programdata\MPK\1\I41147_5207481713
c:\programdata\MPK\1\I41147_5242203819
c:\programdata\MPK\1\I41147_5276926042
c:\programdata\MPK\1\I41147_5311648843
c:\programdata\MPK\1\I41147_5346370486
c:\programdata\MPK\1\I41147_5381093056
c:\programdata\MPK\1\I41147_5415815046
c:\programdata\MPK\1\I41147_5450537384
c:\programdata\MPK\1\I41147_5554704282
c:\programdata\MPK\1\I41147_5589426505
c:\programdata\MPK\1\I41147_5624148611
c:\programdata\MPK\1\I41147_5658870718
c:\programdata\MPK\1\I41147_5693592940
c:\programdata\MPK\1\I41147_5728315278
c:\programdata\MPK\1\I41147_5763039120
c:\programdata\MPK\1\I41147_6144981713
c:\programdata\MPK\1\I41147_6179703819
c:\programdata\MPK\1\I41147_6214426042
c:\programdata\MPK\1\I41147_6249148958
c:\programdata\MPK\1\I41147_6283870602
c:\programdata\MPK\1\I41147_6388037269
c:\programdata\MPK\1\I41147_6422759375
c:\programdata\MPK\1\I41147_6457481713
c:\programdata\MPK\1\I41147_6492203704
c:\programdata\MPK\1\I41147_6526925926
c:\programdata\MPK\1\I41147_6561648148
c:\programdata\MPK\1\I41147_6596370602
c:\programdata\MPK\1\I41147_6631092940
c:\programdata\MPK\1\I41147_6665814931
c:\programdata\MPK\1\I41147_6700537037
c:\programdata\MPK\1\I41147_6735259259
c:\programdata\MPK\1\I41147_6769981829
c:\programdata\MPK\1\I41147_6804703819
c:\programdata\MPK\1\I41147_6839426042
c:\programdata\MPK\1\I41147_6874148148
c:\programdata\MPK\1\I41147_6908870486
c:\programdata\MPK\1\I41147_6943592708
c:\programdata\MPK\1\I41147_6978315509
c:\programdata\MPK\1\I41147_7013037037
c:\programdata\MPK\1\I41147_7047759607
c:\programdata\MPK\1\I41147_7082481713
c:\programdata\MPK\1\I41147_7117203819
c:\programdata\MPK\1\I41147_7151925926
c:\programdata\MPK\1\I41147_7186648264
c:\programdata\MPK\1\I41147_7221370486
c:\programdata\MPK\1\I41147_7256092593
c:\programdata\MPK\1\I41147_7290815393
c:\programdata\MPK\1\I41147_7325537153
c:\programdata\MPK\1\I41147_7360259491
c:\programdata\MPK\1\I41147_7394981829
c:\programdata\MPK\1\I41147_7429703935
c:\programdata\MPK\1\I41147_7464425926
c:\programdata\MPK\1\I41147_7499148611
c:\programdata\MPK\1\I41147_7533870602
c:\programdata\MPK\1\I41147_7568593171
c:\programdata\MPK\1\I41147_7603314931
c:\programdata\MPK\1\I41147_7638037384
c:\programdata\MPK\1\I41147_7672759607
c:\programdata\MPK\1\I41147_7707481944
c:\programdata\MPK\1\I41147_7742204051
c:\programdata\MPK\1\I41147_7776926157
c:\programdata\MPK\1\I41147_7811648843
c:\programdata\MPK\1\I41147_7846370486
c:\programdata\MPK\1\I41147_7881092940
c:\programdata\MPK\1\I41147_7915815278
c:\programdata\MPK\1\I41147_7950537500
c:\programdata\MPK\1\I41147_7985259838
c:\programdata\MPK\1\I41147_8019981597
c:\programdata\MPK\1\I41147_8054703819
c:\programdata\MPK\1\I41147_8089426273
c:\programdata\MPK\1\I41147_8124148148
c:\programdata\MPK\1\I41147_8158870486
c:\programdata\MPK\1\I41147_8193592940
c:\programdata\MPK\1\I41147_8228315278
c:\programdata\MPK\1\I41147_8263037500
c:\programdata\MPK\1\I41147_8297759722
c:\programdata\MPK\1\I41147_8332481597
c:\programdata\MPK\1\I41147_8367203819
c:\programdata\MPK\1\I41147_8401926273
c:\programdata\MPK\1\I41147_8436648495
c:\programdata\MPK\1\I41147_8471370833
c:\programdata\MPK\1\I41147_8506092940
c:\programdata\MPK\1\I41147_8540815972
c:\programdata\MPK\1\I41147_8575537731
c:\programdata\MPK\1\I41147_8610260764
c:\programdata\MPK\1\I41147_8714426505
c:\programdata\MPK\1\I41147_8749148380
c:\programdata\MPK\1\I41147_8783870370
c:\programdata\MPK\1\I41147_8818592593
c:\programdata\MPK\1\I41147_8853314931
c:\programdata\MPK\1\I41147_8888037384
c:\programdata\MPK\1\I41147_8922760069
c:\programdata\MPK\1\I41147_8957481829
c:\programdata\MPK\1\I41147_8992203819
c:\programdata\MPK\1\I41147_9026926273
c:\programdata\MPK\1\I41147_9054104398
c:\programdata\MPK\1\I41147_9088826157
c:\programdata\MPK\1\I41147_9123548264
c:\programdata\MPK\1\I41147_9158270602
c:\programdata\MPK\1\I41148_9192925579
c:\programdata\MPK\1\I41148_9227647569
c:\programdata\MPK\1\I41148_9262369792
c:\programdata\MPK\1\I41148_9297091782
c:\programdata\MPK\1\I41148_9331814236
c:\programdata\MPK\1\I41148_9366536458
c:\programdata\MPK\1\I41148_9401258333
c:\programdata\MPK\1\I41148_9435980556
c:\programdata\MPK\1\I41148_9461164699
c:\programdata\MPK\1\I41148_9495886111
c:\programdata\MPK\1\I41148_9530608449
c:\programdata\MPK\1\I41148_9565331250
c:\programdata\MPK\1\I41148_9600053009
c:\programdata\MPK\1\I41148_9634775116
c:\programdata\MPK\1\I41148_9669497338
c:\programdata\MPK\1\I41148_9704219560
c:\programdata\MPK\1\I41148_9738941898
c:\programdata\MPK\1\I41148_9773664352
c:\programdata\MPK\1\I41148_9808386343
c:\programdata\MPK\1\I41148_9843108681
c:\programdata\MPK\1\I41148_9867298264
c:\programdata\MPK\1\I41148_9902020139
c:\programdata\MPK\1\I41148_9936742593
c:\programdata\MPK\1\I41148_9971465162
c:\programdata\MPK\1\I41149_0006186806
c:\programdata\MPK\1\I41149_0040908912
c:\programdata\MPK\1\I41149_0145076273
c:\programdata\MPK\1\I41149_0179798264
c:\programdata\MPK\1\I41149_0214521875
c:\programdata\MPK\1\I41149_0492297685
c:\programdata\MPK\1\I41149_0527020023
c:\programdata\MPK\1\I41149_0770075694
c:\programdata\MPK\1\I41149_0804797685
c:\programdata\MPK\1\I41149_0839520370
c:\programdata\MPK\1\I41149_0874242245
c:\programdata\MPK\1\I41149_0943687153
c:\programdata\MPK\1\I41149_0978408796
c:\programdata\MPK\1\I41149_1117298148
c:\programdata\MPK\1\I41149_1152020255
c:\programdata\MPK\1\I41149_1395075810
c:\programdata\MPK\1\I41149_1429797801
c:\programdata\MPK\1\I41149_1464519907
c:\programdata\MPK\1\I41149_1742297917
c:\programdata\MPK\1\I41149_1777020139
c:\programdata\MPK\1\I41149_2054798380
c:\programdata\MPK\1\I41149_2089520370
c:\programdata\MPK\1\I41149_2158965046
c:\programdata\MPK\1\I41149_2193687963
c:\programdata\MPK\1\I41149_2228408681
c:\programdata\MPK\1\I41149_2332575810
c:\programdata\MPK\1\I41149_2367297685
c:\programdata\MPK\1\I41149_2402020486
c:\programdata\MPK\1\I41149_2436742593
c:\programdata\MPK\1\I41149_2471464468
c:\programdata\MPK\1\I41149_2506186458
c:\programdata\MPK\1\I41149_2679798264
c:\programdata\MPK\1\I41149_2714519907
c:\programdata\MPK\1\I41149_2749242014
c:\programdata\MPK\1\I41149_2853409491
c:\programdata\MPK\1\I41149_2888131366
c:\programdata\MPK\1\I41149_2922853241
c:\programdata\MPK\1\I41149_2957576042
c:\programdata\MPK\1\I41149_2992297801
c:\programdata\MPK\1\I41149_3839756134
c:\programdata\MPK\1\I41149_3874477662
c:\programdata\MPK\1\I41149_3909199421
c:\programdata\MPK\1\I41149_3943922338
c:\programdata\MPK\1\I41149_3978644329
c:\programdata\MPK\1\I41149_4013365972
c:\programdata\MPK\1\I41149_4048088773
c:\programdata\MPK\1\I41149_4082810995
c:\programdata\MPK\1\I41149_4117532639
c:\programdata\MPK\1\I41149_4152256366
c:\programdata\MPK\1\I41149_4186977083
c:\programdata\MPK\1\I41149_4221699653
c:\programdata\MPK\1\I41149_4305666435
c:\programdata\MPK\1\I41149_4340388657
c:\programdata\MPK\1\I41149_4375110764
c:\programdata\MPK\1\I41149_4409832870
c:\programdata\MPK\1\I41149_4444554861
c:\programdata\MPK\1\I41149_4479277546
c:\programdata\MPK\1\I41149_4513999421
c:\programdata\MPK\1\I41149_4548721644
c:\programdata\MPK\1\I41149_4583443981
c:\programdata\MPK\1\I41149_4618166435
c:\programdata\MPK\1\I41149_4652888426
c:\programdata\MPK\1\I41149_4687610880
c:\programdata\MPK\1\I41149_4722333796
c:\programdata\MPK\1\I41149_4757054861
c:\programdata\MPK\1\I41149_4791777199
c:\programdata\MPK\1\I41149_4826499537
c:\programdata\MPK\1\I41149_4861222106
c:\programdata\MPK\1\I41149_4895943634
c:\programdata\MPK\1\I41149_4930665856
c:\programdata\MPK\1\I41149_4965391204
c:\programdata\MPK\1\I41149_5104278704
c:\programdata\MPK\1\I41149_5139001736
c:\programdata\MPK\1\I41149_8293050463
c:\programdata\MPK\1\I41149_8327772338
c:\programdata\MPK\1\I41149_8362495370
c:\programdata\MPK\1\I41149_8466661806
c:\programdata\MPK\1\I41149_8501384028
c:\programdata\MPK\1\I41149_8536106019
c:\programdata\MPK\1\I41149_8570828472
c:\programdata\MPK\1\I41149_8605550926
c:\programdata\MPK\1\I41149_8640272685
c:\programdata\MPK\1\I41149_8674994560
c:\programdata\MPK\1\I41149_8779161574
c:\programdata\MPK\1\I41149_8813884028
c:\programdata\MPK\1\I41149_8848606481
c:\programdata\MPK\1\I41149_8883328588
c:\programdata\MPK\1\I41149_8918050232
c:\programdata\MPK\1\I41149_8952772917
c:\programdata\MPK\1\I41149_8987494560
c:\programdata\MPK\1\I41149_9022217361
c:\programdata\MPK\1\I41149_9056939005
c:\programdata\MPK\1\I41149_9091661343
c:\programdata\MPK\1\I41149_9126383449
c:\programdata\MPK\1\I41149_9161105787
c:\programdata\MPK\1\I41149_9195828472
c:\programdata\MPK\1\I41149_9230551157
c:\programdata\MPK\1\I41149_9265272569
c:\programdata\MPK\1\I41149_9299994676
c:\programdata\MPK\1\I41149_9334717824
c:\programdata\MPK\1\I41149_9369439120
c:\programdata\MPK\1\I41149_9404161343
c:\programdata\MPK\1\I41149_9438884028
c:\programdata\MPK\1\I41149_9473606250
c:\programdata\MPK\1\I41149_9508328009
c:\programdata\MPK\1\I41149_9543050694
c:\programdata\MPK\1\I41149_9577773264
c:\programdata\MPK\1\I41149_9612494560
c:\programdata\MPK\1\I41149_9647217130
c:\programdata\MPK\1\I41149_9681939583
c:\programdata\MPK\1\I41149_9716661806
c:\programdata\MPK\1\I41149_9751383796
c:\programdata\MPK\1\I41149_9786107292
c:\programdata\MPK\1\I41149_9820828125
c:\programdata\MPK\1\I41149_9855550232
c:\programdata\MPK\1\I41149_9890272569
c:\programdata\MPK\1\I41149_9924995023
c:\programdata\MPK\1\I41149_9959717245
c:\programdata\MPK\1\I41149_9994439236
c:\programdata\MPK\1\I41150_0029161458
c:\programdata\MPK\1\I41150_0063883796
c:\programdata\MPK\1\I41150_0098606250
c:\programdata\MPK\1\I41150_0133328009
c:\programdata\MPK\1\I41150_0168050463
c:\programdata\MPK\1\I41150_0202772569
c:\programdata\MPK\1\I41150_0237494560
c:\programdata\MPK\1\I41150_0272216898
c:\programdata\MPK\1\I41150_0306940046
c:\programdata\MPK\1\I41150_0341661921
c:\programdata\MPK\1\I41150_0376383681
c:\programdata\MPK\1\I41150_0411106134
c:\programdata\MPK\1\I41150_0445828935
c:\programdata\MPK\1\I41150_0480550347
c:\programdata\MPK\1\I41150_5272034259
c:\programdata\MPK\1\I41150_5306758102
c:\programdata\MPK\1\I41150_5341478935
c:\programdata\MPK\1\I41150_5376202431
c:\programdata\MPK\1\I41150_5410923264
c:\programdata\MPK\1\I41150_5445645718
c:\programdata\MPK\1\I41150_5480367708
c:\programdata\MPK\1\I41150_5515089815
c:\programdata\MPK\1\I41150_5549813426
c:\programdata\MPK\1\I41150_5584534491
c:\programdata\MPK\1\I41150_5619257986
c:\programdata\MPK\1\I41150_5653978819
c:\programdata\MPK\1\I41150_5688701273
c:\programdata\MPK\1\I41150_5723423264
c:\programdata\MPK\1\I41150_5758145370
c:\programdata\MPK\1\I41150_5792867708
c:\programdata\MPK\1\I41150_5827662731
c:\programdata\MPK\1\I41150_5862332639
c:\programdata\MPK\1\I41150_5897053935
c:\programdata\MPK\1\I41150_5931776620
c:\programdata\MPK\1\I41150_5966498727
c:\programdata\MPK\1\I41150_6001223611
c:\programdata\MPK\1\I41150_6035944676
c:\programdata\MPK\1\I41150_8744282060
c:\programdata\MPK\1\I41150_8779004398
c:\programdata\MPK\1\I41150_8813726389
c:\programdata\MPK\1\I41150_8848449768
c:\programdata\MPK\1\I41150_8883170718
c:\programdata\MPK\1\I41150_8917893171
c:\programdata\MPK\1\I41150_8952615046
c:\programdata\MPK\1\I41150_8978746759
c:\programdata\MPK\1\I41150_9013468982
c:\programdata\MPK\1\I41150_9048190972
c:\programdata\MPK\1\I41150_9082913657
c:\programdata\MPK\1\I41150_9117635185
c:\programdata\MPK\1\I41150_9152357639
c:\programdata\MPK\1\I41150_9187079861
c:\programdata\MPK\1\I41150_9221802083
c:\programdata\MPK\1\I41150_9256524537
c:\programdata\MPK\1\I41150_9291246644
c:\programdata\MPK\1\I41150_9325968982
c:\programdata\MPK\1\I41150_9360691319
c:\programdata\MPK\1\I41150_9379788773
c:\programdata\MPK\1\I41150_9414510185
c:\programdata\MPK\1\I41150_9449233102
c:\programdata\MPK\1\I41150_9483954861
c:\programdata\MPK\1\I41150_9518677662
c:\programdata\MPK\1\I41150_9553399074
c:\programdata\MPK\1\I41150_9588122107
c:\programdata\MPK\1\I41150_9622843866
c:\programdata\MPK\1\I41150_9657565972
c:\programdata\MPK\1\I41150_9692287963
c:\programdata\MPK\1\I41150_9727010185
c:\programdata\MPK\1\I41150_9761732755
c:\programdata\MPK\1\I41150_9771339352
c:\programdata\MPK\1\I41150_9806061806
c:\programdata\MPK\1\I41150_9840784028
c:\programdata\MPK\1\I41150_9875506019
c:\programdata\MPK\1\I41150_9910228009
c:\programdata\MPK\1\I41150_9944950000
c:\programdata\MPK\1\I41150_9979672917
c:\programdata\MPK\1\I41151_0014395602
c:\programdata\MPK\1\I41151_0049117014
c:\programdata\MPK\1\I41151_0083839468
c:\programdata\MPK\1\I41151_0118562269
c:\programdata\MPK\1\I41151_0153283218
c:\programdata\MPK\1\I41151_0166130440
c:\programdata\MPK\1\I41151_0200853935
c:\programdata\MPK\1\I41151_0235575347
c:\programdata\MPK\1\I41151_0270297454
c:\programdata\MPK\1\I41151_0305019329
c:\programdata\MPK\1\I41151_0339741435
c:\programdata\MPK\1\I41151_0374463773
c:\programdata\MPK\1\I41151_0443908333
c:\programdata\MPK\1\I41151_0478631134
c:\programdata\MPK\1\I41151_0513353357
c:\programdata\MPK\1\I41151_0548074769
c:\programdata\MPK\1\I41151_0568803009
c:\programdata\MPK\1\I41151_0603514236
c:\programdata\MPK\1\I41151_0638236690
c:\programdata\MPK\1\I41151_0672958565
c:\programdata\MPK\1\I41151_0707680671
c:\programdata\MPK\1\I41151_0742403704
c:\programdata\MPK\1\I41151_0777125463
c:\programdata\MPK\1\I41151_0811847801
c:\programdata\MPK\1\I41151_0846569676
c:\programdata\MPK\1\I41151_0881292477
c:\programdata\MPK\1\I41151_0916014236
c:\programdata\MPK\1\I41151_0950736343
c:\programdata\MPK\1\I41151_0975042130
c:\programdata\MPK\1\I41151_1009764005
c:\programdata\MPK\1\I41151_1044486458
c:\programdata\MPK\1\I41151_1079208333
c:\programdata\MPK\1\I41151_1113931134
c:\programdata\MPK\1\I41151_1148653588
c:\programdata\MPK\1\I41151_1183375463
c:\programdata\MPK\1\I41151_1218097569
c:\programdata\MPK\1\I41151_1252821296
c:\programdata\MPK\1\I41151_1287543750
c:\programdata\MPK\1\I41151_1322266088
c:\programdata\MPK\1\I41151_1356988310
c:\programdata\MPK\1\I41151_1378284144
c:\programdata\MPK\1\I41151_1413006944
c:\programdata\MPK\1\I41151_1447728588
c:\programdata\MPK\1\I41151_1482450810
c:\programdata\MPK\1\I41151_1517173727
c:\programdata\MPK\1\I41151_1551895486
c:\programdata\MPK\1\I41151_1586618171
c:\programdata\MPK\1\I41151_1621340972
c:\programdata\MPK\1\I41151_1656062731
c:\programdata\MPK\1\I41151_1690784954
c:\programdata\MPK\1\I41151_1725506366
c:\programdata\MPK\1\I41151_1760229282
c:\programdata\MPK\1\I41151_1784418519
c:\programdata\MPK\1\I41151_1819140972
c:\programdata\MPK\1\I41151_3707998495
c:\programdata\MPK\1\I41151_3742719213
c:\programdata\MPK\1\I41151_3777441898
c:\programdata\MPK\1\I41151_3812163773
c:\programdata\MPK\1\I41151_3846886343
c:\programdata\MPK\1\I41151_3881608102
c:\programdata\MPK\1\I41151_3916330440
c:\programdata\MPK\1\I41151_3951053704
c:\programdata\MPK\1\I41151_3985774769
c:\programdata\MPK\1\I41151_4020497454
c:\programdata\MPK\1\I41151_4055219329
c:\programdata\MPK\1\I41151_4089941898
c:\programdata\MPK\1\I41151_4124663657
c:\programdata\MPK\1\I41151_4159385995
c:\programdata\MPK\1\I41151_4194109259
c:\programdata\MPK\1\I41151_4228830324
c:\programdata\MPK\1\I41151_4263553009
c:\programdata\MPK\1\I41151_4298274884
c:\programdata\MPK\1\I41151_4332997338
c:\programdata\MPK\1\I41151_4367719213
c:\programdata\MPK\1\I41151_4402441551
c:\programdata\MPK\1\I41151_4437164815
c:\programdata\MPK\1\I41151_4471885880
c:\programdata\MPK\1\I41151_4506608565
c:\programdata\MPK\1\I41151_4541330440
c:\programdata\MPK\1\I41151_4576053009
c:\programdata\MPK\1\I41151_4610774769
c:\programdata\MPK\1\I41151_4645496875
c:\programdata\MPK\1\I41151_4680219329
c:\programdata\MPK\1\I41151_4714942477
c:\programdata\MPK\1\I41151_4749663657
c:\programdata\MPK\1\I41151_4784385764
c:\programdata\MPK\1\I41151_4819107986
c:\programdata\MPK\1\I41151_4853830208
c:\programdata\MPK\1\I41151_4888552431
c:\programdata\MPK\1\I41151_4923275926
c:\programdata\MPK\1\I41151_4957997917
c:\programdata\MPK\1\I41151_4992719792
c:\programdata\MPK\1\I41151_5027441667
c:\programdata\MPK\1\I41151_7457997338
c:\programdata\MPK\1\I41151_7492719329
c:\programdata\MPK\1\I41151_7527441435
c:\programdata\MPK\1\I41151_7562164931
c:\programdata\MPK\1\I41151_7631608681
c:\programdata\MPK\1\I41151_7666330556
c:\programdata\MPK\1\I41151_7701053935
c:\programdata\MPK\1\I41151_7770497917
c:\programdata\MPK\1\I41151_7805219329
c:\programdata\MPK\1\I41151_7944109606
c:\programdata\MPK\1\I41151_7978830208
c:\programdata\MPK\1\I41151_8013553472
c:\programdata\MPK\1\I41151_8256607986
c:\programdata\MPK\1\I41151_8291331713
c:\programdata\MPK\1\I41151_8326053009
c:\programdata\MPK\1\I41151_8360776273
c:\programdata\MPK\1\I41151_8395497454
c:\programdata\MPK\1\I41151_8430219213
c:\programdata\MPK\1\I41151_8534069792
c:\programdata\MPK\1\I41151_8568791782
c:\programdata\MPK\1\I41151_8603513889
c:\programdata\MPK\1\I41151_8638236343
c:\programdata\MPK\1\I41151_8672958333
c:\programdata\MPK\1\I41151_8707680556
c:\programdata\MPK\1\I41151_8742402894
c:\programdata\MPK\1\I41151_8777125232
c:\programdata\MPK\1\I41151_8811848495
c:\programdata\MPK\1\I41151_8846570718
c:\programdata\MPK\1\I41151_8881292014
c:\programdata\MPK\1\I41151_8916014005
c:\programdata\MPK\1\I41151_8950736111
c:\programdata\MPK\1\I41151_8985458449
c:\programdata\MPK\1\I41151_9020180440
c:\programdata\MPK\1\I41151_9054902778
c:\programdata\MPK\1\I41151_9089624884
c:\programdata\MPK\1\I41151_9124347106
c:\programdata\MPK\1\I41151_9159069792
c:\programdata\MPK\1\I41151_9193792014
c:\programdata\MPK\1\I41151_9228514236
c:\programdata\MPK\1\I41151_9263235995
c:\programdata\MPK\1\I41151_9297958565
c:\programdata\MPK\1\I41151_9332680903
c:\programdata\MPK\1\I41151_9367403125
c:\programdata\MPK\1\I41151_9402125000
c:\programdata\MPK\1\I41151_9436847569
c:\programdata\MPK\1\I41151_9471569444
c:\programdata\MPK\1\I41151_9506292014
c:\programdata\MPK\1\I41151_9541014236
c:\programdata\MPK\1\I41151_9575735995
c:\programdata\MPK\1\I41151_9610458565
c:\programdata\MPK\1\I41151_9645180787
c:\programdata\MPK\1\I41151_9679903125
c:\programdata\MPK\1\I41151_9714625347
c:\programdata\MPK\1\I41151_9749347454
c:\programdata\MPK\1\I41151_9784069329
c:\programdata\MPK\1\I41151_9818791551
c:\programdata\MPK\1\I41151_9853514236
c:\programdata\MPK\1\I41151_9888236111
c:\programdata\MPK\1\I41151_9922958218
c:\programdata\MPK\1\I41151_9957680440
c:\programdata\MPK\1\I41151_9992403125
c:\programdata\MPK\1\I41152_0027125000
c:\programdata\MPK\1\I41152_0061847106
c:\programdata\MPK\1\I41152_0096569792
c:\programdata\MPK\1\I41152_0131291551
c:\programdata\MPK\1\I41152_0166013773
c:\programdata\MPK\1\I41152_0200736111
c:\programdata\MPK\1\I41152_0235458218
c:\programdata\MPK\1\I41152_0270180671
c:\programdata\MPK\1\I41152_0304903125
c:\programdata\MPK\1\I41152_0339625000
c:\programdata\MPK\1\I41152_0374347106
c:\programdata\MPK\1\I41152_0409069560
c:\programdata\MPK\1\I41152_0443791551
c:\programdata\MPK\1\I41152_0478513889
c:\programdata\MPK\1\I41152_0513236227
c:\programdata\MPK\1\I41152_0547958681
c:\programdata\MPK\1\I41152_0582680787
c:\programdata\MPK\1\I41152_0617403009
c:\programdata\MPK\1\I41152_0652124884
c:\programdata\MPK\1\I41152_0686847222
c:\programdata\MPK\1\I41152_0721569329
c:\programdata\MPK\1\I41152_0756295023
c:\programdata\MPK\1\I41152_5428676736
c:\programdata\MPK\1\I41152_5463399074
c:\programdata\MPK\1\I41152_5498121644
c:\programdata\MPK\1\I41152_5532844560
c:\programdata\MPK\1\I41152_5567565509
c:\programdata\MPK\1\I41152_5602287731
c:\programdata\MPK\1\I41152_5637009954
c:\programdata\MPK\1\I41152_5671732060
c:\programdata\MPK\1\I41152_5706454630
c:\programdata\MPK\1\I41152_5741176736
c:\programdata\MPK\1\I41152_5775898727
c:\programdata\MPK\1\I41152_5810621065
c:\programdata\MPK\1\I41152_5845343171
c:\programdata\MPK\1\I41152_5880065625
c:\programdata\MPK\1\I41152_5914788194
c:\programdata\MPK\1\I41152_5949510185
c:\programdata\MPK\1\I41152_5984232176
c:\programdata\MPK\1\I41152_6018954398
c:\programdata\MPK\1\I41152_6053677199
c:\programdata\MPK\1\I41152_6088398958
c:\programdata\MPK\1\I41152_6123121181
c:\programdata\MPK\1\I41152_6157843750
c:\programdata\MPK\1\I41152_6192565741
c:\programdata\MPK\1\I41152_6227287847
c:\programdata\MPK\1\I41152_6262009954
c:\programdata\MPK\1\I41152_6296732755
c:\programdata\MPK\1\I41152_6331454514
c:\programdata\MPK\1\I41152_6366176736
c:\programdata\MPK\1\I41152_6400899306
c:\programdata\MPK\1\I41152_6435621065
c:\programdata\MPK\1\I41152_6470343287
c:\programdata\MPK\1\I41152_6505065741
c:\programdata\MPK\1\I41152_6539788310
c:\programdata\MPK\1\I41152_6574509954
c:\programdata\MPK\1\I41152_6609233333
c:\programdata\MPK\1\I41152_6643954282
c:\programdata\MPK\1\I41152_6678676505
c:\programdata\MPK\1\I41152_6713398727
c:\programdata\MPK\1\I41152_6748121296
c:\programdata\MPK\1\I41152_6782843866
c:\programdata\MPK\1\I41152_6817565509
c:\programdata\MPK\1\I41152_6852288889
c:\programdata\MPK\1\I41152_6887009838
c:\programdata\MPK\1\I41152_6921732407
c:\programdata\MPK\1\I41152_6956455208
c:\programdata\MPK\1\I41152_6991176620
c:\programdata\MPK\1\I41152_7025898727
c:\programdata\MPK\1\I41152_7060622107
c:\programdata\MPK\1\I41152_7095344097
c:\programdata\MPK\1\I41152_7130065509
c:\programdata\MPK\1\I41152_7164787616
c:\programdata\MPK\1\I41152_7199510532
c:\programdata\MPK\1\I41152_7234232176
c:\programdata\MPK\1\I41152_7268954398
c:\programdata\MPK\1\I41152_7303676505
c:\programdata\MPK\1\I41152_7338399653
c:\programdata\MPK\1\I41152_7373121065
c:\programdata\MPK\1\I41152_7407843403
c:\programdata\MPK\1\I41152_7442565509
c:\programdata\MPK\1\I41152_7477287731
c:\programdata\MPK\1\I41152_7512011574
c:\programdata\MPK\1\I41152_7546733333
c:\programdata\MPK\1\I41152_7581454398
c:\programdata\MPK\1\I41152_7616176736
c:\programdata\MPK\1\I41152_7650898843
c:\programdata\MPK\1\I41152_7685621296
c:\programdata\MPK\1\I41152_7720344676
c:\programdata\MPK\1\I41152_7755065625
c:\programdata\MPK\1\I41152_7789787616
c:\programdata\MPK\1\I41152_7824510301
c:\programdata\MPK\1\I41152_7859232407
c:\programdata\MPK\1\I41152_7893954398
c:\programdata\MPK\1\I41152_7928676620
c:\programdata\MPK\1\I41152_7963399074
c:\programdata\MPK\1\I41152_7998121991
c:\programdata\MPK\1\I41152_8032843287
c:\programdata\MPK\1\I41152_8067565625
c:\programdata\MPK\1\I41152_8102288194
c:\programdata\MPK\1\I41152_8137010301
c:\programdata\MPK\1\I41152_8171732176
c:\programdata\MPK\1\I41152_8206454282
c:\programdata\MPK\1\I41152_8241177083
c:\programdata\MPK\1\I41152_8275898843
c:\programdata\MPK\1\I41152_8302731829
c:\programdata\MPK\1\I41152_8337452662
c:\programdata\MPK\1\I41152_8372174884
c:\programdata\MPK\1\I41152_8406897222
c:\programdata\MPK\1\I41152_8441619329
c:\programdata\MPK\1\I41152_8476342130
c:\programdata\MPK\1\I41152_8511063773
c:\programdata\MPK\1\I41152_8545787500
c:\programdata\MPK\1\I41152_8580508333
c:\programdata\MPK\1\I41152_8615230440
c:\programdata\MPK\1\I41152_8649953357
c:\programdata\MPK\1\I41152_8684675116
c:\programdata\MPK\1\I41152_8719398264
c:\programdata\MPK\1\I41152_8754120718
c:\programdata\MPK\1\I41152_8788842940
c:\programdata\MPK\1\I41152_8823563889
c:\programdata\MPK\1\I41152_8858286343
c:\programdata\MPK\1\I41152_8893008565
c:\programdata\MPK\1\I41152_8927731134
c:\programdata\MPK\1\I41152_8962453704
c:\programdata\MPK\1\I41152_8997176620
c:\programdata\MPK\1\I41152_9031898611
c:\programdata\MPK\1\I41152_9066620949
c:\programdata\MPK\1\I41152_9101341898
c:\programdata\MPK\1\I41152_9136063889
c:\programdata\MPK\1\I41153_0004119676
c:\programdata\MPK\1\I41153_0038841667
c:\programdata\MPK\1\I41153_0073563773
c:\programdata\MPK\1\I41153_0108286574
c:\programdata\MPK\1\I41153_0143008333
c:\programdata\MPK\1\I41153_0177731018
c:\programdata\MPK\1\I41153_0212453357
c:\programdata\MPK\1\I41153_0213285417
c:\programdata\MPK\1\I41153_0231417824
c:\programdata\MPK\1\I41153_0247175231
c:\programdata\MPK\1\I41153_0274558102
c:\programdata\MPK\1\I41153_0278760880
c:\programdata\MPK\1\I41153_0281897222
c:\programdata\MPK\1\I41153_0287052315
c:\programdata\MPK\1\I41153_0306380787
c:\programdata\MPK\1\I41153_0316619792
c:\programdata\MPK\1\I41153_0323411111
c:\programdata\MPK\1\I41153_0351341898
c:\programdata\MPK\1\I41153_0386064120
c:\programdata\MPK\1\I41153_0420785995
c:\programdata\MPK\1\I41153_0455508449
c:\programdata\MPK\1\I41153_0490231134
c:\programdata\MPK\1\I41153_0524953819
c:\programdata\MPK\1\I41153_0559675231
c:\programdata\MPK\1\I41153_0594397338
c:\programdata\MPK\1\I41153_0629119444
c:\programdata\MPK\1\I41153_0663841551
c:\programdata\MPK\1\I41153_0698564236
c:\programdata\MPK\1\I41153_0733287616
c:\programdata\MPK\1\I41153_0768009259
c:\programdata\MPK\1\I41153_0802731829
c:\programdata\MPK\1\I41153_4735865278
c:\programdata\MPK\1\I41153_4770588426
c:\programdata\MPK\1\I41153_4840034143
c:\programdata\MPK\1\I41153_4874755787
c:\programdata\MPK\1\I41153_4909478356
c:\programdata\MPK\1\I41153_4944200463
c:\programdata\MPK\1\I41153_4978922917
c:\programdata\MPK\1\I41153_5013645255
c:\programdata\MPK\1\I41153_5048366898
c:\programdata\MPK\1\I41153_5083089236
c:\programdata\MPK\1\I41153_5117811458
c:\programdata\MPK\1\I41153_5152533912
c:\programdata\MPK\1\I41153_5187256250
c:\programdata\MPK\1\I41153_5221978009
c:\programdata\MPK\1\I41153_5256700694
c:\programdata\MPK\1\I41153_5291423148
c:\programdata\MPK\1\I41153_5326144676
c:\programdata\MPK\1\I41153_5360867824
c:\programdata\MPK\1\I41153_5395589120
c:\programdata\MPK\1\I41153_5430311690
c:\programdata\MPK\1\I41153_5465033565
c:\programdata\MPK\1\I41153_5499755903
c:\programdata\MPK\1\I41153_5534478125
c:\programdata\MPK\1\I41153_5569200579
c:\programdata\MPK\1\I41153_5603922569
c:\programdata\MPK\1\I41153_5638644792
c:\programdata\MPK\1\I41153_5673367477
c:\programdata\MPK\1\I41153_5708089236
c:\programdata\MPK\1\I41153_5742811574
c:\programdata\MPK\1\I41153_5777533912
c:\programdata\MPK\1\I41153_5812255903
c:\programdata\MPK\1\I41153_5846978009
c:\programdata\MPK\1\I41153_5881700579
c:\programdata\MPK\1\I41153_5916422454
c:\programdata\MPK\1\I41153_5951144792
c:\programdata\MPK\1\I41153_5985867014
c:\programdata\MPK\1\I41153_8117737847
c:\programdata\MPK\1\I41153_8152459722
c:\programdata\MPK\1\I41153_8187182060
c:\programdata\MPK\1\I41153_8221903935
c:\programdata\MPK\1\I41153_8256626620
c:\programdata\MPK\1\I41153_8291348380
c:\programdata\MPK\1\I41153_8326070833
c:\programdata\MPK\1\I41153_8360793287
c:\programdata\MPK\1\I41153_8395515278
c:\programdata\MPK\1\I41153_8430237500
c:\programdata\MPK\1\I41153_8464959491
c:\programdata\MPK\1\I41153_8499682176
c:\programdata\MPK\1\I41153_8534404282
c:\programdata\MPK\1\I41153_8569126273
c:\programdata\MPK\1\I41153_8603848843
c:\programdata\MPK\1\I41153_8638571065
c:\programdata\MPK\1\I41153_8673292940
c:\programdata\MPK\1\I41153_8708015046
c:\programdata\MPK\1\I41153_8742737616
c:\programdata\MPK\1\I41153_8777459954
c:\programdata\MPK\1\I41153_8812181829
c:\programdata\MPK\1\I41153_8846904398
c:\programdata\MPK\1\I41153_8881626389
c:\programdata\MPK\1\I41153_8916348495
c:\programdata\MPK\1\I41153_8951071875
c:\programdata\MPK\1\I41153_8985793171
c:\programdata\MPK\1\I41153_9020515509
c:\programdata\MPK\1\I41153_9055237384
c:\programdata\MPK\1\I41153_9089960880
c:\programdata\MPK\1\I41153_9124681713
c:\programdata\MPK\1\I41153_9159403935
c:\programdata\MPK\1\I41153_9194126736
c:\programdata\MPK\1\I41153_9228849074
c:\programdata\MPK\1\I41153_9263570833
c:\programdata\MPK\1\I41153_9298293287
c:\programdata\MPK\1\I41153_9333015509
c:\programdata\MPK\1\I41153_9367738079
c:\programdata\MPK\1\I41153_9402460185
c:\programdata\MPK\1\I41153_9437181713
c:\programdata\MPK\1\I41153_9471904051
c:\programdata\MPK\1\I41153_9506626389
c:\programdata\MPK\1\I41153_9541348958
c:\programdata\MPK\1\I41153_9576071296
c:\programdata\MPK\1\I41153_9610793634
c:\programdata\MPK\1\I41153_9645516551
c:\programdata\MPK\1\I41153_9680237384
c:\programdata\MPK\1\I41153_9714959606
c:\programdata\MPK\1\I41153_9749682060
c:\programdata\MPK\1\I41153_9784404398
c:\programdata\MPK\1\I41153_9819126620
c:\programdata\MPK\1\I41153_9853849190
c:\programdata\MPK\1\I41153_9888571296
c:\programdata\MPK\1\I41153_9923296296
c:\programdata\MPK\1\I41153_9958017245
c:\programdata\MPK\1\I41153_9992739583
c:\programdata\MPK\1\I41154_0027461227
c:\programdata\MPK\1\I41154_0062183449
c:\programdata\MPK\1\I41154_0096905903
c:\programdata\MPK\1\I41154_0131628356
c:\programdata\MPK\1\I41154_0166350694
c:\programdata\MPK\1\I41154_3967190046
c:\programdata\MPK\1\I41154_4002338889
c:\programdata\MPK\1\I41154_4037060995
c:\programdata\MPK\1\I41154_4071783449
c:\programdata\MPK\1\I41154_4106505671
c:\programdata\MPK\1\I41154_4141228125
c:\programdata\MPK\1\I41154_4175950000
c:\programdata\MPK\1\I41154_4210672338
c:\programdata\MPK\1\I41154_4245395602
c:\programdata\MPK\1\I41154_4280116551
c:\programdata\MPK\1\I41154_4314838657
c:\programdata\MPK\1\I41154_4349561574
c:\programdata\MPK\1\I41154_4384283333
c:\programdata\MPK\1\I41154_4419005324
c:\programdata\MPK\1\I41154_4453727778
c:\programdata\MPK\1\I41154_4488449769
c:\programdata\MPK\1\I41154_4523172454
c:\programdata\MPK\1\I41154_4557894792
c:\programdata\MPK\1\I41154_4592616435
c:\programdata\MPK\1\I41154_4627339005
c:\programdata\MPK\1\I41154_4662061343
c:\programdata\MPK\1\I41154_4696783565
c:\programdata\MPK\1\I41154_4731505671
c:\programdata\MPK\1\I41154_4766227893
c:\programdata\MPK\1\I41154_4800950000
c:\programdata\MPK\1\I41154_4835672222
c:\programdata\MPK\1\I41154_4870394213
c:\programdata\MPK\1\I41154_4905116898
c:\programdata\MPK\1\I41154_4939838889
c:\programdata\MPK\1\I41154_4974560880
c:\programdata\MPK\1\I41154_5009283681
c:\programdata\MPK\1\I41154_5044005440
c:\programdata\MPK\1\I41154_5078728125
c:\programdata\MPK\1\I41154_5113450116
c:\programdata\MPK\1\I41154_5148172454
c:\programdata\MPK\1\I41154_5182894213
c:\programdata\MPK\1\I41154_5217617824
c:\programdata\MPK\1\I41154_5252338773
c:\programdata\MPK\1\I41154_5321784491
c:\programdata\MPK\1\I41154_5356505787
c:\programdata\MPK\1\I41154_5530116435
c:\programdata\MPK\1\I41154_5564839120
c:\programdata\MPK\1\I41154_5599560880
c:\programdata\MPK\1\I41154_5634283681
c:\programdata\MPK\1\I41154_5669005324
c:\programdata\MPK\1\I41154_5703728009
c:\programdata\MPK\1\I41154_5738450116
c:\programdata\MPK\1\I41154_5773172917
c:\programdata\MPK\1\I41154_5807894329
c:\programdata\MPK\1\I41154_5842617245
c:\programdata\MPK\1\I41154_5877339352
c:\programdata\MPK\1\I41154_5912061227
c:\programdata\MPK\1\I41154_5946783102
c:\programdata\MPK\1\I41154_5981505556
c:\programdata\MPK\1\I41154_6006173032
c:\programdata\MPK\1\I41154_6040894213
c:\programdata\MPK\1\I41154_6075616435
c:\programdata\MPK\1\I41154_6110340046
c:\programdata\MPK\1\I41154_6145062269
c:\programdata\MPK\1\I41154_6179783565
c:\programdata\MPK\1\I41154_6214505440
c:\programdata\MPK\1\I41154_6249227662
c:\programdata\MPK\1\I41154_6283950694
c:\programdata\MPK\1\I41154_6318672106
c:\programdata\MPK\1\I41154_6353394676
c:\programdata\MPK\1\I41154_6388117014
c:\programdata\MPK\1\I41154_6402931597
c:\programdata\MPK\1\I41154_6437654167
c:\programdata\MPK\1\I41154_6472375579
c:\programdata\MPK\1\I41154_6541820023
c:\programdata\MPK\1\I41154_6576543056
c:\programdata\MPK\1\I41154_6611264815
c:\programdata\MPK\1\I41154_6645987037
c:\programdata\MPK\1\I41154_6680709607
c:\programdata\MPK\1\I41154_6715431366
c:\programdata\MPK\1\I41154_6750153588
c:\programdata\MPK\1\I41154_6784875926
c:\programdata\MPK\1\I41154_6804204398
c:\programdata\MPK\1\I41154_6838927431
c:\programdata\MPK\1\I41154_6873649421
c:\programdata\MPK\1\I41154_6908371644
c:\programdata\MPK\1\I41154_6943093634
c:\programdata\MPK\1\I41154_6977815741
c:\programdata\MPK\1\I41154_7012538079
c:\programdata\MPK\1\I41154_7047260417
c:\programdata\MPK\1\I41154_7081982870
c:\programdata\MPK\1\I41154_7116705903
c:\programdata\MPK\1\I41154_7151426736
c:\programdata\MPK\1\I41154_7182908565
c:\programdata\MPK\1\I41154_7186149190
c:\programdata\MPK\1\I41154_7217630671
c:\programdata\MPK\1\I41154_7252353009
c:\programdata\MPK\1\I41154_7287075116
c:\programdata\MPK\1\I41154_7321797106
c:\programdata\MPK\1\I41154_7356519097
c:\programdata\MPK\1\I41154_7391241898
c:\programdata\MPK\1\I41154_7425964699
c:\programdata\MPK\1\I41154_7460685764
c:\programdata\MPK\1\I41154_7495408912
c:\programdata\MPK\1\I41154_7530130556
c:\programdata\MPK\1\I41154_7533950463
c:\programdata\MPK\1\I41154_7564852662
c:\programdata\MPK\1\I41154_7568672106
c:\programdata\MPK\1\I41154_7603395486
c:\programdata\MPK\1\I41154_7638116088
c:\programdata\MPK\1\I41154_7672840509
c:\programdata\MPK\1\I41154_7707560880
c:\programdata\MPK\1\I41154_7742282986
c:\programdata\MPK\1\I41154_7769356366
c:\programdata\MPK\1\I41154_7777005093
c:\programdata\MPK\1\I41154_7804077662
c:\programdata\MPK\1\I41154_7838799537
c:\programdata\MPK\1\I41154_7873521875
c:\programdata\MPK\1\I41154_7887306019
c:\programdata\MPK\1\I41154_7922029167
c:\programdata\MPK\1\I41154_7956750926
c:\programdata\MPK\1\I41154_7991472685
c:\programdata\MPK\1\I41154_8026194213
c:\programdata\MPK\1\I41154_8060917245
c:\programdata\MPK\1\I41154_8095640509
c:\programdata\MPK\1\I41154_8130361921
c:\programdata\MPK\1\I41154_8165085301
c:\programdata\MPK\1\I41154_8199806134
c:\programdata\MPK\1\I41154_8234529282
c:\programdata\MPK\1\I41154_8245177431
c:\programdata\MPK\1\I41154_8269251736
c:\programdata\MPK\1\I41154_8279900000
c:\programdata\MPK\1\I41154_8314621991
c:\programdata\MPK\1\I41154_8349345255
c:\programdata\MPK\1\I41154_8384068287
c:\programdata\MPK\1\I41154_8418791204
c:\programdata\MPK\1\I41154_8453512616
c:\programdata\MPK\1\I41154_8488234838
c:\programdata\MPK\1\I41154_8522957407
c:\programdata\MPK\1\I41154_8557679861
c:\programdata\MPK\1\I41154_8605943518
c:\programdata\MPK\1\I41154_8640665509
c:\programdata\MPK\1\I41154_8675387153
c:\programdata\MPK\1\I41154_8710109954
c:\programdata\MPK\1\I41154_8779554282
c:\programdata\MPK\1\I41154_8814277199
c:\programdata\MPK\1\I41154_8848998611
c:\programdata\MPK\1\I41154_8883720718
c:\programdata\MPK\1\I41154_9005249306
c:\programdata\MPK\1\I41154_9039970486
c:\programdata\MPK\1\I41154_9074698843
c:\programdata\MPK\1\I41154_9248304167
c:\programdata\MPK\1\I41154_9283026042
c:\programdata\MPK\1\I41154_9317749421
c:\programdata\MPK\1\I41154_9338812732
c:\programdata\MPK\1\I41154_9352470602
c:\programdata\MPK\1\I41154_9373536227
c:\programdata\MPK\1\I41154_9408257870
c:\programdata\MPK\1\I41154_9442980787
c:\programdata\MPK\1\I41154_9477701389
c:\programdata\MPK\1\I41154_9512424190
c:\programdata\MPK\1\I41154_9547146991
c:\programdata\MPK\1\I41154_9581868750
c:\programdata\MPK\1\I41154_9616591898
c:\programdata\MPK\1\I41154_9651314583
c:\programdata\MPK\1\I41154_9686036690
c:\programdata\MPK\1\I41154_9710342477
c:\programdata\MPK\1\I41154_9720758681
c:\programdata\MPK\1\I41154_9745064236
c:\programdata\MPK\1\I41154_9779786806
c:\programdata\MPK\1\I41154_9814510301
c:\programdata\MPK\1\I41154_9849233218
c:\programdata\MPK\1\I41154_9883954977
c:\programdata\MPK\1\I41154_9918677662
c:\programdata\MPK\1\I41154_9953399537
c:\programdata\MPK\1\I41154_9988121412
c:\programdata\MPK\1\I41155_0022845023
c:\programdata\MPK\1\I41155_0057566088
c:\programdata\MPK\1\I41155_0092289005
c:\programdata\MPK\1\I41155_0098191204
c:\programdata\MPK\1\I41155_0132913079
c:\programdata\MPK\1\I41155_0167635532
c:\programdata\MPK\1\I41155_0202358218
c:\programdata\MPK\1\I41155_0237080440
c:\programdata\MPK\1\I41155_0271803356
c:\programdata\MPK\1\I41155_0306525000
c:\programdata\MPK\1\I41155_0341246875
c:\programdata\MPK\1\I41155_0375968981
c:\programdata\MPK\1\I41155_0410691435
c:\programdata\MPK\1\I41155_0445413657
c:\programdata\MPK\1\I41155_0480135417
c:\programdata\MPK\1\I41155_0489048148
c:\programdata\MPK\1\I41155_0523770139
c:\programdata\MPK\1\I41155_0558493171
c:\programdata\MPK\1\I41155_0593214005
c:\programdata\MPK\1\I41155_0627936343
c:\programdata\MPK\1\I41155_0662659028
c:\programdata\MPK\1\I41155_0697381134
c:\programdata\MPK\1\I41155_0732103588
c:\programdata\MPK\1\I41155_0766826273
c:\programdata\MPK\1\I41155_0801547801
c:\programdata\MPK\1\I41155_0836269907
c:\programdata\MPK\1\I41155_0866362616
c:\programdata\MPK\1\I41155_0870992824
c:\programdata\MPK\1\I41155_0901084375
c:\programdata\MPK\1\I41155_0935806944
c:\programdata\MPK\1\I41155_0970529051
c:\programdata\MPK\1\I41155_1005251736
c:\programdata\MPK\1\I41155_1039973032
c:\programdata\MPK\1\I41155_1074695602
c:\programdata\MPK\1\I41155_1109417708
c:\programdata\MPK\1\I41155_1144139815
c:\programdata\MPK\1\I41155_1178861921
c:\programdata\MPK\1\I41155_1213584606
c:\programdata\MPK\1\I41155_1248306713
c:\programdata\MPK\1\I41155_1253745718
c:\programdata\MPK\1\I41155_1288468634
c:\programdata\MPK\1\I41155_1323190509
c:\programdata\MPK\1\I41155_1357912037
c:\programdata\MPK\1\I41155_1392634838
c:\programdata\MPK\1\I41155_1427356713
c:\programdata\MPK\1\I41155_1462082176
c:\programdata\MPK\1\I41155_1496804861
c:\programdata\MPK\1\I41155_1531525579
c:\programdata\MPK\1\I41155_1566246181
c:\programdata\MPK\1\I41155_3731188773
c:\programdata\MPK\1\I41155_3738919560
c:\programdata\MPK\1\I41155_3773641551
c:\programdata\MPK\1\I41155_3808363657
c:\programdata\MPK\1\I41155_3843087269
c:\programdata\MPK\1\I41155_3877808218
c:\programdata\MPK\1\I41155_3912530208
c:\programdata\MPK\1\I41155_3947252546
c:\programdata\MPK\1\I41155_5266697685
c:\programdata\MPK\1\I41155_5301419676
c:\programdata\MPK\1\I41155_5336141435
c:\programdata\MPK\1\I41155_5370863889
c:\programdata\MPK\1\I41155_5405585880
c:\programdata\MPK\1\I41155_5440308796
c:\programdata\MPK\1\I41155_5475030208
c:\programdata\MPK\1\I41155_5509753009
c:\programdata\MPK\1\I41155_5961141898
c:\programdata\MPK\1\I41155_5995863773
c:\programdata\MPK\1\I41155_6030586111
c:\programdata\MPK\1\I41155_6065307986
c:\programdata\MPK\1\I41155_6134753125
c:\programdata\MPK\1\I41155_6169474769
c:\programdata\MPK\1\I41155_6204197569
c:\programdata\MPK\1\I41155_6238919329
c:\programdata\MPK\1\I41155_6273642708
c:\programdata\MPK\1\I41155_6308363773
c:\programdata\MPK\1\I41155_6343085995
c:\programdata\MPK\1\I41155_6377808102
c:\programdata\MPK\1\I41155_6412530208
c:\programdata\MPK\1\I41155_6447252546
c:\programdata\MPK\1\I41155_6481975463
c:\programdata\MPK\1\I41155_6516696991
c:\programdata\MPK\1\I41155_6551419560
c:\programdata\MPK\1\I41155_6586141435
c:\programdata\MPK\1\I41155_6620864931
c:\programdata\MPK\1\I41155_6655585995
c:\programdata\MPK\1\I41155_6690307986
c:\programdata\MPK\1\I41155_6725031019
c:\programdata\MPK\1\I41155_6759752662
c:\programdata\MPK\1\I41155_6794475579
c:\programdata\MPK\1\I41155_6829197801
c:\programdata\MPK\1\I41155_6863919097
c:\programdata\MPK\1\I41155_6898641551
c:\programdata\MPK\1\I41155_7072253935
c:\programdata\MPK\1\I41155_7106974769
c:\programdata\MPK\1\I41155_7141696991
c:\programdata\MPK\1\I41155_7176419097
c:\programdata\MPK\1\I41155_7523641898
c:\programdata\MPK\1\I41155_7558364120
c:\programdata\MPK\1\I41155_7593087269
c:\programdata\MPK\1\I41155_7627808565
c:\programdata\MPK\1\I41155_7662530671
c:\programdata\MPK\1\I41155_7731974769
c:\programdata\MPK\1\I41155_7766697222
c:\programdata\MPK\1\I41155_7801419329
c:\programdata\MPK\1\I41155_7836141435
c:\programdata\MPK\1\I41155_7870863889
c:\programdata\MPK\1\I41155_7905585880
c:\programdata\MPK\1\I41155_7940308796
c:\programdata\MPK\1\I41155_7975030787
c:\programdata\MPK\1\I41155_8009752893
c:\programdata\MPK\1\I41155_8044475000
c:\programdata\MPK\1\I41155_8113920023
c:\programdata\MPK\1\I41155_8148641782
c:\programdata\MPK\1\I41155_8183363889
c:\programdata\MPK\1\I41155_8218085995
c:\programdata\MPK\1\I41155_8634752662
c:\programdata\MPK\1\I41155_8669474653
c:\programdata\MPK\1\I41155_8704197454
c:\programdata\MPK\1\I41155_8738919792
c:\programdata\MPK\1\I41155_8773641551
c:\programdata\MPK\1\I41155_8808363657
c:\programdata\MPK\1\I41155_8843086227
c:\programdata\MPK\1\I41155_8877807986
c:\programdata\MPK\1\I41155_8912530556
c:\programdata\MPK\1\I41155_8947252431
c:\programdata\MPK\1\I41155_8981975347
c:\programdata\MPK\1\I41155_9016697106
c:\programdata\MPK\1\I41155_9051419213
c:\programdata\MPK\1\I41155_9086142361
c:\programdata\MPK\1\I41155_9120863542
c:\programdata\MPK\1\I41155_9155586227
c:\programdata\MPK\1\I41155_9190308565
c:\programdata\MPK\1\I41155_9225030671
c:\programdata\MPK\1\I41156_6738869792
c:\programdata\MPK\1\I41156_6773591204
c:\programdata\MPK\1\I41156_6808314005
c:\programdata\MPK\1\I41156_6843035995
c:\programdata\MPK\1\I41156_6877757986
c:\programdata\MPK\1\I41156_6912480787
c:\programdata\MPK\1\I41156_6947203125
c:\programdata\MPK\1\I41156_6981925116
c:\programdata\MPK\1\I41156_7016647338
c:\programdata\MPK\1\I41156_7051369097
c:\programdata\MPK\1\I41156_7086092014
c:\programdata\MPK\1\I41156_7110608912
c:\programdata\MPK\1\I41156_7145332060
c:\programdata\MPK\1\I41156_7180053009
c:\programdata\MPK\1\I41156_7214775231
c:\programdata\MPK\1\I41156_7249497569
c:\programdata\MPK\1\I41156_7501928009
c:\programdata\MPK\1\I41156_7536650231
c:\programdata\MPK\1\I41156_7571372338
c:\programdata\MPK\1\I41156_7849150231
c:\programdata\MPK\1\I41156_7883872685
c:\programdata\MPK\1\I41156_7891743287
c:\programdata\MPK\1\I41156_7926465278
c:\programdata\MPK\1\I41156_8457252778
c:\programdata\MPK\1\I41156_8491975000
c:\programdata\MPK\1\I41156_8526696181
c:\programdata\MPK\1\I41156_8561418750
c:\programdata\MPK\1\I41156_8596141435
c:\programdata\MPK\1\I41156_8630863889
c:\programdata\MPK\1\I41157_6173641898
c:\programdata\MPK\1\I41157_6208364005
c:\programdata\MPK\1\I41157_6243086690
c:\programdata\MPK\1\I41157_6277809144
c:\programdata\MPK\1\I41157_6312530903
c:\programdata\MPK\1\I41157_6347253588
c:\programdata\MPK\1\I41157_6381975116
c:\programdata\MPK\1\I41157_6416697338
c:\programdata\MPK\1\I41157_6451420602
c:\programdata\MPK\1\I41157_6486142361
c:\programdata\MPK\1\I41157_6520864583
c:\programdata\MPK\1\I41157_6555586574
c:\programdata\MPK\1\I41157_6590308449
c:\programdata\MPK\1\I41157_6625030671
c:\programdata\MPK\1\I41157_6659753704
c:\programdata\MPK\1\I41157_6694475463
c:\programdata\MPK\1\I41157_6729197801
c:\programdata\MPK\1\I41157_6763919907
c:\programdata\MPK\1\I41157_6798641782
c:\programdata\MPK\1\I41157_6833365741
c:\programdata\MPK\1\I41157_6868086343
c:\programdata\MPK\1\I41157_6902809259
c:\programdata\MPK\1\I41157_6937531018
c:\programdata\MPK\1\I41157_6972253472
c:\programdata\MPK\1\I41157_7006976389
c:\programdata\MPK\1\I41157_7041697569
c:\programdata\MPK\1\I41157_7076419792
c:\programdata\MPK\1\I41157_7111141898
c:\programdata\MPK\1\I41157_7145865741
c:\programdata\MPK\1\I41157_7180587269
c:\programdata\MPK\1\I41157_7215308565
c:\programdata\MPK\1\I41157_7250031366
c:\programdata\MPK\1\I41157_7284752894
c:\programdata\MPK\1\I41157_7319475926
c:\programdata\MPK\1\I41157_7354197454
c:\programdata\MPK\1\I41157_7388920139
c:\programdata\MPK\1\I41157_7423643056
c:\programdata\MPK\1\I41157_7458364236
c:\programdata\MPK\1\I41157_7493087616
c:\programdata\MPK\1\I41157_7527809144
c:\programdata\MPK\1\I41157_7627758102
c:\programdata\MPK\1\I41157_7662480324
c:\programdata\MPK\1\I41157_7697202431
c:\programdata\MPK\1\I41157_7731924537
c:\programdata\MPK\1\I41157_7766646759
c:\programdata\MPK\1\I41157_7801368981
c:\programdata\MPK\1\I41157_7836091319
c:\programdata\MPK\1\I41157_7870813542
c:\programdata\MPK\1\I41157_7905535764
c:\programdata\MPK\1\I41157_7940258102
c:\programdata\MPK\1\I41157_7974980093
c:\programdata\MPK\1\I41157_8009702315
c:\programdata\MPK\1\I41157_8044424537
c:\programdata\MPK\1\I41157_8079147685
c:\programdata\MPK\1\I41157_8113869097
c:\programdata\MPK\1\I41157_8148591204
c:\programdata\MPK\1\I41157_8183313426
c:\programdata\MPK\1\I41157_8218035764
c:\programdata\MPK\1\I41157_8252758102
c:\programdata\MPK\1\I41157_8287480671
c:\programdata\MPK\1\I41157_8322202662
c:\programdata\MPK\1\I41157_8356924884
c:\programdata\MPK\1\I41157_8391646991
c:\programdata\MPK\1\I41157_8426369329
c:\programdata\MPK\1\I41157_8461091319
c:\programdata\MPK\1\I41157_8495813542
c:\programdata\MPK\1\I41157_8530535764
c:\programdata\MPK\1\I41157_8565258218
c:\programdata\MPK\1\I41157_8599980324
c:\programdata\MPK\1\I41157_8634702431
c:\programdata\MPK\1\I41157_8669424769
c:\programdata\MPK\1\I41157_8704146991
c:\programdata\MPK\1\I41157_8738869213
c:\programdata\MPK\1\I41157_8773591551
c:\programdata\MPK\1\I41157_8808313773
c:\programdata\MPK\1\I41157_8843035880
c:\programdata\MPK\1\I41157_8877758218
c:\programdata\MPK\1\I41157_8912480324
c:\programdata\MPK\1\I41157_8947202431
c:\programdata\MPK\1\I41157_8981924653
c:\programdata\MPK\1\I41157_9016646991
c:\programdata\MPK\1\I41157_9051369097
c:\programdata\MPK\1\I41157_9086091319
c:\programdata\MPK\1\I41157_9120813773
c:\programdata\MPK\1\I41157_9155535764
c:\programdata\MPK\1\I41157_9190257986
c:\programdata\MPK\1\I41157_9224980324
c:\programdata\MPK\1\I41157_9259702546
c:\programdata\MPK\1\I41157_9294424653
c:\programdata\MPK\1\I41157_9329146875
c:\programdata\MPK\1\I41157_9363869213
c:\programdata\MPK\1\I41157_9398591551
c:\programdata\MPK\1\I41157_9433313773
c:\programdata\MPK\1\I41157_9468035764
c:\programdata\MPK\1\I41157_9502758102
c:\programdata\MPK\1\I41157_9537480556
c:\programdata\MPK\1\I41157_9572202431
c:\programdata\MPK\1\I41157_9606924769
c:\programdata\MPK\1\I41157_9641646875
c:\programdata\MPK\1\I41157_9676369213
c:\programdata\MPK\1\I41157_9711091319
c:\programdata\MPK\1\I41157_9745813657
c:\programdata\MPK\1\I41157_9780535764
c:\programdata\MPK\1\I41157_9815258218
c:\programdata\MPK\1\I41158_6808775347
c:\programdata\MPK\1\I41158_6843498495
c:\programdata\MPK\1\I41158_7017108565
c:\programdata\MPK\1\I41158_7051830324
c:\programdata\MPK\1\I41158_7086552894
c:\programdata\MPK\1\I41158_7121275000
c:\programdata\MPK\1\I41158_7260163889
c:\programdata\MPK\1\I41158_7294885764
c:\programdata\MPK\1\I41158_7329607986
c:\programdata\MPK\1\I41158_7364330556
c:\programdata\MPK\1\I41158_7399052431
c:\programdata\MPK\1\I41158_7433774884
c:\programdata\MPK\1\I41158_7468496759
c:\programdata\MPK\1\I41158_7503219097
c:\programdata\MPK\1\I41158_7537941551
c:\programdata\MPK\1\I41158_7572663657
c:\programdata\MPK\1\I41158_7607385995
c:\programdata\MPK\1\I41158_7642108333
c:\programdata\MPK\1\I41158_7725803009
c:\programdata\MPK\1\I41158_7760525810
c:\programdata\MPK\1\I41158_7795247569
c:\programdata\MPK\1\I41158_7829969676
c:\programdata\MPK\1\I41158_7864691898
c:\programdata\MPK\1\I41158_7899415625
c:\programdata\MPK\1\I41158_7934136343
c:\programdata\MPK\1\I41158_7968858565
c:\programdata\MPK\1\I41158_8003581366
c:\programdata\MPK\1\I41158_8038303125
c:\programdata\MPK\1\I41158_8073026505
c:\programdata\MPK\1\I41158_8107747569
c:\programdata\MPK\1\I41158_8142469792
c:\programdata\MPK\1\I41158_8177191782
c:\programdata\MPK\1\I41158_8211914120
c:\programdata\MPK\1\I41158_8246636921
c:\programdata\MPK\1\I41158_8281358681
c:\programdata\MPK\1\I41158_8316082060
c:\programdata\MPK\1\I41158_8350803009
c:\programdata\MPK\1\I41158_8385525347
c:\programdata\MPK\1\I41158_8420247338
c:\programdata\MPK\1\I41158_8454969676
c:\programdata\MPK\1\I41158_8489692477
c:\programdata\MPK\1\I41158_8524414352
c:\programdata\MPK\1\I41158_8559137616
c:\programdata\MPK\1\I41158_8593858565
c:\programdata\MPK\1\I41158_8628580903
c:\programdata\MPK\1\I41158_8663302894
c:\programdata\MPK\1\I41158_8698025231
c:\programdata\MPK\1\I41158_8732747338
c:\programdata\MPK\1\I41158_8767469792
c:\programdata\MPK\1\I41158_8802191898
c:\programdata\MPK\1\I41158_8836914120
c:\programdata\MPK\1\I41158_8871636574
c:\programdata\MPK\1\I41158_8906359144
c:\programdata\MPK\1\I41158_8941080671
c:\programdata\MPK\1\I41158_8975803125
c:\programdata\MPK\1\I41158_9010526736
c:\programdata\MPK\1\I41158_9045247569
c:\programdata\MPK\1\I41158_9079970370
c:\programdata\MPK\1\I41158_9114691782
c:\programdata\MPK\1\I41158_9149414699
c:\programdata\MPK\1\I41158_9184137037
c:\programdata\MPK\1\I41158_9218858565
c:\programdata\MPK\1\I41158_9253581366
c:\programdata\MPK\1\I41158_9288302894
c:\programdata\MPK\1\I41158_9323025231
c:\programdata\MPK\1\I41158_9357747569
c:\programdata\MPK\1\I41158_9392469560
c:\programdata\MPK\1\I41158_9427192130
c:\programdata\MPK\1\I41158_9461914120
c:\programdata\MPK\1\I41158_9496636921
c:\programdata\MPK\1\I41158_9531358449
c:\programdata\MPK\1\I41158_9566080903
c:\programdata\MPK\1\I41158_9600803009
c:\programdata\MPK\1\I41158_9635525116
c:\programdata\MPK\1\I41158_9670247685
c:\programdata\MPK\1\I41158_9704969792
c:\programdata\MPK\1\I41158_9739693171
c:\programdata\MPK\1\I41158_9774414815
c:\programdata\MPK\1\I41158_9809136574
c:\programdata\MPK\1\I41158_9843858565
c:\programdata\MPK\1\I41158_9878581366
c:\programdata\MPK\1\I41158_9913303125
c:\programdata\MPK\1\I41158_9948025347
c:\programdata\MPK\1\I41158_9982747338
c:\programdata\MPK\1\I41159_0017469907
c:\programdata\MPK\1\I41159_0052192130
c:\programdata\MPK\1\I41159_6040155440
c:\programdata\MPK\1\I41159_6074877431
c:\programdata\MPK\1\I41159_6109600694
c:\programdata\MPK\1\I41159_6144321528
c:\programdata\MPK\1\I41159_6179043981
c:\programdata\MPK\1\I41159_6213765972
c:\programdata\MPK\1\I41159_6248488194
c:\programdata\MPK\1\I41159_6283210532
c:\programdata\MPK\1\I41159_6317932986
c:\programdata\MPK\1\I41159_6352656250
c:\programdata\MPK\1\I41159_6387377083
c:\programdata\MPK\1\I41159_6422099653
c:\programdata\MPK\1\I41159_6456821528
c:\programdata\MPK\1\I41159_6491543750
c:\programdata\MPK\1\I41159_6526266088
c:\programdata\MPK\1\I41159_6560988542
c:\programdata\MPK\1\I41159_6595711806
c:\programdata\MPK\1\I41159_6630432755
c:\programdata\MPK\1\I41159_6665155093
c:\programdata\MPK\1\I41159_6699877083
c:\programdata\MPK\1\I41159_6734599306
c:\programdata\MPK\1\I41159_6769321644
c:\programdata\MPK\1\I41159_6804044097
c:\programdata\MPK\1\I41159_6838767361
c:\programdata\MPK\1\I41159_6873488194
c:\programdata\MPK\1\I41159_6908210764
c:\programdata\MPK\1\I41159_6942932639
c:\programdata\MPK\1\I41159_6977654977
c:\programdata\MPK\1\I41159_7012377199
c:\programdata\MPK\1\I41159_7047099190
c:\programdata\MPK\1\I41159_7081822222
c:\programdata\MPK\1\I41159_7116544097
c:\programdata\MPK\1\I41159_7151266088
c:\programdata\MPK\1\I41159_7185988310
c:\programdata\MPK\1\I41159_7220710417
c:\programdata\MPK\1\I41159_7255432639
c:\programdata\MPK\1\I41159_7290154745
c:\programdata\MPK\1\I41159_7324877778
c:\programdata\MPK\1\I41159_7359599653
c:\programdata\MPK\1\I41159_7394321644
c:\programdata\MPK\1\I41159_7429043866
c:\programdata\MPK\1\I41159_7463766319
c:\programdata\MPK\1\I41159_7498488194
c:\programdata\MPK\1\I41159_7533210648
c:\programdata\MPK\1\I41159_7567933333
c:\programdata\MPK\1\I41159_7602655324
c:\programdata\MPK\1\I41159_7637377199
c:\programdata\MPK\1\I41159_7672099537
c:\programdata\MPK\1\I41159_7706821759
c:\programdata\MPK\1\I41159_7741544329
c:\programdata\MPK\1\I41159_7776265856
c:\programdata\MPK\1\I41159_7810988310
c:\programdata\MPK\1\I41159_7845710417
c:\programdata\MPK\1\I41159_7880432870
c:\programdata\MPK\1\I41159_7915154861
c:\programdata\MPK\1\I41159_7949877431
c:\programdata\MPK\1\I41159_7984599537
c:\programdata\MPK\1\I41159_8019321644
c:\programdata\MPK\1\I41159_8054043866
c:\programdata\MPK\1\I41159_8088765856
c:\programdata\MPK\1\I41159_8123488194
c:\programdata\MPK\1\I41159_8158210648
c:\programdata\MPK\1\I41159_8192932870
c:\programdata\MPK\1\I41159_8227655093
c:\programdata\MPK\1\I41159_8262377315
c:\programdata\MPK\1\I41159_8297099537
c:\programdata\MPK\1\I41159_8331821759
c:\programdata\MPK\1\I41159_8366544213
c:\programdata\MPK\1\I41159_8401266088
c:\programdata\MPK\1\I41159_8435988310
c:\programdata\MPK\1\I41159_8470710648
c:\programdata\MPK\1\I41159_8505432639
c:\programdata\MPK\1\I41159_8540155556
c:\programdata\MPK\1\I41159_8574877546
c:\programdata\MPK\1\I41159_8609599653
c:\programdata\MPK\1\I41159_8644321412
c:\programdata\MPK\1\I41159_8679043866
c:\programdata\MPK\1\I41159_8713766204
c:\programdata\MPK\1\I41159_8748488194
c:\programdata\MPK\1\I41159_8783210880
c:\programdata\MPK\1\I41159_8817932523
c:\programdata\MPK\1\I41159_8852655324
c:\programdata\MPK\1\I41159_8887377431
c:\programdata\MPK\1\I41159_8922099190
c:\programdata\MPK\1\I41159_8956822222
c:\programdata\MPK\1\I41159_8991543750
c:\programdata\MPK\1\I41159_9026265972
c:\programdata\MPK\1\I41159_9060988310
c:\programdata\MPK\1\I41159_9095710648
c:\programdata\MPK\1\I41159_9130434028
c:\programdata\MPK\1\I41159_9165154745
c:\programdata\MPK\1\I41159_9199877199
c:\programdata\MPK\1\I41159_9234599653
c:\programdata\MPK\1\I41159_9338766319
c:\programdata\MPK\1\I41159_9373488310
c:\programdata\MPK\1\I41159_9408210532
c:\programdata\MPK\1\I41159_9442932986
c:\programdata\MPK\1\I41159_9477654977
c:\programdata\MPK\1\I41159_9512378588
c:\programdata\MPK\1\I41159_9547099537
c:\programdata\MPK\1\I41159_9581821644
c:\programdata\MPK\1\I41159_9616543981
c:\programdata\MPK\1\I41159_9651265856
c:\programdata\MPK\1\I41159_9685988773
c:\programdata\MPK\1\I41159_9720711458
c:\programdata\MPK\1\I41159_9755432986
c:\programdata\MPK\1\I41159_9790155208
c:\programdata\MPK\1\I41159_9824876968
c:\programdata\MPK\1\I41159_9859599421
c:\programdata\MPK\1\I41159_9894321412
c:\programdata\MPK\1\I41159_9929044213
c:\programdata\MPK\1\I41159_9963767130
c:\programdata\MPK\1\I41159_9998488194
c:\programdata\MPK\1\I41160_0033210301
c:\programdata\MPK\1\I41160_0067932523
c:\programdata\MPK\1\I41160_0102654745
c:\programdata\MPK\1\I41160_0137376968
c:\programdata\MPK\1\I41160_0172099884
c:\programdata\MPK\1\I41160_0206821644
c:\programdata\MPK\1\I41160_0241544792
c:\programdata\MPK\1\I41160_0276266088
c:\programdata\MPK\1\I41160_0310988310
c:\programdata\MPK\1\I41160_0345710532
c:\programdata\MPK\1\I41160_0380433102
c:\programdata\MPK\1\I41160_0415155324
c:\programdata\MPK\1\I41160_0449877199
c:\programdata\MPK\1\I41160_0484600347
c:\programdata\MPK\1\I41160_0519321991
c:\programdata\MPK\1\I41160_0554043866
c:\programdata\MPK\1\I41160_0588766204
c:\programdata\MPK\1\I41160_0623488079
c:\programdata\MPK\1\I41160_0658210880
c:\programdata\MPK\1\I41160_0692932870
c:\programdata\MPK\1\I41160_0727655787
c:\programdata\MPK\1\I41160_0762377083
c:\programdata\MPK\1\I41160_0797099190
c:\programdata\MPK\1\I41160_0831821644
c:\programdata\MPK\1\I41160_0866544329
c:\programdata\MPK\1\I41160_0901266551
c:\programdata\MPK\1\I41160_0935989352
c:\programdata\MPK\1\I41160_4021614583
c:\programdata\MPK\1\I41160_4056339815
c:\programdata\MPK\1\I41160_4091060764
c:\programdata\MPK\1\I41160_4125783333
c:\programdata\MPK\1\I41160_4160505787
c:\programdata\MPK\1\I41160_4195228704
c:\programdata\MPK\1\I41160_4229950463
c:\programdata\MPK\1\I41160_4264672454
c:\programdata\MPK\1\I41160_4299394560
c:\programdata\MPK\1\I41160_4334116319
c:\programdata\MPK\1\I41160_4368840278
c:\programdata\MPK\1\I41160_4386526736
c:\programdata\MPK\1\I41160_4421249306
c:\programdata\MPK\1\I41160_4455971181
c:\programdata\MPK\1\I41160_4490693750
c:\programdata\MPK\1\I41160_4525415625
c:\programdata\MPK\1\I41160_4560138194
c:\programdata\MPK\1\I41160_4594861574
c:\programdata\MPK\1\I41160_4629582292
c:\programdata\MPK\1\I41160_4664304861
c:\programdata\MPK\1\I41160_4699026736
c:\programdata\MPK\1\I41160_4733749306
c:\programdata\MPK\1\I41160_4768471181
c:\programdata\MPK\1\I41160_4803193403
c:\programdata\MPK\1\I41160_4837917130
c:\programdata\MPK\1\I41160_4872637963
c:\programdata\MPK\1\I41160_4907360417
c:\programdata\MPK\1\I41160_4942082292
c:\programdata\MPK\1\I41160_4976804861
c:\programdata\MPK\1\I41160_5011526736
c:\programdata\MPK\1\I41160_5046249074
c:\programdata\MPK\1\I41160_5080971181
c:\programdata\MPK\1\I41160_5115693634
c:\programdata\MPK\1\I41160_5150415741
c:\programdata\MPK\1\I41160_5185137847
c:\programdata\MPK\1\I41160_5219860532
c:\programdata\MPK\1\I41160_5254582407
c:\programdata\MPK\1\I41160_5428193287
c:\programdata\MPK\1\I41160_5462915741
c:\programdata\MPK\1\I41160_5497638773
c:\programdata\MPK\1\I41160_5532360185
c:\programdata\MPK\1\I41160_5567082292
c:\programdata\MPK\1\I41160_5601804398
c:\programdata\MPK\1\I41160_5636526852
c:\programdata\MPK\1\I41160_5740693519
c:\programdata\MPK\1\I41160_5775415509
c:\programdata\MPK\1\I41160_5810137847
c:\programdata\MPK\1\I41160_5844860417
c:\programdata\MPK\1\I41160_5879582523
c:\programdata\MPK\1\I41160_5914304630
c:\programdata\MPK\1\I41160_5949026852
c:\programdata\MPK\1\I41160_5983749074
c:\programdata\MPK\1\I41160_6018471296
c:\programdata\MPK\1\I41160_6053193519
c:\programdata\MPK\1\I41160_6087915856
c:\programdata\MPK\1\I41160_6122637847
c:\programdata\MPK\1\I41160_6157360069
c:\programdata\MPK\1\I41160_6192082870
c:\programdata\MPK\1\I41160_6226804514
c:\programdata\MPK\1\I41160_6261527546
c:\programdata\MPK\1\I41160_8748720255
c:\programdata\MPK\1\I41160_8783442361
c:\programdata\MPK\1\I41160_8818164236
c:\programdata\MPK\1\I41160_8852886574
c:\programdata\MPK\1\I41160_8887609028
c:\programdata\MPK\1\I41160_8922331134
c:\programdata\MPK\1\I41160_8957053009
c:\programdata\MPK\1\I41160_8991775347
c:\programdata\MPK\1\I41160_9026497454
c:\programdata\MPK\1\I41160_9061219792
c:\programdata\MPK\1\I41160_9095942130
c:\programdata\MPK\1\I41160_9130664352
c:\programdata\MPK\1\I41160_9165386343
c:\programdata\MPK\1\I41160_9200108449
c:\programdata\MPK\1\I41160_9234830671
c:\programdata\MPK\1\I41160_9269553588
c:\programdata\MPK\1\I41160_9304275347
c:\programdata\MPK\1\I41160_9338999074
c:\programdata\MPK\1\I41160_9373720255
c:\programdata\MPK\1\I41160_9408443056
c:\programdata\MPK\1\I41160_9443164468
c:\programdata\MPK\1\I41160_9477886574
c:\programdata\MPK\1\I41160_9512608449
c:\programdata\MPK\1\I41160_9547331019
c:\programdata\MPK\1\I41160_9582053009
c:\programdata\MPK\1\I41160_9616776157
c:\programdata\MPK\1\I41160_9651497338
c:\programdata\MPK\1\I41160_9686219792
c:\programdata\MPK\1\I41160_9720942014
c:\programdata\MPK\1\I41160_9755664005
c:\programdata\MPK\1\I41160_9790386227
c:\programdata\MPK\1\I41160_9825109375
c:\programdata\MPK\1\I41160_9859830787
c:\programdata\MPK\1\I41160_9894553125
c:\programdata\MPK\1\I41160_9929275694
c:\programdata\MPK\1\I41161_4481443171
c:\programdata\MPK\1\I41161_4516164699
c:\programdata\MPK\1\I41161_4550886921
c:\programdata\MPK\1\I41161_4585609259
c:\programdata\MPK\1\I41161_4620331481
c:\programdata\MPK\1\I41161_4655053356
c:\programdata\MPK\1\I41161_4689776273
c:\programdata\MPK\1\I41161_4724498380
c:\programdata\MPK\1\I41161_4759220023
c:\programdata\MPK\1\I41161_4793942245
c:\programdata\MPK\1\I41161_4828664815
c:\programdata\MPK\1\I41161_4863386806
c:\programdata\MPK\1\I41161_4898109028
c:\programdata\MPK\1\I41161_4932831829
c:\programdata\MPK\1\I41161_4967553472
c:\programdata\MPK\1\I41161_5170001620
c:\programdata\MPK\1\I41161_5204723611
c:\programdata\MPK\1\I41161_5239445949
c:\programdata\MPK\1\I41161_5274168056
c:\programdata\MPK\1\I41161_5308890393
c:\programdata\MPK\1\I41161_5343612500
c:\programdata\MPK\1\I41161_5378334722
c:\programdata\MPK\1\I41161_5413057176
c:\programdata\MPK\1\I41161_5447779051
c:\programdata\MPK\1\I41161_5482502083
c:\programdata\MPK\1\I41161_5517223727
c:\programdata\MPK\1\I41161_5551945718
c:\programdata\MPK\1\I41161_5586668519
c:\programdata\MPK\1\I41161_5621390741
c:\programdata\MPK\1\I41161_5656113657
c:\programdata\MPK\1\I41161_5690834722
c:\programdata\MPK\1\I41161_5725557060
c:\programdata\MPK\1\I41161_5760279398
c:\programdata\MPK\1\I41161_5795001389
c:\programdata\MPK\1\I41161_5829724190
c:\programdata\MPK\1\I41161_5864445833
c:\programdata\MPK\1\I41161_5899168287
c:\programdata\MPK\1\I41161_5933890162
c:\programdata\MPK\1\I41161_5968612500
c:\programdata\MPK\1\I41161_6003334954
c:\programdata\MPK\1\I41161_6038057523
c:\programdata\MPK\1\I41161_6072779745
c:\programdata\MPK\1\I41161_6107501389
c:\programdata\MPK\1\I41161_6142223611
c:\programdata\MPK\1\I41161_6176945949
c:\programdata\MPK\1\I41161_6211668056
c:\programdata\MPK\1\I41161_6246390162
c:\programdata\MPK\1\I41161_6281112500
c:\programdata\MPK\1\I41161_6315834838
c:\programdata\MPK\1\I41161_6350557060
c:\programdata\MPK\1\I41161_6385279051
c:\programdata\MPK\1\I41161_6420001505
c:\programdata\MPK\1\I41161_6499674537
c:\programdata\MPK\1\I41161_6534397801
c:\programdata\MPK\1\I41161_6569118866
c:\programdata\MPK\1\I41161_6603841088
c:\programdata\MPK\1\I41161_6685736806
c:\programdata\MPK\1\I41161_6720459028
c:\programdata\MPK\1\I41161_6755181250
c:\programdata\MPK\1\I41161_6789903704
c:\programdata\MPK\1\I41161_6824626736
c:\programdata\MPK\1\I41161_6859347917
c:\programdata\MPK\1\I41161_6998575116
c:\programdata\MPK\1\I41161_7032373727
c:\programdata\MPK\1\I41161_7067095602
c:\programdata\MPK\1\I41161_7101817940
c:\programdata\MPK\1\I41161_7136540509
c:\programdata\MPK\1\I41161_7171262963
c:\programdata\MPK\1\I41161_7205984606
c:\programdata\MPK\1\I41161_7240706713
c:\programdata\MPK\1\I41161_7275429630
c:\programdata\MPK\1\I41161_7310151273
c:\programdata\MPK\1\I41161_7344873727
c:\programdata\MPK\1\I41161_7379596181
c:\programdata\MPK\1\I41161_7414317940
c:\programdata\MPK\1\I41161_7449040046
c:\programdata\MPK\1\I41161_7692095718
c:\programdata\MPK\1\I41161_7726817940
c:\programdata\MPK\1\I41161_7761540278
c:\programdata\MPK\1\I41161_7796262847
c:\programdata\MPK\1\I41161_7830984606
c:\programdata\MPK\1\I41161_8004595602
c:\programdata\MPK\1\I41161_8039318518
c:\programdata\MPK\1\I41161_8074040162
c:\programdata\MPK\1\I41161_8108763079
c:\programdata\MPK\1\I41161_8143485648
c:\programdata\MPK\1\I41161_8178207986
c:\programdata\MPK\1\I41161_8212928935
c:\programdata\MPK\1\I41161_8247651736
c:\programdata\MPK\1\I41161_8282373611
c:\programdata\MPK\1\I41161_8317096065
c:\programdata\MPK\1\I41161_8351818981
c:\programdata\MPK\1\I41161_8386540046
c:\programdata\MPK\1\I41161_8421263657
c:\programdata\MPK\1\I41161_8455984838
c:\programdata\MPK\1\I41161_8490707292
c:\programdata\MPK\1\I41161_8525429051
c:\programdata\MPK\1\I41161_8560151389
c:\programdata\MPK\1\I41161_8594873380
c:\programdata\MPK\1\I41161_8629596181
c:\programdata\MPK\1\I41161_8664317824
c:\programdata\MPK\1\I41161_8699040278
c:\programdata\MPK\1\I41161_8733762616
c:\programdata\MPK\1\I41161_8768485301
c:\programdata\MPK\1\I41161_8858324537
c:\programdata\MPK\1\I41161_8893046643
c:\programdata\MPK\1\I41161_8927769329
c:\programdata\MPK\1\I41161_8962491204
c:\programdata\MPK\1\I41161_8997213426
c:\programdata\MPK\1\I41161_9031935648
c:\programdata\MPK\1\I41161_9066657639
c:\programdata\MPK\1\I41161_9139910995
c:\programdata\MPK\1\I41161_9174632870
c:\programdata\MPK\1\I41161_9209355440
c:\programdata\MPK\1\I41161_9244077546
c:\programdata\MPK\1\I41161_9278800000
c:\programdata\MPK\1\I41161_9313521759
c:\programdata\MPK\1\I41161_9348244907
c:\programdata\MPK\1\I41161_9382966319
c:\programdata\MPK\1\I41161_9417688889
c:\programdata\MPK\1\I41161_9452410648
c:\programdata\MPK\1\I41161_9487132870
c:\programdata\MPK\1\I41161_9521855093
c:\programdata\MPK\1\I41161_9556577546
c:\programdata\MPK\1\I41161_9591300579
c:\programdata\MPK\1\I41161_9626022222
c:\programdata\MPK\1\I41161_9660743982
c:\programdata\MPK\1\I41161_9695466319
c:\programdata\MPK\1\I41161_9730189005
c:\programdata\MPK\1\I41161_9764910648
c:\programdata\MPK\1\I41162_6906402083
c:\programdata\MPK\1\I41162_6941123958
c:\programdata\MPK\1\I41162_6975846759
c:\programdata\MPK\1\I41162_7010568634
c:\programdata\MPK\1\I41162_7045291667
c:\programdata\MPK\1\I41162_7080013079
c:\programdata\MPK\1\I41162_7114736111
c:\programdata\MPK\1\I41162_7149457292
c:\programdata\MPK\1\I41162_7184179977
c:\programdata\MPK\1\I41162_7218901736
c:\programdata\MPK\1\I41162_7253623958
c:\programdata\MPK\1\I41162_7288346759
c:\programdata\MPK\1\I41162_7323068519
c:\programdata\MPK\1\I41162_7357791898
c:\programdata\MPK\1\I41162_7459512732
c:\programdata\MPK\1\I41162_7494234722
c:\programdata\MPK\1\I41162_7528956944
c:\programdata\MPK\1\I41162_7563679167
c:\programdata\MPK\1\I41162_7598401273
c:\programdata\MPK\1\I41162_8316590856
c:\programdata\MPK\1\I41162_8351314352
c:\programdata\MPK\1\I41162_8490202083
c:\programdata\MPK\1\I41162_8524924074
c:\programdata\MPK\1\I41162_8559647685
c:\programdata\MPK\1\I41162_8594368750
c:\programdata\MPK\1\I41162_8629090856
c:\programdata\MPK\1\I41162_8663812963
c:\programdata\MPK\1\I41162_8698535532
c:\programdata\MPK\1\I41162_8733258681
c:\programdata\MPK\1\I41162_8824359259
c:\programdata\MPK\1\I41162_8859080324
c:\programdata\MPK\1\I41162_8893803009
c:\programdata\MPK\1\I41162_8928524884
c:\programdata\MPK\1\I41162_8963247107
c:\programdata\MPK\1\I41162_8997969444
c:\programdata\MPK\1\I41162_9085062268
c:\programdata\MPK\1\I41162_9119784606
c:\programdata\MPK\1\I41162_9154506713
c:\programdata\MPK\1\I41162_9189229051
c:\programdata\MPK\1\I41162_9278108796
c:\programdata\MPK\1\I41162_9312831134
c:\programdata\MPK\1\I41162_9347553241
c:\programdata\MPK\1\I41162_9382275463
c:\programdata\MPK\1\I41162_9416997917
c:\programdata\MPK\1\I41162_9478027431
c:\programdata\MPK\1\I41162_9512750116
c:\programdata\MPK\1\I41162_9547471875
c:\programdata\MPK\1\I41162_9582194329
c:\programdata\MPK\1\I41162_9653275000
c:\programdata\MPK\1\I41162_9687997338
c:\programdata\MPK\1\I41162_9722719792
c:\programdata\MPK\1\I41163_6293443287
c:\programdata\MPK\1\I41163_6328167361
c:\programdata\MPK\1\I41163_6432336690
c:\programdata\MPK\1\I41163_6467060069
c:\programdata\MPK\1\I41163_6501781366
c:\programdata\MPK\1\I41163_6536503704
c:\programdata\MPK\1\I41163_6571226157
c:\programdata\MPK\1\I41163_6605948032
c:\programdata\MPK\1\I41163_6640671296
c:\programdata\MPK\1\I41163_6675393171
c:\programdata\MPK\1\I41163_6710114815
c:\programdata\MPK\1\I41163_6744837037
c:\programdata\MPK\1\I41163_6779559722
c:\programdata\MPK\1\I41163_6814281366
c:\programdata\MPK\1\I41163_6849004282
c:\programdata\MPK\1\I41163_6883725926
c:\programdata\MPK\1\I41163_6918448495
c:\programdata\MPK\1\I41163_6953171528
c:\programdata\MPK\1\I41163_7039444097
c:\programdata\MPK\1\I41163_7074166204
c:\programdata\MPK\1\I41163_7108889005
c:\programdata\MPK\1\I41163_7198300579
c:\programdata\MPK\1\I41163_7233022222
c:\programdata\MPK\1\I41163_7267744560
c:\programdata\MPK\1\I41163_7302466667
c:\programdata\MPK\1\I41163_7337189468
c:\programdata\MPK\1\I41163_7371911690
c:\programdata\MPK\1\I41163_7406634722
c:\programdata\MPK\1\I41163_7441356134
c:\programdata\MPK\1\I41163_7476078356
c:\programdata\MPK\1\I41163_7510801736
c:\programdata\MPK\1\I41163_7545522338
c:\programdata\MPK\1\I41163_7719136690
c:\programdata\MPK\1\I41163_7753857639
c:\programdata\MPK\1\I41163_7823304861
c:\programdata\MPK\1\I41163_7858027546
c:\programdata\MPK\1\I41163_7892748611
c:\programdata\MPK\1\I41163_7927470486
c:\programdata\MPK\1\I41163_7990254514
c:\programdata\MPK\1\I41163_7996928704
c:\programdata\MPK\1\I41163_7997214352
c:\programdata\MPK\1\I41163_7997346412
c:\programdata\MPK\1\I41163_7997463889
c:\programdata\MPK\1\I41163_7997568981
c:\programdata\MPK\1\I41163_7997688426
c:\programdata\MPK\1\I41163_7998222338
c:\programdata\MPK\1\I41163_7998410648
c:\programdata\MPK\1\I41163_7998555324
c:\programdata\MPK\1\I41163_7999023727
c:\programdata\MPK\1\I41163_7999246181
c:\programdata\MPK\1\I41163_7999461343
c:\programdata\MPK\1\I41163_7999734491
c:\programdata\MPK\1\I41163_7999842940
c:\programdata\MPK\1\I41163_8000340393
c:\programdata\MPK\1\I41163_8001049306
c:\programdata\MPK\1\I41163_8001172222
c:\programdata\MPK\1\I41163_8001300694
c:\programdata\MPK\1\I41163_8001373032
c:\programdata\MPK\1\I41163_8001550231
c:\programdata\MPK\1\I41163_8001799884
c:\programdata\MPK\1\I41163_8001930093
c:\programdata\MPK\1\I41163_8002610069
c:\programdata\MPK\1\I41163_8002696991
c:\programdata\MPK\1\I41163_8002758449
c:\programdata\MPK\1\I41163_8002863426
c:\programdata\MPK\1\I41163_8002926736
c:\programdata\MPK\1\I41163_8003221412
c:\programdata\MPK\1\I41163_8003324537
c:\programdata\MPK\1\I41163_8003700694
c:\programdata\MPK\1\I41163_8004011806
c:\programdata\MPK\1\I41163_8004221528
c:\programdata\MPK\1\I41163_8004507407
c:\programdata\MPK\1\I41163_8004664931
c:\programdata\MPK\1\I41163_8004713773
c:\programdata\MPK\1\I41163_8004979861
c:\programdata\MPK\1\I41163_8005206134
c:\programdata\MPK\1\I41163_8005435995
c:\programdata\MPK\1\I41163_8005531944
c:\programdata\MPK\1\I41163_8005752778
c:\programdata\MPK\1\I41163_8006277199
c:\programdata\MPK\1\I41163_8006351273
c:\programdata\MPK\1\I41163_8024978241
c:\programdata\MPK\1\I41163_8059701157
c:\programdata\MPK\1\I41163_8152421181
c:\programdata\MPK\1\I41163_8187142361
c:\programdata\MPK\1\I41163_8256589815
c:\programdata\MPK\1\I41163_8291312963
c:\programdata\MPK\1\I41163_8360757060
c:\programdata\MPK\1\I41163_8395480324
c:\programdata\MPK\1\I41163_8430202662
c:\programdata\MPK\1\I41163_8464924306
c:\programdata\MPK\1\I41163_8478791204
c:\programdata\MPK\1\I41163_8499646528
c:\programdata\MPK\1\I41163_8513515741
c:\programdata\MPK\1\I41163_8548237037
c:\programdata\MPK\1\I41163_8582961806
c:\programdata\MPK\1\I41163_8617683796
c:\programdata\MPK\1\I41163_8652405208
c:\programdata\MPK\1\I41163_8687128356
c:\programdata\MPK\1\I41163_8721850463
c:\programdata\MPK\1\I41163_8791294560
c:\programdata\MPK\1\I41163_8826017014
c:\programdata\MPK\1\I41163_8860739583
c:\programdata\MPK\1\I41163_8887358102
c:\programdata\MPK\1\I41163_8922079514
c:\programdata\MPK\1\I41163_8956802778
c:\programdata\MPK\1\I41163_8991524653
c:\programdata\MPK\1\I41163_9026247569
c:\programdata\MPK\1\I41163_9060968866
c:\programdata\MPK\1\I41163_9095690741
c:\programdata\MPK\1\I41163_9269302083
c:\programdata\MPK\1\I41163_9304023843
c:\programdata\MPK\1\I41163_9338746412
c:\programdata\MPK\1\I41163_9373468866
c:\programdata\MPK\1\I41163_9408190278
c:\programdata\MPK\1\I41163_9442913079
c:\programdata\MPK\1\I41163_9477634838
c:\programdata\MPK\1\I41163_9581801968
c:\programdata\MPK\1\I41163_9616524421
c:\programdata\MPK\1\I41163_9651247569
c:\programdata\MPK\1\I41164_3505413773
c:\programdata\MPK\1\I41164_3540135417
c:\programdata\MPK\1\I41164_3574857986
c:\programdata\MPK\1\I41164_3609579514
c:\programdata\MPK\1\I41164_3644301620
c:\programdata\MPK\1\I41164_3679024190
c:\programdata\MPK\1\I41164_3753803356
c:\programdata\MPK\1\I41164_3788808565
c:\programdata\MPK\1\I41164_3823247685
c:\programdata\MPK\1\I41164_3857969907
c:\programdata\MPK\1\I41164_3892692361
c:\programdata\MPK\1\I41164_3927414815
c:\programdata\MPK\1\I41164_3962138194
c:\programdata\MPK\1\I41164_3996860532
c:\programdata\MPK\1\I41164_4031582755
c:\programdata\MPK\1\I41164_4101029167
c:\programdata\MPK\1\I41164_4135751736
c:\programdata\MPK\1\I41164_4170473611
c:\programdata\MPK\1\I41164_4205195949
c:\programdata\MPK\1\I41164_6160311806
c:\programdata\MPK\1\I41164_6195035532
c:\programdata\MPK\1\I41164_6229757407
c:\programdata\MPK\1\I41164_6264478588
c:\programdata\MPK\1\I41164_6299201852
c:\programdata\MPK\1\I41164_6333922801
c:\programdata\MPK\1\I41164_6368647338
c:\programdata\MPK\1\I41164_6403368634
c:\programdata\MPK\1\I41164_6438089931
c:\programdata\MPK\1\I41164_6472811921
c:\programdata\MPK\1\I41164_6507534028
c:\programdata\MPK\1\I41164_6523137384
c:\programdata\MPK\1\I41164_6557859838
c:\programdata\MPK\1\I41164_6592581829
c:\programdata\MPK\1\I41164_6627304514
c:\programdata\MPK\1\I41164_6662026273
c:\programdata\MPK\1\I41164_6696749537
c:\programdata\MPK\1\I41164_6731470949
c:\programdata\MPK\1\I41164_6766193171
c:\programdata\MPK\1\I41164_6800915046
c:\programdata\MPK\1\I41164_6835638773
c:\programdata\MPK\1\I41164_6870361227
c:\programdata\MPK\1\I41164_6948768171
c:\programdata\MPK\1\I41164_6983488889
c:\programdata\MPK\1\I41164_7018212269
c:\programdata\MPK\1\I41164_7055389352
c:\programdata\MPK\1\I41164_7087656944
c:\programdata\MPK\1\I41164_7122377778
c:\programdata\MPK\1\I41164_7157100579
c:\programdata\MPK\1\I41164_7191822569
c:\programdata\MPK\1\I41164_7226544792
c:\programdata\MPK\1\I41164_7261266667
c:\programdata\MPK\1\I41164_7295989468
c:\programdata\MPK\1\I41164_7330710995
c:\programdata\MPK\1\I41164_7365433449
c:\programdata\MPK\1\I41164_7400155671
c:\programdata\MPK\1\I41164_7434877894
c:\programdata\MPK\1\I41164_7469600116
c:\programdata\MPK\1\I41164_7504322106
c:\programdata\MPK\1\I41164_7539044560
c:\programdata\MPK\1\I41164_7573766782
c:\programdata\MPK\1\I41164_7608489468
c:\programdata\MPK\1\I41164_7643210995
c:\programdata\MPK\1\I41164_7677933218
c:\programdata\MPK\1\I41164_7712655787
c:\programdata\MPK\1\I41164_7747378125
c:\programdata\MPK\1\I41164_8101018287
c:\programdata\MPK\1\I41164_8135740625
c:\programdata\MPK\1\I41164_8170462616
c:\programdata\MPK\1\I41164_8205185301
c:\programdata\MPK\1\I41164_8274630324
c:\programdata\MPK\1\I41164_8309351389
c:\programdata\MPK\1\I41164_8344073958
c:\programdata\MPK\1\I41164_8378796528
c:\programdata\MPK\1\I41164_8413518056
c:\programdata\MPK\1\I41164_8448240509
c:\programdata\MPK\1\I41164_8482962500
c:\programdata\MPK\1\I41164_8517686343
c:\programdata\MPK\1\I41164_8552410301
c:\programdata\MPK\1\I41164_8587131019
c:\programdata\MPK\1\I41164_8621854282
c:\programdata\MPK\1\I41164_8656576505
c:\programdata\MPK\1\I41165_6690214468
c:\programdata\MPK\1\I41165_6724936690
c:\programdata\MPK\1\I41165_6759659028
c:\programdata\MPK\1\I41165_6794381366
c:\programdata\MPK\1\I41165_6829103357
c:\programdata\MPK\1\I41165_6863826157
c:\programdata\MPK\1\I41165_6898548495
c:\programdata\MPK\1\I41165_7697160995
c:\programdata\MPK\1\I41165_7731883102
c:\programdata\MPK\1\I41165_7766605671
c:\programdata\MPK\1\I41165_7801327431
c:\programdata\MPK\1\I41165_7836050116
c:\programdata\MPK\1\I41165_8612598727
c:\programdata\MPK\1\I41165_8647321065
c:\programdata\MPK\1\I41165_8682043287
c:\programdata\MPK\1\I41165_8716765509
c:\programdata\MPK\1\I41165_8751487963
c:\programdata\MPK\1\I41165_8786209722
c:\programdata\MPK\1\I41165_8820931829
c:\programdata\MPK\1\I41165_8855653588
c:\programdata\MPK\1\I41165_8890376157
c:\programdata\MPK\1\I41165_8925097685
c:\programdata\MPK\1\I41165_8959820602
c:\programdata\MPK\1\I41165_8994542708
c:\programdata\MPK\1\I41165_9029264352
c:\programdata\MPK\1\I41165_9063987847
c:\programdata\MPK\1\I41165_9098708681
c:\programdata\MPK\1\I41165_9133431944
c:\programdata\MPK\1\I41165_9168153704
c:\programdata\MPK\1\I41165_9202876042
c:\programdata\MPK\1\I41165_9224926736
c:\programdata\MPK\1\I41165_9227042940
c:\programdata\MPK\1\S0000
c:\programdata\MPK\2\D0000
c:\programdata\MPK\2\I40922_6911385995
c:\programdata\MPK\2\I40922_6946110995
c:\programdata\MPK\2\I40922_6980834028
c:\programdata\MPK\2\S0000
c:\programdata\MPK\CPDM\cpfm.bin
c:\programdata\MPK\etilqs_2LRzsxcy6U6NhHQhv98o
c:\programdata\MPK\etilqs_3lgpMUQiMYgh8zHvpkEl
c:\programdata\MPK\etilqs_9keJUtAJogpKByA2dazT
c:\programdata\MPK\etilqs_aEXxOKP4qxrj8izacF4U
c:\programdata\MPK\etilqs_eacjXuyObgOFafStc1rK
c:\programdata\MPK\etilqs_IKQZJT8LixyOkvYdDWKI
c:\programdata\MPK\etilqs_OI3N9gYNuEh6OSCGvwqR
c:\programdata\MPK\etilqs_ojahh7X2thSQrhsP8Hed
c:\programdata\MPK\etilqs_phF8EspfLdKWTmtDl0K9
c:\programdata\MPK\etilqs_qKJnhfvJmPbxhkUHl8Ga
c:\programdata\MPK\etilqs_sgvwk0r2tPfnhXm2uUNE
c:\programdata\MPK\etilqs_WQviNvFN8NAV18tw1Fd5
c:\programdata\MPK\key.bin
c:\programdata\MPK\M0000
c:\programdata\MPK\MIPKO Employee Monitor\Купить сейчас!.lnk
c:\programdata\MPK\MIPKO Employee Monitor\Сайт  MIPKO Employee Monitor в Интернете.lnk
c:\programdata\MPK\MIPKO Employee Monitor\MIPKO Employee Monitor.lnk
c:\programdata\MPK\S0000
c:\programdata\OmtaJcogt.dat
c:\windows\IsUn0407.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\XSxS
         


Alt 05.01.2015, 22:35   #6
FaceTheTrace
 
Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Code:
ATTFilter
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IO.SYS
-------\Legacy_NPF
-------\Service_io.sys
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-05 bis 2015-01-05  ))))))))))))))))))))))))))))))
.
.
2015-01-05 15:22 . 2015-01-05 20:16	--------	d-----w-	C:\FRST
2015-01-05 00:22 . 2015-01-05 00:29	--------	d-----w-	C:\$AVG
2015-01-05 00:18 . 2015-01-05 00:27	--------	d-----w-	c:\programdata\AVG2015
2014-12-19 11:21 . 2014-12-13 03:33	115712	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 23:28 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\system32\mf.dll
2014-12-13 23:28 . 2014-07-07 01:40	103424	----a-w-	c:\windows\system32\mfps.dll
2014-12-13 23:28 . 2014-07-07 01:39	50176	----a-w-	c:\windows\system32\rrinstaller.exe
2014-12-13 23:28 . 2014-07-07 01:39	23040	----a-w-	c:\windows\system32\mfpmp.exe
2014-12-13 23:28 . 2014-07-07 01:37	2048	----a-w-	c:\windows\system32\mferror.dll
2014-12-13 20:47 . 2014-10-30 01:45	155136	----a-w-	c:\windows\system32\charmap.exe
2014-12-08 20:25 . 2014-12-08 20:25	208152	----a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 20:41 . 2012-03-29 19:01	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-12-13 20:41 . 2011-06-07 09:14	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-22 02:07 . 2014-12-13 20:48	501248	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 01:00 . 2014-12-13 20:48	1888256	----a-w-	c:\windows\system32\wininet.dll
2014-11-18 20:41 . 2014-11-18 20:41	154904	----a-w-	c:\windows\system32\drivers\avgidshx.sys
2014-11-18 13:56 . 2014-11-18 13:56	1202848	----a-w-	c:\windows\system32\FM20.DLL
2014-11-11 02:44 . 2014-12-13 20:48	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-22 07:13	186880	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-22 07:13	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-11-08 02:45 . 2014-12-13 20:47	2048	----a-w-	c:\windows\system32\tzres.dll
2014-10-27 17:18 . 2010-03-25 17:51	60416	----a-w-	c:\windows\ALCFDRTM.VER
2014-10-25 01:32 . 2014-11-15 08:39	67584	----a-w-	c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-15 08:40	571904	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-15 08:39	136632	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-15 08:39	523776	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-15 08:39	2363904	----a-w-	c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-15 08:39	1059840	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-15 08:39	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-15 08:39	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-10-10 14:13 . 2014-10-10 14:13	200984	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2014-10-10 00:45 . 2014-11-15 08:39	2379264	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrдge & legitime Standardeintrдge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG-Secure-Search-Update_0814av"="c:\users\Aaieieno?aoi?\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe" [?]
"AVG-Secure-Search-Update_1114av"="c:\users\Aaieieno?aoi?\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe" [?]
"AVG-Secure-Search-Update_1214av"="c:\users\Aaieieno?aoi?\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe" [?]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2014-02-07 1564992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmiboot"="c:\windows\cmiboot.exe" [2007-02-07 65536]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-02-22 500208]
"snp2std"="c:\windows\vsnp2std.exe" [2005-10-20 339968]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-02-07 311616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-12-18 3667472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-10-03 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-7 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-988684571-2984960038-3111619490-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2008-10-09 15200]
R1 NtFsLdf20;NtFsLdf20; [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 BthAudioHF;?????? BthAudioHF;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 43008]
R3 BthAvrcp;??????? Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-31 29472]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr.SYS [2007-01-12 93056]
R3 csr_a2dp;??????? Bluetooth AV;c:\windows\system32\drivers\bthav.sys [2009-12-21 61952]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe [2009-08-24 406016]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-23 88576]
R3 EWSASERV;EWSA Control Service;c:\program files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe [x]
R3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\System32\Drivers\hcw99rc.sys [2007-03-23 10368]
R3 hptmv;hptmv;c:\windows\system32\DRIVERS\hptmv.sys [2006-09-27 71968]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\qd26032.sys [2008-01-18 37504]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd16032.sys [2008-01-18 36480]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [2007-06-19 75672]
R3 m5287;m5287;c:\windows\system32\DRIVERS\m5287.sys [2006-07-20 104320]
R3 m5288;m5288;c:\windows\system32\DRIVERS\m5288.sys [2006-07-19 211072]
R3 m5289;m5289;c:\windows\system32\DRIVERS\m5289.sys [2005-07-04 52480]
R3 MegaSR1;MegaSR1;c:\windows\system32\DRIVERS\MegaSR1.sys [2008-06-26 397632]
R3 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2006-11-14 13056]
R3 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2007-05-25 137728]
R3 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\system32\DRIVERS\nbv834x.sys [2008-10-19 104992]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files\Overwolf\OverwolfUpdater.exe [2014-12-20 997664]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\DRIVERS\PciIsaSerial.sys [2008-12-19 65536]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [2009-07-23 82944]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys [2008-12-19 115200]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 rr172x;rr172x;c:\windows\system32\DRIVERS\rr172x.sys [2007-06-12 90400]
R3 rr2522;rr2522;c:\windows\system32\DRIVERS\rr2522.sys [2007-07-02 112160]
R3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [2006-12-27 245248]
R3 SI3112r;SI3112r;c:\windows\system32\DRIVERS\SI3112r.sys [2007-02-01 110128]
R3 SI3114;SI3114;c:\windows\system32\DRIVERS\SI3114.sys [2006-11-10 68912]
R3 SI3124;SI3124;c:\windows\system32\DRIVERS\SI3124.sys [2006-11-02 76208]
R3 Si3124r5;Si3124r5;c:\windows\system32\DRIVERS\Si3124r5.sys [2006-09-20 207152]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-23 184192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub; [x]
R4 CamProExpress64;CamProExpress64;c:\program files\AirLive\CamPro Express 64\CamProExpress64.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-11-18 154904]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-21 445936]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-12-08 208152]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S2 AAV UpdateService;AAV UpdateService;c:\program files\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-21 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 294400]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2010-03-30 254328]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2010-03-30 121720]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-03-25 241704]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-04-18 233472]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2010-03-30 153464]
S2 STM Parallel Driver;STM Parallel Driver;c:\windows\system32\drivers\parstm.sys [2003-07-09 43776]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-16 185640]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-05-21 101392]
S3 NmPar;PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2010-01-19 81920]
S3 nmserial;PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys [2012-01-12 70656]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [2010-03-30 335224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
bthaudiosvc	REG_MULTI_SZ   	HFGService
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:41]
.
.
------- Zusдtzlicher Suchlauf -------
.
mStart Page = about:blank
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Отправить изображение на &устройство Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Отправить страницу на &устройство Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Передать на удаленную закачку DM
Trusted Zone: arbeitsagentur.de\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
.
- - - - Entfernte verwaiste Registrierungseintrдge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
AddRemove-ElsterFormular - c:\programdata\elsterformular\setup\uninstall.exe
AddRemove-Origin - c:\program files\Origin\OriginUninstall.exe
AddRemove-Steam - c:\program files\Steam\uninstall.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-TeamSpeak 3 Client - c:\users\Администратор\AppData\Local\TeamSpeak 3 Client\uninstall.exe
AddRemove-UnityWebPlayer - c:\users\Администратор\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\DataMngr_Toolbar]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,4f,
   37,c1,00,0b,0c,b1,a1,85,e9,66,64,04,8c
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,1e,
   e2,6d,97,40,04,a6,39,dc,a9,28,9c,13,1e
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,f1,
   a0,52,99,be,5b,a5,ef,4a,e0,c8,40,f3,12
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,9e,
   6f,f2,6b,4c,07,ae,fb,41,fc,1c,72,e5,63
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,d3,
   c6,72,ff,35,09,a5,76,d6,65,c0,8f,ce,b4
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,36,
   50,89,32,14,0d,89,f7,b7,9b,04,7f,3f,68
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,0f,
   6b,c7,8d,42,0c,af,e9,9e,9a,f0,93,6b,5e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,c4,
   05,9a,b3,ed,08,bc,94,b0,17,8d,64,fb,de
"{5790335A-A3FA-414E-BC02-37EE05DDDAC6}"=hex:51,66,7a,6c,4c,1d,3b,1b,4a,2f,8b,
   4a,cd,f8,20,0b,a5,00,7d,ae,04,97,9c,db
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,f0,9d,a1,f4,fe,26,41,91,c9,c0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,f0,9d,a1,f4,fe,26,41,91,c9,c0,\
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.bmp.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.brd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\eagle.exe"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.bmp.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fb2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="fb2_auto_file"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Gif"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.ico.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="inffile"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lck\UserChoice]
@Denied: (2) (Administrator)
"Progid"="lck_auto_file"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.png.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice]
@Denied: (2) (Administrator)
"Progid"="properties_auto_file"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Portable Photoshop CS5 Multi.exe"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.settings\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\winword.exe"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\NOTEPAD.EXE"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.tif.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.tif.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vob"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.wdp.16.4"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1AB09615-17FB-A427-01A2-B62BE546BAE6}*]
"jakogebdpcfdnanhlbgo"=hex:62,61,6b,61,00,00
"iakncffpodjneoohek"=hex:6b,61,68,61,6d,66,6a,61,61,6a,65,65,64,6a,62,6d,69,66,
   66,6c,69,70,00,00
"jakogebdpcfdnanhlbci"=hex:62,61,67,61,00,00
"haaniiadmjecdghm"=hex:6b,61,68,61,6d,66,65,70,6b,67,6d,66,65,68,67,6b,63,69,
   6c,62,6e,61,00,00
"hagocjcbhfjomllg"=hex:61,62,68,6e,67,67,6f,65,6b,67,64,70,6e,6a,6c,63,70,68,
   6c,63,61,6c,69,67,64,62,69,6c,62,6d,6c,68,65,6c,00,00
"jaboddognfmomfileicb"=hex:64,62,6c,6e,6a,6f,6c,6b,66,62,6e,61,67,65,70,61,69,
   68,65,67,6c,67,65,6b,6d,67,70,62,65,70,68,64,64,61,66,64,69,68,6f,63,00,00
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40C79638-E613-2EEE-D790-2D2CD74E5E01}*]
"haondgppagdaepaf"=hex:62,63,65,64,66,6f,70,66,65,66,67,6c,6c,6c,64,62,61,67,
   6a,63,6f,6e,6e,70,6d,6c,62,6d,70,68,6f,70,6f,63,62,6f,6f,65,69,6f,6a,6d,69,\
"haondgppgbjaiebc"=hex:64,62,64,6c,6f,62,6e,63,69,62,65,6c,67,6a,66,68,6e,68,
   69,61,6b,64,65,68,6e,6c,63,6b,6f,62,6c,67,69,69,62,6c,6d,62,63,61,00,6d
"iaclhddidbpgpkjiij"=hex:6a,61,6f,6a,63,62,70,62,6d,6a,6a,69,6f,61,6d,6e,68,63,
   6f,68,00,fb
"hamkbdccdpfellpc"=hex:6b,61,6f,6a,62,62,6d,70,6f,6c,62,62,65,69,63,61,64,63,
   69,63,67,6f,00,00
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{733BD2A7-1F77-A0DB-81E7-33B0E4CDB860}*]
"haofomdogjhoibcm"=hex:6e,62,62,69,6e,63,64,63,6c,6d,61,67,6a,62,67,62,64,6b,
   61,64,62,64,64,63,6d,68,67,6e,6b,6b,64,62,6e,65,6a,6c,6c,62,69,6b,62,61,6a,\
"jaofomdogjhoibcmnboi"=hex:66,61,62,69,70,63,63,69,68,67,68,6f,00,00
"paggncpfamofmogcklmnfoaaeodobjfk"=hex:65,61,62,69,6e,63,61,66,63,69,00,6f
.
[HKEY_USERS\S-1-5-21-2940817598-1931161818-2907281725-500\Software\SecuROM\License information*]
"datasecu"=hex:0b,75,dd,31,d1,3c,42,3f,c0,05,bb,d1,d7,fe,3d,fd,d3,d8,a8,7c,16,
   fe,41,59,c0,b4,22,32,a8,f8,6b,40,a2,7f,0a,7b,bd,90,77,f5,41,75,65,a5,5d,e0,\
"rkeysecu"=hex:9f,b6,9b,e5,c9,c7,00,29,e3,06,db,15,eb,ce,26,89
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1AB09615-17FB-A427-01A2-B62BE546BAE6}\InProcServer32*]
"kaenepbnnjgiafkloaikid"=hex:62,61,65,61,00,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{40C79638-E613-2EEE-D790-2D2CD74E5E01}\InProcServer32*]
"iaalpobgjgcpoemadf"=hex:62,63,65,64,66,6f,70,66,65,66,67,6c,6c,6c,64,62,61,67,
   6a,63,6f,6e,6e,70,6d,6c,62,6d,70,68,6f,70,6f,63,62,6f,6f,65,69,6f,6a,6d,69,\
"iaalpobgjgaoifadfo"=hex:64,62,64,6c,6f,62,6e,63,69,62,65,6c,67,6a,66,68,6e,68,
   69,61,6b,64,65,68,6e,6c,63,6b,6f,62,6c,67,69,69,62,6c,6d,62,63,61,00,6d
"jaallllaphfpofofchak"=hex:6a,61,6f,6a,63,62,70,62,6d,6a,6a,69,6f,61,6d,6e,68,
   63,6f,68,00,fb
"iaalbnbgbicbincpig"=hex:6a,61,6f,6a,67,62,6c,6f,6d,61,6c,6e,6a,70,70,66,68,6c,
   6e,68,00,fb
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4424)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\drivers\WDelMgr20.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\SOUNDMAN.EXE
c:\windows\CmUCReye.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Canon\Quick Menu\CNQMUPDT.EXE
c:\program files\Canon\Quick Menu\CNQMSWCS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-05  22:11:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-05 21:11
.
Vor Suchlauf: 35.152.080.896 bytes free
Nach Suchlauf: 34.357.010.432 bytes free
.
- - End Of File - - 3443A26C4113C71108DE99B88828A526
A36C5E4F47E84449FF07ED3517B43A31
         
Ich habe die Log in zwei Teilen gepostet

Alt 06.01.2015, 11:37   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.01.2015, 20:52   #8
FaceTheTrace
 
Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 7. 1. 2015
Suchlauf-Zeit: 17:32:09
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.01.07.11
Rootkit Datenbank: v2015.01.07.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bosartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: ????????????N?N?N??°N???N?

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 335693
Verstrichene Zeit: 39 Min, 10 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schadliche Elemente erkannt)

Module: 0
(Keine schadliche Elemente erkannt)

Registrierungsschlussel: 35
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantane, [52453aba4d3c02344212998357ac8080], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantane, [63345a9aed9c65d139f4ea33679ca15f], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, In Quarantane, [1186e113e6a3bc7a6f17f226e0233bc5], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, In Quarantane, [aee9f400f29772c48a0019ffa85b7c84], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, In Quarantane, [aee9f400f29772c48a0019ffa85b7c84], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, In Quarantane, [aee9f400f29772c48a0019ffa85b7c84], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, In Quarantane, [3b5c7d779feae84e2e5d07111de65ba5], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\f, In Quarantane, [3b5c7d779feae84e2e5d07111de65ba5], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, In Quarantane, [b7e006ee5633b086fc27866e5ea43ac6], 
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2940817598-1931161818-2907281725-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantane, [e3b41bd96c1d3600f0ebbe61788bdb25], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantane, [e3b41bd96c1d3600f0ebbe61788bdb25], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantane, [1483b044aadf191d6634b26a48bb758b], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantane, [4e49fff5a4e573c33566071535ce8f71], 
PUP.Optional.Babylon.A, HKLM\SOFTWARE\babylontoolbar, In Quarantane, [d8bfbf35f3966ec8d2e6bd05d52f0bf5], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantane, [97001bd94742d16559b0a705cd366898], 
PUP.Funmoods, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, In Quarantane, [c4d35f953554a78fd2a295208e75d828], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2940817598-1931161818-2907281725-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantane, [d6c1c430deab979f57b67f4243c16799], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-2940817598-1931161818-2907281725-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantane, [b2e5f8fcc8c1d16556b44567e2210cf4], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-2940817598-1931161818-2907281725-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantane, [9bfc48acf99053e30a80fe6c758eaa56], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2940817598-1931161818-2907281725-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantane, [afe86f856722b185e95c2e40996a8977], 
PUP.Funmoods, HKU\S-1-5-21-2940817598-1931161818-2907281725-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, In Quarantane, [435401f3a4e50630541fd5e073904eb2], 

Registrierungswerte: 4
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantane, [7f189262d0b96acc870cb0cabc47d32d]
Hijack.ControlPanelStyle, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, In Quarantane, [a2f524d06326e84e1523001c6f958e72]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2940817598-1931161818-2907281725-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantane, [ddba9d57c7c2f83edb52e89cc83b4eb2]
PUP.Optional.AdLyrics.A, HKU\S-1-5-21-2940817598-1931161818-2907281725-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|Lyrics@LyricsFolder.co, C:\Program Files\LyricsFolder\125.xpi, In Quarantane, [bfd87e7662270333fd6f5d8939cb7b85]

Registrierungsdaten: 4
Hijack.StartPage, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://webalta.ru, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://webalta.ru),Ersetzt,[8f084fa5f1981323baf3daac22e319e7]
Hijack.StartPage, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://webalta.ru, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://webalta.ru),Ersetzt,[b5e2d0240e7b80b6604e0d7975904ab6]
Hijack.StartPage, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://webalta.ru, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://webalta.ru),Ersetzt,[e0b731c32c5d280e842963237d8814ec]
Hijack.StartPage, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://webalta.ru, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://webalta.ru),Ersetzt,[fa9dc232880150e6d6d84a3cd431bb45]

Ordner: 4
PUP.Optional.OpenCandy, C:\Users\????????????N?N?N??°N???N?\AppData\Roaming\OpenCandy, In Quarantane, [7b1cfef67b0e85b194acb779dd26ad53], 
PUP.Optional.OpenCandy, C:\Users\????????????N?N?N??°N???N?\AppData\Roaming\OpenCandy\F98D1F5D42B74B8694E9ED3F3DC3BF63, In Quarantane, [7b1cfef67b0e85b194acb779dd26ad53], 
PUP.Optional.Conduit, C:\Users\????????????N?N?N??°N???N?\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl, In Quarantane, [d4c301f3b7d23501eb04af821be823dd], 
PUP.Optional.Conduit, C:\Users\????????????N?N?N??°N???N?\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.21.4.1, In Quarantane, [d4c301f3b7d23501eb04af821be823dd], 

Dateien: 8
Spyware.Keylogger, C:\Program Files\MPK\MPK.exe, In Quarantane, [3d5a80742663b48262674d17728f6d93], 
Malware.Packer.Gen, C:\Windows\System32\GreenFields.scr, In Quarantane, [c0d7777d5a2fd066e8cd3339c937b34d], 
PUP.Optional.Iminent.A, C:\Users\????????????N?N?N??°N???N?\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, In Quarantane, [a2f552a21f6a53e3e432eea7ec173cc4], 
PUP.Optional.BProtector.A, C:\Users\????????????N?N?N??°N???N?\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\bProtector_extensions.sqlite, In Quarantane, [098efbf9e9a061d57ff4bde327dcc838], 
PUP.Funmoods, C:\Users\????????????N?N?N??°N???N?\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage, In Quarantane, [8c0b93611b6e2313234f34819e6540c0], 
PUP.Optional.BrowserDefender.A, C:\Users\????????????N?N?N??°N???N?\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage, In Quarantane, [d3c4698b1c6dd660a7b2e3e1cc38f30d], 
PUP.Optional.FunMoods.A, C:\Users\????????????N?N?N??°N???N?\AppData\Local\funmoods.crx, In Quarantane, [a7f025cf325715213f16e9f46e96de22], 
PUP.Optional.OpenCandy, C:\Users\????????????N?N?N??°N???N?\AppData\Roaming\OpenCandy\F98D1F5D42B74B8694E9ED3F3DC3BF63\Installer.exe, In Quarantane, [7b1cfef67b0e85b194acb779dd26ad53], 

Physische Sektoren: 0
(Keine schadliche Elemente erkannt)


(end)
         
Einmal die mbam.txt

Hier die C:\AdwCleaner\AdwCleaner[S0].txt


Code:
ATTFilter
# AdwCleaner v4.106 - Отчёт создан 07/01/2015 at 19:34:08
# Обновлено 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Операционная система : Windows 7 Ultimate Service Pack 1 (32 bits)
# Имя пользователя : Администратор - DNAPC
# Запущено из : C:\Users\Администратор\Downloads\AdwCleaner_4.106.exe
# Настройки : Очистить

***** [ Службы ] *****


***** [ Файлы / Папки ] *****

Папка Удалён : C:\ProgramData\NCH Software
Папка Удалён : C:\ProgramData\driver whiz
Папка Удалён : C:\Program Files\NCH Software
Папка Удалён : C:\Windows\system32\Save
Папка Удалён : C:\Users\Администратор\AppData\Roaming\NCH Software
Файл Удалён : C:\END
Файл Удалён : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
Файл Удалён : C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\invalidprefs.js

***** [ задачи ] *****


***** [ Ярлыки ] *****

Ярлык Дезинфицирован : C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Реестр ] *****

Ключ Удалёнa : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Ключ Удалёнa : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Ключ Удалёнa : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Prod.cap
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Ключ Удалёнa : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Ключ Удалёнa : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Ключ Удалёнa : HKCU\Software\Conduit
Ключ Удалёнa : HKCU\Software\Myfree Codec
Ключ Удалёнa : HKCU\Software\YahooPartnerToolbar
Ключ Удалёнa : HKLM\SOFTWARE\Babylon
Ключ Удалёнa : HKLM\SOFTWARE\Conduit
Ключ Удалёнa : HKLM\SOFTWARE\Myfree Codec
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Браузеры ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)

[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.admin", false);
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.aflt", "babsst");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.autoRvrt", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.bbDpng", "26");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.cntry", "DE");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.dfltLng", "en");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.excTlbr", false);
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.ffxUnstlRst", true);
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.hdrMd5", "A66F86C5AF22203E9719DB6B895050D3");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.id", "1420e23c0000000000000013d4f80d9f");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.instlDay", "15851");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.instlRef", "sst");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.lastVrsnTs", "1.8.21.521:07:37");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.newTab", false);
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.prdct", "delta");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.prtnrId", "delta");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.rvrt", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.sg", "azb");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.smplGrp", "none");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.tlbrId", "base");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.tlbrSrchUrl", "");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.vrsn", "1.8.21.5");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.vrsnTs", "1.8.21.521:07:37");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.vrsni", "1.8.21.5");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta_i.babExt", "");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta_i.babTrack", "affID=119556&tt=gc_");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta_i.srcExt", "ss");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.affiliate_id", "1401");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.firstrun", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.log_send_info", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21097\",\"update_interval\":50,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"supported_sites\":{\"google\":{\"main_pattern\":\".*[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.no_trace", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.server_current_mapping_version", "0.21097");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.supported_sites.amazonproduct.priam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.supported_sites.imdb.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['W[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.supported_sites.tripadvisor.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wi[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.trace_log", "1400976787135 - processInstallationUpgrade - version: 1.26\n1400976787136 - processInstallationUpgrade - versionActual: 1.26\n1400976787136 - processInstallati[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.unique_id", "2A14DF5014DF9A2F9A90265AB38AE116");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.user_current_mapping_version", "0");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.version", "1.26");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.website_version", "1.00301.0");

-\\ Google Chrome v

[C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Удалёнa [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&tt=gc_&babsrc=SP_ss&mntrId=14200013D4F80D9F
[C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\preferences] - Удалёнa [Extension] : ealchnonpofjocgofjpopjdoegbbkofj
[C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\preferences] - Удалёнa [Extension] : kdblibkmfjonagpkahncjcalmgbjeojb

-\\ Chromium v

[C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Удалёнa [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&tt=gc_&babsrc=SP_ss&mntrId=14200013D4F80D9F

*************************

AdwCleaner[R0].txt - [15195 octets] - [07/01/2015 19:31:04]
AdwCleaner[S0].txt - [15686 octets] - [07/01/2015 19:34:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15747 octets] ##########
         
Hier die C:\AdwCleaner\AdwCleaner[S0].txt


Code:
ATTFilter
# AdwCleaner v4.106 - Отчёт создан 07/01/2015 at 19:34:08
# Обновлено 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Операционная система : Windows 7 Ultimate Service Pack 1 (32 bits)
# Имя пользователя : Администратор - DNAPC
# Запущено из : C:\Users\Администратор\Downloads\AdwCleaner_4.106.exe
# Настройки : Очистить

***** [ Службы ] *****


***** [ Файлы / Папки ] *****

Папка Удалён : C:\ProgramData\NCH Software
Папка Удалён : C:\ProgramData\driver whiz
Папка Удалён : C:\Program Files\NCH Software
Папка Удалён : C:\Windows\system32\Save
Папка Удалён : C:\Users\Администратор\AppData\Roaming\NCH Software
Файл Удалён : C:\END
Файл Удалён : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
Файл Удалён : C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\invalidprefs.js

***** [ задачи ] *****


***** [ Ярлыки ] *****

Ярлык Дезинфицирован : C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Реестр ] *****

Ключ Удалёнa : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Ключ Удалёнa : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Ключ Удалёнa : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Prod.cap
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Ключ Удалёнa : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Ключ Удалёнa : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Ключ Удалёнa : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Ключ Удалёнa : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Ключ Удалёнa : HKCU\Software\Conduit
Ключ Удалёнa : HKCU\Software\Myfree Codec
Ключ Удалёнa : HKCU\Software\YahooPartnerToolbar
Ключ Удалёнa : HKLM\SOFTWARE\Babylon
Ключ Удалёнa : HKLM\SOFTWARE\Conduit
Ключ Удалёнa : HKLM\SOFTWARE\Myfree Codec
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Ключ Удалёнa : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Браузеры ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)

[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.admin", false);
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.aflt", "babsst");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.autoRvrt", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.bbDpng", "26");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.cntry", "DE");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.dfltLng", "en");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.excTlbr", false);
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.ffxUnstlRst", true);
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.hdrMd5", "A66F86C5AF22203E9719DB6B895050D3");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.id", "1420e23c0000000000000013d4f80d9f");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.instlDay", "15851");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.instlRef", "sst");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.lastVrsnTs", "1.8.21.521:07:37");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.newTab", false);
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.prdct", "delta");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.prtnrId", "delta");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.rvrt", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.sg", "azb");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.smplGrp", "none");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.tlbrId", "base");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.tlbrSrchUrl", "");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.vrsn", "1.8.21.5");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.vrsnTs", "1.8.21.521:07:37");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta.vrsni", "1.8.21.5");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta_i.babExt", "");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta_i.babTrack", "affID=119556&tt=gc_");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.delta_i.srcExt", "ss");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.affiliate_id", "1401");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.firstrun", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.log_send_info", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21097\",\"update_interval\":50,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"supported_sites\":{\"google\":{\"main_pattern\":\".*[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.no_trace", "false");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.server_current_mapping_version", "0.21097");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.supported_sites.amazonproduct.priam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.supported_sites.imdb.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['W[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.supported_sites.tripadvisor.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wi[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.trace_log", "1400976787135 - processInstallationUpgrade - version: 1.26\n1400976787136 - processInstallationUpgrade - versionActual: 1.26\n1400976787136 - processInstallati[...]
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.unique_id", "2A14DF5014DF9A2F9A90265AB38AE116");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.user_current_mapping_version", "0");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.version", "1.26");
[nahd6ha2.default\prefs.js] - Удалена строка : user_pref("extensions.wajam.website_version", "1.00301.0");

-\\ Google Chrome v

[C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Удалёнa [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&tt=gc_&babsrc=SP_ss&mntrId=14200013D4F80D9F
[C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\preferences] - Удалёнa [Extension] : ealchnonpofjocgofjpopjdoegbbkofj
[C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\preferences] - Удалёнa [Extension] : kdblibkmfjonagpkahncjcalmgbjeojb

-\\ Chromium v

[C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Удалёнa [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&tt=gc_&babsrc=SP_ss&mntrId=14200013D4F80D9F

*************************

AdwCleaner[R0].txt - [15195 octets] - [07/01/2015 19:31:04]
AdwCleaner[S0].txt - [15686 octets] - [07/01/2015 19:34:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15747 octets] ##########
         
Ich habe mehrmals scans durchgeführt, alle Programme wurden geschlossen aber es würden kein JRT.txt erstellt.

Hier ist eine neue FRST log



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Администратор (administrator) on DNAPC on 07-01-2015 20:49:19
Running from C:\Users\Администратор\Desktop
Loaded Profile: Администратор (Available profiles: Администратор)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Russisch (Russische Föderation)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
() C:\Windows\System32\drivers\WDelMgr20.exe
() C:\Windows\CmUCREye.exe
(Vimicro) C:\Windows\VM303_STI.EXE
(Vimicro) C:\Windows\VMSnap3.exe
() C:\Windows\Domino.exe
(Sonix) C:\Windows\vsnp2std.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmiboot] => C:\Windows\cmiboot.exe [65536 2007-02-07] ()
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro)
HKLM\...\Run: [VMSnap3] => Ђ  !
HKLM\...\Run: [Domino] => Ђ0”и¦mЋД‚   @hРћvzТ‚ш“и¦ 
HKLM\...\Run: [SoundMan] => C:\Windows\VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Windows\Domino.exe [49152 2006-07-04] ()
HKLM\...\Run: [snp2std] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2011-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Windows\vsnp2std.exe [339968 2005-10-20] (Sonix)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=0814av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1114av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1214av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2940817598-1931161818-2907281725-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?p=pLsH3anR-Rz0cILJ
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.4free.in.ua/index.php
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NetworkProxy: "ftp", "195.81.186.116"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "195.81.186.116"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.81.186.116"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "195.81.186.116"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @digitalpublishing.de/dpLaunch -> C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2940817598-1931161818-2907281725-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Администратор\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\abs@avira.com [2015-01-04]
FF Extension: Stealthy - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\stealthyextension@gmail.com.xpi [2012-12-18]
FF Extension: Flagfox - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Adblock Plus - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-07]
FF Extension: Adblock Edge - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-04]

Chrome: 
=======
CHR Profile: C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM\...\Chrome\Extension: [lmgddjncmooacfihfmikfohkldcjjgml] - C:\Program Files\LyricsFolder\133.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [254328 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [121720 2010-03-30] (AVM Berlin)
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed]
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-12-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [153464 2010-03-30] (AVM Berlin)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 WDelMgr20; C:\Windows\system32\drivers\WDelMgr20.exe [57344 2002-05-29] () [File not signed]
S4 CamProExpress64; C:\Program Files\AirLive\CamPro Express 64\CamProExpress64.exe [X]
S3 EWSASERV; "C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [118784 2007-03-21] (ATI Technologies Inc.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 CMISTOR; C:\Windows\system32\DRIVERS\cmiucr.SYS [93056 2007-01-12] (C-Media Corporation)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2009-06-10] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hcw99rc; C:\Windows\System32\Drivers\hcw99rc.sys [10368 2007-03-23] (Hauppauge Computer Works, Inc.)
S3 hptmv; C:\Windows\system32\DRIVERS\hptmv.sys [71968 2006-09-27] (HighPoint Technologies, Inc.)
S3 ioatdma; C:\Windows\System32\Drivers\qd26032.sys [37504 2008-01-18] (Intel Corporation)
S3 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36480 2008-01-18] (Intel Corporation)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [75672 2007-06-19] (Intel Corporation)
S3 iteraid; C:\Windows\system32\DRIVERS\iteraid.sys [29184 2007-05-02] (ITE Tech. Inc.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [15200 2008-10-09] (JMicron )
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [84320 2009-02-19] (JMicron Technology Corp.)
S3 m5287; C:\Windows\system32\DRIVERS\m5287.sys [104320 2006-07-20] (ULi Electronics Inc.) [File not signed]
S3 m5288; C:\Windows\system32\DRIVERS\m5288.sys [211072 2006-07-19] (ULi Electronics Inc.) [File not signed]
S3 m5289; C:\Windows\system32\DRIVERS\m5289.sys [52480 2005-07-04] (ULi Electronics Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [397632 2008-06-26] (LSI Corporation, Inc.)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation)
S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [13056 2006-11-14] (DiBcom S.A.)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [5120 2007-03-21] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.)
S3 NBv834x; C:\Windows\system32\DRIVERS\nbv834x.sys [104992 2008-10-19] (Bigfoot Networks, Inc.)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-01-19] (Windows (R) Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70656 2012-01-12] (Windows (R) Win 7 DDK provider)
S1 NtFsLdf20; C:\Windows\system32\Drivers\NtFsLdf20.sys [61440 2002-05-29] () [File not signed]
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [335224 2010-03-30] (AVM Berlin)
S3 PciIsaSerial; C:\Windows\System32\DRIVERS\PciIsaSerial.sys [65536 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [82944 2009-07-23] ()
S3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [115200 2008-12-19] ()
S3 rr172x; C:\Windows\system32\DRIVERS\rr172x.sys [90400 2007-06-12] (HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\DRIVERS\rr2522.sys [112160 2007-07-02] (HighPoint Technologies, Inc.)
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [245248 2006-12-27] (Ralink Technology Inc.)
S3 SI3112; C:\Windows\system32\DRIVERS\SI3112.sys [69168 2007-01-26] (Silicon Image, Inc.)
S3 SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [110128 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\DRIVERS\SI3114.sys [68912 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys [110384 2007-04-11] (Silicon Image, Inc)
R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [210472 2008-04-29] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\DRIVERS\SI3124.sys [76208 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [207152 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
S3 Si3132r5; C:\Windows\system32\DRIVERS\Si3132r5.sys [217128 2008-10-30] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [10446720 2006-02-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [445936 2010-09-21] () [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R2 STM Parallel Driver; C:\Windows\system32\drivers\parstm.sys [43776 2003-07-09] (STMicroelectronics) [File not signed]
S3 uac4pdt; C:\Windows\System32\DRIVERS\uac4pdt.sys [15232 2007-02-04] (Micronas GmbH)
S3 usb2lpt; C:\Windows\System32\DRIVERS\usb2lpt.sys [15360 2009-11-13] (haftmann#software)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 viamraid; C:\Windows\system32\DRIVERS\viamraid.sys [137880 2008-04-21] (VIA Technologies Inc.,Ltd)
S3 VIAudio; C:\Windows\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
S3 ViBus; C:\Windows\system32\DRIVERS\ViBus.sys [20632 2008-04-15] (VIA Technologies, Inc.)
S3 ViPrt; C:\Windows\system32\DRIVERS\ViPrt.sys [56984 2008-04-15] (VIA Technologies, Inc.)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [475136 2007-03-18] (Vimicro Corporation)
S3 WinTVCIUSB; C:\Windows\system32\DRIVERS\hcw11.sys [91136 2008-02-28] (Hauppauge Computer Works, Inc.)
S3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.)
S3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [28168 2008-01-24] (Logitech Inc.)
S3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [29192 2008-01-24] (Logitech Inc.)
S3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.)
S3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 av7afyo1; C:\Windows\system32\Drivers\av7afyo1.sys [0 ] (VIA Technologies Inc.,Ltd)
S3 catchme; \??\C:\Users\836D~1\AppData\Local\Temp\catchme.sys [X]
S3 giveio; \??\C:\Windows\system32\giveio.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SNPSTD3; system32\DRIVERS\snpstd3.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 ZSMC0303; System32\Drivers\usbVM303.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 20:46 - 2015-01-07 20:49 - 00000000 ____D () C:\Users\Администратор\Desktop\FRST-OlderVersion
2015-01-07 19:53 - 2015-01-07 19:53 - 00000000 ____D () C:\Windows\ERUNT
2015-01-07 19:46 - 2015-01-07 19:47 - 01707939 _____ (Thisisu) C:\Users\Администратор\Desktop\JRT.exe
2015-01-07 19:22 - 2015-01-07 19:34 - 00000000 ____D () C:\AdwCleaner
2015-01-07 19:21 - 2015-01-07 19:22 - 02173952 _____ () C:\Users\Администратор\Downloads\AdwCleaner_4.106.exe
2015-01-07 18:28 - 2015-01-07 18:28 - 00010639 _____ () C:\Users\Администратор\Desktop\mbam.txt
2015-01-07 17:27 - 2015-01-07 20:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:24 - 2015-01-07 17:24 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:24 - 2015-01-07 17:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-07 17:24 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 17:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 17:23 - 2015-01-07 17:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Администратор\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 22:11 - 2015-01-05 22:11 - 00131244 _____ () C:\ComboFix.txt
2015-01-05 21:52 - 2015-01-05 21:52 - 00000000 ____D () C:\Users\Àäìèíèñòðàòîð
2015-01-05 21:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-05 21:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-05 21:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-05 21:28 - 2015-01-05 22:11 - 00000000 ____D () C:\Qoobox
2015-01-05 21:27 - 2015-01-05 22:09 - 00000000 ____D () C:\Windows\erdnt
2015-01-05 21:21 - 2015-01-05 21:21 - 05609498 ____R (Swearware) C:\Users\Администратор\Desktop\ComboFix.exe
2015-01-05 17:49 - 2015-01-05 16:54 - 00039636 _____ () C:\Users\Администратор\Desktop\Addition.txt
2015-01-05 17:40 - 2015-01-07 20:49 - 00024748 _____ () C:\Users\Администратор\Desktop\FRST.txt
2015-01-05 16:22 - 2015-01-07 20:49 - 00000000 ____D () C:\FRST
2015-01-05 16:21 - 2015-01-07 20:46 - 01115648 _____ (Farbar) C:\Users\Администратор\Desktop\FRST.exe
2015-01-05 01:29 - 2015-01-05 01:29 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\AVG2015
2015-01-05 01:22 - 2015-01-05 01:29 - 00000000 ____D () C:\$AVG
2015-01-05 01:16 - 2015-01-07 17:20 - 00000000 ____D () C:\Users\Администратор\AppData\Local\Avg2015
2015-01-05 00:54 - 2015-01-07 19:36 - 00189776 _____ () C:\Windows\PFRO.log
2015-01-05 00:38 - 2015-01-07 20:23 - 00000672 _____ () C:\Windows\setupact.log
2015-01-05 00:38 - 2015-01-05 00:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 __SHD () C:\Users\Администратор\AppData\Local\EmieBrowserModeList
2015-01-04 23:32 - 2015-01-04 23:32 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\TuneUp Software
2014-12-21 22:24 - 2014-12-21 22:24 - 00002461 _____ () C:\Users\Администратор\Downloads\000000005_watchmaker.fb2.zip
2014-12-19 12:21 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-14 00:28 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-14 00:28 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-14 00:28 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-14 00:28 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-14 00:28 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-13 22:57 - 2014-12-13 22:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 21:48 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 21:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 21:48 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 21:48 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 21:48 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-13 21:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-13 21:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 21:48 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 21:48 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 21:48 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 21:48 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-13 21:48 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-13 21:48 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-13 21:48 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 21:48 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 21:48 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 21:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 21:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 21:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 21:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 21:48 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-13 21:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 21:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 21:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 21:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-13 21:48 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-13 21:48 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-13 21:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 21:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-13 21:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-13 21:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-08 21:25 - 2014-12-08 21:25 - 00208152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 20:41 - 2012-03-29 20:02 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 20:31 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 20:31 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 20:23 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 20:21 - 2010-03-24 13:38 - 01408532 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 19:34 - 2014-04-11 14:38 - 00001018 _____ () C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-07 19:01 - 2014-08-24 10:37 - 00000000 ____D () C:\Users\Администратор\Downloads\instal
2015-01-07 18:56 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Overwolf
2015-01-07 18:55 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-07 18:15 - 2010-04-24 15:13 - 00000000 __SHD () C:\Program Files\MPK
2015-01-05 22:11 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-05 22:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-05 22:01 - 2009-07-14 03:03 - 62390272 _____ () C:\Windows\system32\config\software.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 28049408 _____ () C:\Windows\system32\config\system.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-01-05 21:40 - 2013-11-29 21:26 - 00000000 ____D () C:\Users\Default
2015-01-05 01:29 - 2013-07-19 14:18 - 00000000 ____D () C:\Program Files\AVG
2015-01-05 01:18 - 2012-05-03 16:08 - 00000426 _____ () C:\Users\Администратор\Desktop\Keys.txt
2015-01-05 00:05 - 2005-12-31 23:10 - 00007600 _____ () C:\Users\Администратор\AppData\Local\resmon.resmoncfg
2014-12-27 20:22 - 2014-10-23 20:08 - 00002181 _____ () C:\Users\Администратор\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-12-27 20:22 - 2014-10-23 20:08 - 00002181 _____ () C:\FoxitReaderUpdateInfo.txt
2014-12-27 20:22 - 2012-05-06 18:01 - 00000000 ____D () C:\Users\Администратор\Documents\1 ЮЛЯ
2014-12-21 20:59 - 2010-03-24 14:50 - 02499712 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 20:59 - 2009-07-14 09:41 - 00719598 _____ () C:\Windows\system32\perfh019.dat
2014-12-21 20:59 - 2009-07-14 09:41 - 00151680 _____ () C:\Windows\system32\perfc019.dat
2014-12-19 12:12 - 2012-12-07 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 13:19 - 2014-10-19 19:47 - 00000000 ____D () C:\Windows\rescache
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-14 00:26 - 2013-08-24 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 00:19 - 2010-10-30 01:31 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 21:41 - 2012-03-29 20:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 21:41 - 2011-06-07 10:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Администратор\AppData\Local\Temp\avgnt.exe
C:\Users\Администратор\AppData\Local\Temp\catchme.dll
C:\Users\Администратор\AppData\Local\Temp\Quarantine.exe
C:\Users\Администратор\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 13:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Hier ist eine neue FRST log



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Администратор (administrator) on DNAPC on 07-01-2015 20:49:19
Running from C:\Users\Администратор\Desktop
Loaded Profile: Администратор (Available profiles: Администратор)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Russisch (Russische Föderation)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
() C:\Windows\System32\drivers\WDelMgr20.exe
() C:\Windows\CmUCREye.exe
(Vimicro) C:\Windows\VM303_STI.EXE
(Vimicro) C:\Windows\VMSnap3.exe
() C:\Windows\Domino.exe
(Sonix) C:\Windows\vsnp2std.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmiboot] => C:\Windows\cmiboot.exe [65536 2007-02-07] ()
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro)
HKLM\...\Run: [VMSnap3] => Ђ  !
HKLM\...\Run: [Domino] => Ђ0”и¦mЋД‚   @hРћvzТ‚ш“и¦ 
HKLM\...\Run: [SoundMan] => C:\Windows\VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Windows\Domino.exe [49152 2006-07-04] ()
HKLM\...\Run: [snp2std] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2011-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Windows\vsnp2std.exe [339968 2005-10-20] (Sonix)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=0814av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1114av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1214av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2940817598-1931161818-2907281725-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?p=pLsH3anR-Rz0cILJ
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.4free.in.ua/index.php
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NetworkProxy: "ftp", "195.81.186.116"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "195.81.186.116"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.81.186.116"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "195.81.186.116"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @digitalpublishing.de/dpLaunch -> C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2940817598-1931161818-2907281725-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Администратор\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\abs@avira.com [2015-01-04]
FF Extension: Stealthy - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\stealthyextension@gmail.com.xpi [2012-12-18]
FF Extension: Flagfox - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Adblock Plus - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-07]
FF Extension: Adblock Edge - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-04]

Chrome: 
=======
CHR Profile: C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM\...\Chrome\Extension: [lmgddjncmooacfihfmikfohkldcjjgml] - C:\Program Files\LyricsFolder\133.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [254328 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [121720 2010-03-30] (AVM Berlin)
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed]
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-12-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [153464 2010-03-30] (AVM Berlin)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 WDelMgr20; C:\Windows\system32\drivers\WDelMgr20.exe [57344 2002-05-29] () [File not signed]
S4 CamProExpress64; C:\Program Files\AirLive\CamPro Express 64\CamProExpress64.exe [X]
S3 EWSASERV; "C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [118784 2007-03-21] (ATI Technologies Inc.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 CMISTOR; C:\Windows\system32\DRIVERS\cmiucr.SYS [93056 2007-01-12] (C-Media Corporation)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2009-06-10] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hcw99rc; C:\Windows\System32\Drivers\hcw99rc.sys [10368 2007-03-23] (Hauppauge Computer Works, Inc.)
S3 hptmv; C:\Windows\system32\DRIVERS\hptmv.sys [71968 2006-09-27] (HighPoint Technologies, Inc.)
S3 ioatdma; C:\Windows\System32\Drivers\qd26032.sys [37504 2008-01-18] (Intel Corporation)
S3 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36480 2008-01-18] (Intel Corporation)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [75672 2007-06-19] (Intel Corporation)
S3 iteraid; C:\Windows\system32\DRIVERS\iteraid.sys [29184 2007-05-02] (ITE Tech. Inc.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [15200 2008-10-09] (JMicron )
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [84320 2009-02-19] (JMicron Technology Corp.)
S3 m5287; C:\Windows\system32\DRIVERS\m5287.sys [104320 2006-07-20] (ULi Electronics Inc.) [File not signed]
S3 m5288; C:\Windows\system32\DRIVERS\m5288.sys [211072 2006-07-19] (ULi Electronics Inc.) [File not signed]
S3 m5289; C:\Windows\system32\DRIVERS\m5289.sys [52480 2005-07-04] (ULi Electronics Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [397632 2008-06-26] (LSI Corporation, Inc.)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation)
S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [13056 2006-11-14] (DiBcom S.A.)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [5120 2007-03-21] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.)
S3 NBv834x; C:\Windows\system32\DRIVERS\nbv834x.sys [104992 2008-10-19] (Bigfoot Networks, Inc.)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-01-19] (Windows (R) Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70656 2012-01-12] (Windows (R) Win 7 DDK provider)
S1 NtFsLdf20; C:\Windows\system32\Drivers\NtFsLdf20.sys [61440 2002-05-29] () [File not signed]
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [335224 2010-03-30] (AVM Berlin)
S3 PciIsaSerial; C:\Windows\System32\DRIVERS\PciIsaSerial.sys [65536 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [82944 2009-07-23] ()
S3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [115200 2008-12-19] ()
S3 rr172x; C:\Windows\system32\DRIVERS\rr172x.sys [90400 2007-06-12] (HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\DRIVERS\rr2522.sys [112160 2007-07-02] (HighPoint Technologies, Inc.)
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [245248 2006-12-27] (Ralink Technology Inc.)
S3 SI3112; C:\Windows\system32\DRIVERS\SI3112.sys [69168 2007-01-26] (Silicon Image, Inc.)
S3 SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [110128 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\DRIVERS\SI3114.sys [68912 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys [110384 2007-04-11] (Silicon Image, Inc)
R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [210472 2008-04-29] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\DRIVERS\SI3124.sys [76208 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [207152 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
S3 Si3132r5; C:\Windows\system32\DRIVERS\Si3132r5.sys [217128 2008-10-30] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [10446720 2006-02-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [445936 2010-09-21] () [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R2 STM Parallel Driver; C:\Windows\system32\drivers\parstm.sys [43776 2003-07-09] (STMicroelectronics) [File not signed]
S3 uac4pdt; C:\Windows\System32\DRIVERS\uac4pdt.sys [15232 2007-02-04] (Micronas GmbH)
S3 usb2lpt; C:\Windows\System32\DRIVERS\usb2lpt.sys [15360 2009-11-13] (haftmann#software)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 viamraid; C:\Windows\system32\DRIVERS\viamraid.sys [137880 2008-04-21] (VIA Technologies Inc.,Ltd)
S3 VIAudio; C:\Windows\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
S3 ViBus; C:\Windows\system32\DRIVERS\ViBus.sys [20632 2008-04-15] (VIA Technologies, Inc.)
S3 ViPrt; C:\Windows\system32\DRIVERS\ViPrt.sys [56984 2008-04-15] (VIA Technologies, Inc.)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [475136 2007-03-18] (Vimicro Corporation)
S3 WinTVCIUSB; C:\Windows\system32\DRIVERS\hcw11.sys [91136 2008-02-28] (Hauppauge Computer Works, Inc.)
S3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.)
S3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [28168 2008-01-24] (Logitech Inc.)
S3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [29192 2008-01-24] (Logitech Inc.)
S3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.)
S3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 av7afyo1; C:\Windows\system32\Drivers\av7afyo1.sys [0 ] (VIA Technologies Inc.,Ltd)
S3 catchme; \??\C:\Users\836D~1\AppData\Local\Temp\catchme.sys [X]
S3 giveio; \??\C:\Windows\system32\giveio.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SNPSTD3; system32\DRIVERS\snpstd3.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 ZSMC0303; System32\Drivers\usbVM303.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 20:46 - 2015-01-07 20:49 - 00000000 ____D () C:\Users\Администратор\Desktop\FRST-OlderVersion
2015-01-07 19:53 - 2015-01-07 19:53 - 00000000 ____D () C:\Windows\ERUNT
2015-01-07 19:46 - 2015-01-07 19:47 - 01707939 _____ (Thisisu) C:\Users\Администратор\Desktop\JRT.exe
2015-01-07 19:22 - 2015-01-07 19:34 - 00000000 ____D () C:\AdwCleaner
2015-01-07 19:21 - 2015-01-07 19:22 - 02173952 _____ () C:\Users\Администратор\Downloads\AdwCleaner_4.106.exe
2015-01-07 18:28 - 2015-01-07 18:28 - 00010639 _____ () C:\Users\Администратор\Desktop\mbam.txt
2015-01-07 17:27 - 2015-01-07 20:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:24 - 2015-01-07 17:24 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:24 - 2015-01-07 17:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-07 17:24 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 17:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 17:23 - 2015-01-07 17:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Администратор\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 22:11 - 2015-01-05 22:11 - 00131244 _____ () C:\ComboFix.txt
2015-01-05 21:52 - 2015-01-05 21:52 - 00000000 ____D () C:\Users\Àäìèíèñòðàòîð
2015-01-05 21:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-05 21:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-05 21:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-05 21:28 - 2015-01-05 22:11 - 00000000 ____D () C:\Qoobox
2015-01-05 21:27 - 2015-01-05 22:09 - 00000000 ____D () C:\Windows\erdnt
2015-01-05 21:21 - 2015-01-05 21:21 - 05609498 ____R (Swearware) C:\Users\Администратор\Desktop\ComboFix.exe
2015-01-05 17:49 - 2015-01-05 16:54 - 00039636 _____ () C:\Users\Администратор\Desktop\Addition.txt
2015-01-05 17:40 - 2015-01-07 20:49 - 00024748 _____ () C:\Users\Администратор\Desktop\FRST.txt
2015-01-05 16:22 - 2015-01-07 20:49 - 00000000 ____D () C:\FRST
2015-01-05 16:21 - 2015-01-07 20:46 - 01115648 _____ (Farbar) C:\Users\Администратор\Desktop\FRST.exe
2015-01-05 01:29 - 2015-01-05 01:29 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\AVG2015
2015-01-05 01:22 - 2015-01-05 01:29 - 00000000 ____D () C:\$AVG
2015-01-05 01:16 - 2015-01-07 17:20 - 00000000 ____D () C:\Users\Администратор\AppData\Local\Avg2015
2015-01-05 00:54 - 2015-01-07 19:36 - 00189776 _____ () C:\Windows\PFRO.log
2015-01-05 00:38 - 2015-01-07 20:23 - 00000672 _____ () C:\Windows\setupact.log
2015-01-05 00:38 - 2015-01-05 00:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 __SHD () C:\Users\Администратор\AppData\Local\EmieBrowserModeList
2015-01-04 23:32 - 2015-01-04 23:32 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\TuneUp Software
2014-12-21 22:24 - 2014-12-21 22:24 - 00002461 _____ () C:\Users\Администратор\Downloads\000000005_watchmaker.fb2.zip
2014-12-19 12:21 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-14 00:28 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-14 00:28 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-14 00:28 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-14 00:28 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-14 00:28 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-13 22:57 - 2014-12-13 22:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 21:48 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 21:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 21:48 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 21:48 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 21:48 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-13 21:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-13 21:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 21:48 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 21:48 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 21:48 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 21:48 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-13 21:48 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-13 21:48 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-13 21:48 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 21:48 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 21:48 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 21:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 21:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 21:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 21:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 21:48 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-13 21:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 21:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 21:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 21:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-13 21:48 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-13 21:48 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-13 21:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 21:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-13 21:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-13 21:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-08 21:25 - 2014-12-08 21:25 - 00208152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 20:41 - 2012-03-29 20:02 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 20:31 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 20:31 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 20:23 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 20:21 - 2010-03-24 13:38 - 01408532 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 19:34 - 2014-04-11 14:38 - 00001018 _____ () C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-07 19:01 - 2014-08-24 10:37 - 00000000 ____D () C:\Users\Администратор\Downloads\instal
2015-01-07 18:56 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Overwolf
2015-01-07 18:55 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-07 18:15 - 2010-04-24 15:13 - 00000000 __SHD () C:\Program Files\MPK
2015-01-05 22:11 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-05 22:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-05 22:01 - 2009-07-14 03:03 - 62390272 _____ () C:\Windows\system32\config\software.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 28049408 _____ () C:\Windows\system32\config\system.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-01-05 21:40 - 2013-11-29 21:26 - 00000000 ____D () C:\Users\Default
2015-01-05 01:29 - 2013-07-19 14:18 - 00000000 ____D () C:\Program Files\AVG
2015-01-05 01:18 - 2012-05-03 16:08 - 00000426 _____ () C:\Users\Администратор\Desktop\Keys.txt
2015-01-05 00:05 - 2005-12-31 23:10 - 00007600 _____ () C:\Users\Администратор\AppData\Local\resmon.resmoncfg
2014-12-27 20:22 - 2014-10-23 20:08 - 00002181 _____ () C:\Users\Администратор\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-12-27 20:22 - 2014-10-23 20:08 - 00002181 _____ () C:\FoxitReaderUpdateInfo.txt
2014-12-27 20:22 - 2012-05-06 18:01 - 00000000 ____D () C:\Users\Администратор\Documents\1 ЮЛЯ
2014-12-21 20:59 - 2010-03-24 14:50 - 02499712 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 20:59 - 2009-07-14 09:41 - 00719598 _____ () C:\Windows\system32\perfh019.dat
2014-12-21 20:59 - 2009-07-14 09:41 - 00151680 _____ () C:\Windows\system32\perfc019.dat
2014-12-19 12:12 - 2012-12-07 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 13:19 - 2014-10-19 19:47 - 00000000 ____D () C:\Windows\rescache
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-14 00:26 - 2013-08-24 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 00:19 - 2010-10-30 01:31 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 21:41 - 2012-03-29 20:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 21:41 - 2011-06-07 10:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Администратор\AppData\Local\Temp\avgnt.exe
C:\Users\Администратор\AppData\Local\Temp\catchme.dll
C:\Users\Администратор\AppData\Local\Temp\Quarantine.exe
C:\Users\Администратор\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 13:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 08.01.2015, 07:28   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 19:05   #10
FaceTheTrace
 
Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



ESET log.txt

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=55a87d51a8f0c040b71411846197317b
# engine=21887
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-09 04:38:10
# local_time=2015-01-09 05:38:10 (+0100, Mitteleuropдische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 11670 107955474 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 38621628 172452681 0 0
# scanned=216793
# found=13
# cleaned=0
# scan_time=7817
sh=FD337F07ADD3275748EECECE3D041F92C69B2DA8 ft=1 fh=07e8a7f3c42701d9 vn="Win32/KeyLogger.Refog.615 Anwendung" ac=I fn="C:\Program Files\MPK\lnkmst.exe"
sh=8B3F4351987C6566E65B7370FAA0A2CC2395815E ft=1 fh=fd96c49d2545d003 vn="Mehrere Bedrohungen" ac=I fn="C:\Program Files\MPK\MpkNetInstall.exe"
sh=C74DAB9E71CF751AE2A37624FE34A5B8ED0DD769 ft=0 fh=0000000000000000 vn="Win32/AdWare.AddLyrics.T Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\LyricsFolder\133.crx.vir"
sh=3DB76419FA29BB58A9FCD163382844FF052F17E6 ft=0 fh=0000000000000000 vn="Win32/AdWare.AddLyrics.T Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\LyricsFolder\133.xpi.vir"
sh=3CEC511696C55812861BB45658E9D685605C64A1 ft=1 fh=bb2136bb4788f465 vn="Win32/PSW.Papras.CX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\OmtaJcogt.dat.vir"
sh=79584F9CC60FE1E8843860906126A01B80425974 ft=0 fh=0000000000000000 vn="Variante von Win32/Injector.ANOT Trojaner" ac=I fn="C:\Users\Администратор\Documents\1 ЮЛЯ\Bank\Forderung Kobrina Yulia 30.09.2013 der abgewiesenen Buchung Ihrer Bestellung.zip"
sh=C3937102B74AAE33C7725020F68D998A99CD044B ft=1 fh=6e4c94e4e7dedc70 vn="Win32/Somoto.Q evtl. unerwunschte Anwendung" ac=I fn="C:\Users\Администратор\Downloads\instal\setup_Project64_2.1-2.exe"
sh=DC287D9AF69775BBB2DB89A00A3DF4E9DB35C46F ft=1 fh=298a8d7888b4be83 vn="Variante von Win32/Wajam.G evtl. unerwunschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEX2V90I\wajam_update[1].004"
sh=C9AE242E9680F6E470392C6C215DD55BD07FE2D4 ft=1 fh=d4b0879f4d00966c vn="Variante von Win32/Wajam.G evtl. unerwunschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPHFQVCK\wajam_update[1].004"
sh=C9AE242E9680F6E470392C6C215DD55BD07FE2D4 ft=1 fh=d4b0879f4d00966c vn="Variante von Win32/Wajam.G evtl. unerwunschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPHFQVCK\wajam_update[2].004"
sh=C9AE242E9680F6E470392C6C215DD55BD07FE2D4 ft=1 fh=d4b0879f4d00966c vn="Variante von Win32/Wajam.G evtl. unerwunschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[1].004"
sh=DC287D9AF69775BBB2DB89A00A3DF4E9DB35C46F ft=1 fh=298a8d7888b4be83 vn="Variante von Win32/Wajam.G evtl. unerwunschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[2].004"
sh=36B7B96EB53DA16D1FF11B7E9FF7F5CB50B32611 ft=1 fh=c25161fd9a01116d vn="Variante von Win32/Wajam.G evtl. unerwunschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[3].004"
         
checkup.txt

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 21  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Администратор (administrator) on DNAPC on 09-01-2015 19:03:00
Running from C:\Users\Администратор\Desktop
Loaded Profile: Администратор (Available profiles: Администратор)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Russisch (Russische Föderation)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
() C:\Windows\CmUCREye.exe
(Vimicro) C:\Windows\VM303_STI.EXE
(Vimicro) C:\Windows\VMSnap3.exe
() C:\Windows\Domino.exe
(Sonix) C:\Windows\vsnp2std.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
() C:\Windows\System32\drivers\WDelMgr20.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\WO2013.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmiboot] => C:\Windows\cmiboot.exe [65536 2007-02-07] ()
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro)
HKLM\...\Run: [VMSnap3] => Ђ  !
HKLM\...\Run: [Domino] => Ђ0”и¦mЋД‚   @hРћvzТ‚ш“и¦ 
HKLM\...\Run: [SoundMan] => C:\Windows\VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Windows\Domino.exe [49152 2006-07-04] ()
HKLM\...\Run: [snp2std] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2011-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Windows\vsnp2std.exe [339968 2005-10-20] (Sonix)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=0814av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1114av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1214av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2940817598-1931161818-2907281725-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?p=pLsH3anR-Rz0cILJ
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.4free.in.ua/index.php
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NetworkProxy: "ftp", "195.81.186.116"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "195.81.186.116"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.81.186.116"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "195.81.186.116"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @digitalpublishing.de/dpLaunch -> C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2940817598-1931161818-2907281725-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Администратор\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\abs@avira.com [2015-01-04]
FF Extension: Stealthy - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\stealthyextension@gmail.com.xpi [2012-12-18]
FF Extension: Flagfox - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Adblock Plus - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-07]
FF Extension: Adblock Edge - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-04]

Chrome: 
=======
CHR Profile: C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM\...\Chrome\Extension: [lmgddjncmooacfihfmikfohkldcjjgml] - C:\Program Files\LyricsFolder\133.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [254328 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [121720 2010-03-30] (AVM Berlin)
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed]
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-12-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [153464 2010-03-30] (AVM Berlin)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 WDelMgr20; C:\Windows\system32\drivers\WDelMgr20.exe [57344 2002-05-29] () [File not signed]
S4 CamProExpress64; C:\Program Files\AirLive\CamPro Express 64\CamProExpress64.exe [X]
S3 EWSASERV; "C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [118784 2007-03-21] (ATI Technologies Inc.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 CMISTOR; C:\Windows\system32\DRIVERS\cmiucr.SYS [93056 2007-01-12] (C-Media Corporation)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2009-06-10] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hcw99rc; C:\Windows\System32\Drivers\hcw99rc.sys [10368 2007-03-23] (Hauppauge Computer Works, Inc.)
S3 hptmv; C:\Windows\system32\DRIVERS\hptmv.sys [71968 2006-09-27] (HighPoint Technologies, Inc.)
S3 ioatdma; C:\Windows\System32\Drivers\qd26032.sys [37504 2008-01-18] (Intel Corporation)
S3 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36480 2008-01-18] (Intel Corporation)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [75672 2007-06-19] (Intel Corporation)
S3 iteraid; C:\Windows\system32\DRIVERS\iteraid.sys [29184 2007-05-02] (ITE Tech. Inc.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [15200 2008-10-09] (JMicron )
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [84320 2009-02-19] (JMicron Technology Corp.)
S3 m5287; C:\Windows\system32\DRIVERS\m5287.sys [104320 2006-07-20] (ULi Electronics Inc.) [File not signed]
S3 m5288; C:\Windows\system32\DRIVERS\m5288.sys [211072 2006-07-19] (ULi Electronics Inc.) [File not signed]
S3 m5289; C:\Windows\system32\DRIVERS\m5289.sys [52480 2005-07-04] (ULi Electronics Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [397632 2008-06-26] (LSI Corporation, Inc.)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation)
S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [13056 2006-11-14] (DiBcom S.A.)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [5120 2007-03-21] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.)
S3 NBv834x; C:\Windows\system32\DRIVERS\nbv834x.sys [104992 2008-10-19] (Bigfoot Networks, Inc.)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-01-19] (Windows (R) Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70656 2012-01-12] (Windows (R) Win 7 DDK provider)
S1 NtFsLdf20; C:\Windows\system32\Drivers\NtFsLdf20.sys [61440 2002-05-29] () [File not signed]
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [335224 2010-03-30] (AVM Berlin)
S3 PciIsaSerial; C:\Windows\System32\DRIVERS\PciIsaSerial.sys [65536 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [82944 2009-07-23] ()
S3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [115200 2008-12-19] ()
S3 rr172x; C:\Windows\system32\DRIVERS\rr172x.sys [90400 2007-06-12] (HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\DRIVERS\rr2522.sys [112160 2007-07-02] (HighPoint Technologies, Inc.)
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [245248 2006-12-27] (Ralink Technology Inc.)
S3 SI3112; C:\Windows\system32\DRIVERS\SI3112.sys [69168 2007-01-26] (Silicon Image, Inc.)
S3 SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [110128 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\DRIVERS\SI3114.sys [68912 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys [110384 2007-04-11] (Silicon Image, Inc)
R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [210472 2008-04-29] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\DRIVERS\SI3124.sys [76208 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [207152 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
S3 Si3132r5; C:\Windows\system32\DRIVERS\Si3132r5.sys [217128 2008-10-30] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [10446720 2006-02-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [445936 2010-09-21] () [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R2 STM Parallel Driver; C:\Windows\system32\drivers\parstm.sys [43776 2003-07-09] (STMicroelectronics) [File not signed]
S3 uac4pdt; C:\Windows\System32\DRIVERS\uac4pdt.sys [15232 2007-02-04] (Micronas GmbH)
S3 usb2lpt; C:\Windows\System32\DRIVERS\usb2lpt.sys [15360 2009-11-13] (haftmann#software)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 viamraid; C:\Windows\system32\DRIVERS\viamraid.sys [137880 2008-04-21] (VIA Technologies Inc.,Ltd)
S3 VIAudio; C:\Windows\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
S3 ViBus; C:\Windows\system32\DRIVERS\ViBus.sys [20632 2008-04-15] (VIA Technologies, Inc.)
S3 ViPrt; C:\Windows\system32\DRIVERS\ViPrt.sys [56984 2008-04-15] (VIA Technologies, Inc.)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [475136 2007-03-18] (Vimicro Corporation)
S3 WinTVCIUSB; C:\Windows\system32\DRIVERS\hcw11.sys [91136 2008-02-28] (Hauppauge Computer Works, Inc.)
S3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.)
S3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [28168 2008-01-24] (Logitech Inc.)
S3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [29192 2008-01-24] (Logitech Inc.)
S3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.)
S3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 a75f2wrp; C:\Windows\system32\Drivers\a75f2wrp.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\Users\836D~1\AppData\Local\Temp\catchme.sys [X]
S3 giveio; \??\C:\Windows\system32\giveio.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SNPSTD3; system32\DRIVERS\snpstd3.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 ZSMC0303; System32\Drivers\usbVM303.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 18:43 - 2015-01-09 18:43 - 00852505 _____ () C:\Users\Администратор\Desktop\SecurityCheck.exe
2015-01-09 15:24 - 2015-01-09 15:24 - 02347384 _____ (ESET) C:\Users\Администратор\Downloads\esetsmartinstaller_deu.exe
2015-01-07 20:46 - 2015-01-07 20:49 - 00000000 ____D () C:\Users\Администратор\Desktop\FRST-OlderVersion
2015-01-07 19:53 - 2015-01-07 19:53 - 00000000 ____D () C:\Windows\ERUNT
2015-01-07 19:46 - 2015-01-07 19:47 - 01707939 _____ (Thisisu) C:\Users\Администратор\Desktop\JRT.exe
2015-01-07 19:22 - 2015-01-07 19:34 - 00000000 ____D () C:\AdwCleaner
2015-01-07 19:21 - 2015-01-07 19:22 - 02173952 _____ () C:\Users\Администратор\Downloads\AdwCleaner_4.106.exe
2015-01-07 18:28 - 2015-01-07 18:28 - 00010639 _____ () C:\Users\Администратор\Desktop\mbam.txt
2015-01-07 17:27 - 2015-01-09 18:09 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:24 - 2015-01-07 17:24 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:24 - 2015-01-07 17:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-07 17:24 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 17:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 17:23 - 2015-01-07 17:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Администратор\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 22:11 - 2015-01-05 22:11 - 00131244 _____ () C:\ComboFix.txt
2015-01-05 21:52 - 2015-01-05 21:52 - 00000000 ____D () C:\Users\Àäìèíèñòðàòîð
2015-01-05 21:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-05 21:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-05 21:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-05 21:28 - 2015-01-05 22:11 - 00000000 ____D () C:\Qoobox
2015-01-05 21:27 - 2015-01-05 22:09 - 00000000 ____D () C:\Windows\erdnt
2015-01-05 21:21 - 2015-01-05 21:21 - 05609498 ____R (Swearware) C:\Users\Администратор\Desktop\ComboFix.exe
2015-01-05 17:49 - 2015-01-05 16:54 - 00039636 _____ () C:\Users\Администратор\Desktop\Addition.txt
2015-01-05 17:40 - 2015-01-09 19:03 - 00025025 _____ () C:\Users\Администратор\Desktop\FRST.txt
2015-01-05 16:22 - 2015-01-09 19:03 - 00000000 ____D () C:\FRST
2015-01-05 16:21 - 2015-01-07 20:46 - 01115648 _____ (Farbar) C:\Users\Администратор\Desktop\FRST.exe
2015-01-05 01:29 - 2015-01-05 01:29 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\AVG2015
2015-01-05 01:22 - 2015-01-05 01:29 - 00000000 ____D () C:\$AVG
2015-01-05 01:16 - 2015-01-07 17:20 - 00000000 ____D () C:\Users\Администратор\AppData\Local\Avg2015
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 __SHD () C:\Users\Администратор\AppData\Local\EmieBrowserModeList
2015-01-04 23:32 - 2015-01-04 23:32 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\TuneUp Software
2014-12-21 22:24 - 2014-12-21 22:24 - 00002461 _____ () C:\Users\Администратор\Downloads\000000005_watchmaker.fb2.zip
2014-12-19 12:21 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-14 00:28 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-14 00:28 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-14 00:28 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-14 00:28 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-14 00:28 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-13 22:57 - 2014-12-13 22:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 21:48 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 21:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 21:48 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 21:48 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 21:48 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-13 21:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-13 21:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 21:48 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 21:48 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 21:48 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 21:48 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-13 21:48 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-13 21:48 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-13 21:48 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 21:48 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 21:48 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 21:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 21:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 21:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 21:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 21:48 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-13 21:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 21:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 21:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 21:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-13 21:48 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-13 21:48 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-13 21:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 21:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-13 21:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-13 21:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 18:54 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Overwolf
2015-01-09 18:41 - 2012-03-29 20:02 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 18:35 - 2010-03-25 18:51 - 00060416 _____ (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.VER
2015-01-09 15:26 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 15:26 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 15:25 - 2010-03-24 13:38 - 01432128 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 15:24 - 2010-03-24 14:50 - 02499712 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 15:24 - 2009-07-14 09:41 - 00719598 _____ () C:\Windows\system32\perfh019.dat
2015-01-09 15:24 - 2009-07-14 09:41 - 00151680 _____ () C:\Windows\system32\perfc019.dat
2015-01-09 15:19 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 22:14 - 2014-08-24 10:37 - 00000000 ____D () C:\Users\Администратор\Downloads\instal
2015-01-07 19:34 - 2014-04-11 14:38 - 00001018 _____ () C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-07 18:55 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-07 18:15 - 2010-04-24 15:13 - 00000000 __SHD () C:\Program Files\MPK
2015-01-05 22:11 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-05 22:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-05 22:01 - 2009-07-14 03:03 - 62390272 _____ () C:\Windows\system32\config\software.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 28049408 _____ () C:\Windows\system32\config\system.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-01-05 21:40 - 2013-11-29 21:26 - 00000000 ____D () C:\Users\Default
2015-01-05 01:29 - 2013-07-19 14:18 - 00000000 ____D () C:\Program Files\AVG
2015-01-05 01:18 - 2012-05-03 16:08 - 00000426 _____ () C:\Users\Администратор\Desktop\Keys.txt
2015-01-05 00:05 - 2005-12-31 23:10 - 00007600 _____ () C:\Users\Администратор\AppData\Local\resmon.resmoncfg
2014-12-27 20:22 - 2014-10-23 20:08 - 00002181 _____ () C:\Users\Администратор\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-12-27 20:22 - 2014-10-23 20:08 - 00002181 _____ () C:\FoxitReaderUpdateInfo.txt
2014-12-27 20:22 - 2012-05-06 18:01 - 00000000 ____D () C:\Users\Администратор\Documents\1 ЮЛЯ
2014-12-19 12:12 - 2012-12-07 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 13:19 - 2014-10-19 19:47 - 00000000 ____D () C:\Windows\rescache
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-14 00:26 - 2013-08-24 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 00:19 - 2010-10-30 01:31 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 21:41 - 2012-03-29 20:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 21:41 - 2011-06-07 10:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Администратор\AppData\Local\Temp\RTBK.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 13:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 09.01.2015, 20:45   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Java und Flash updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files\MPK

C:\Users\Администратор\Documents\1 ЮЛЯ\Bank\Forderung Kobrina Yulia 30.09.2013 der abgewiesenen Buchung Ihrer Bestellung.zip

C:\Users\Администратор\Downloads\instal\setup_Project64_2.1-2.exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEX2V90I\wajam_update[1].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPHFQVCK\wajam_update[1].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPHFQVCK\wajam_update[2].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[1].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[2].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[3].004

HKLM\...\Run: [VMSnap3] => Ђ  !
HKLM\...\Run: [Domino] => Ђ0”и¦mЋД‚   @hРћvzТ‚ш“и¦ 
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM\...\Chrome\Extension: [lmgddjncmooacfihfmikfohkldcjjgml] - C:\Program Files\LyricsFolder\133.crx [Not Found]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2015, 17:24   #12
FaceTheTrace
 
Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Hier die Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Администратор at 2015-01-10 15:06:26 Run:2
Running from C:\Users\Администратор\Desktop
Loaded Profile: Администратор (Available profiles: Администратор)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\MPK

C:\Users\Администратор\Documents\1 ЮЛЯ\Bank\Forderung Kobrina Yulia 30.09.2013 der abgewiesenen Buchung Ihrer Bestellung.zip

C:\Users\Администратор\Downloads\instal\setup_Project64_2.1-2.exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEX2V90I\wajam_update[1].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPHFQVCK\wajam_update[1].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPHFQVCK\wajam_update[2].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[1].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[2].004

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[3].004

HKLM\...\Run: [VMSnap3] => Ђ  !
HKLM\...\Run: [Domino] => Ђ0”и¦mЋД‚   @hРћvzТ‚ш“и¦ 
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM\...\Chrome\Extension: [lmgddjncmooacfihfmikfohkldcjjgml] - C:\Program Files\LyricsFolder\133.crx [Not Found]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
Emptytemp:
*****************

C:\Program Files\MPK => Moved successfully.
C:\Users\Администратор\Documents\1 ЮЛЯ\Bank\Forderung Kobrina Yulia 30.09.2013 der abgewiesenen Buchung Ihrer Bestellung.zip => Moved successfully.
C:\Users\Администратор\Downloads\instal\setup_Project64_2.1-2.exe => Moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEX2V90I\wajam_update[1].004 => Moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPHFQVCK\wajam_update[1].004 => Moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPHFQVCK\wajam_update[2].004 => Moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[1].004 => Moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[2].004 => Moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGEXE76I\wajam_update[3].004 => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VMSnap3 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Domino => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lmgddjncmooacfihfmikfohkldcjjgml" => Key deleted successfully.
rpcapd => Service deleted successfully.
EmptyTemp: => Removed 429.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:06:53 ====
         
Eine Frage hätte ich noch. Beim Eset Online Scanner gab es ja auch die Möglichkeit die berrohungen direkt zu entfernen. Das Hägchen sollte aber nicht gesetzt werden. Das hat mich etwas gewundert.

Und ich hab dir ja auch die JRT.txt nicht schiecken können da keine da war. Geht das in Ordnung?

Alt 10.01.2015, 17:57   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Ja das passt alles. ESET Funde haben wir mit dem Fix entfernt. Ich will die Funde immer erst sehen bevor die gelöscht werden.

Frisches FRST log bitte. Noch Probleme mit dem REchner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.01.2015, 20:34   #14
FaceTheTrace
 
Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Hier die FST log


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Администратор (administrator) on DNAPC on 11-01-2015 20:31:27
Running from C:\Users\Администратор\Desktop
Loaded Profile: Администратор (Available profiles: Администратор)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Russisch (Russische Föderation)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Vimicro) C:\Windows\VM303_STI.EXE
() C:\Windows\CmUCREye.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Sonix) C:\Windows\vsnp2std.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
() C:\Windows\System32\drivers\WDelMgr20.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Foxit Corporation) C:\Users\Администратор\AppData\Local\Temp\Foxit Reader Updater.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmiboot] => C:\Windows\cmiboot.exe [65536 2007-02-07] ()
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro)
HKLM\...\Run: [SoundMan] => Ђ  !
HKLM\...\Run: [AdobeAAMUpdater-1.0] => Ђ0”и¦mЋД‚   @hРћvzТ‚ш“и¦ 
HKLM\...\Run: [snp2std] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2011-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Windows\vsnp2std.exe [339968 2005-10-20] (Sonix)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_0814av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=0814av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1114av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1114av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Администратор\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=89b0634e268c47d39de3d15a921ce46c-c2d38690bbc4fbcaadab3e6a0352a6592ee08078 /CMPID=1214av
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2940817598-1931161818-2907281725-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?p=pLsH3anR-Rz0cILJ
HKU\S-1-5-21-2940817598-1931161818-2907281725-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.4free.in.ua/index.php
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2940817598-1931161818-2907281725-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NetworkProxy: "ftp", "195.81.186.116"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "195.81.186.116"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.81.186.116"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "195.81.186.116"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @digitalpublishing.de/dpLaunch -> C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2940817598-1931161818-2907281725-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Администратор\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\abs@avira.com [2015-01-04]
FF Extension: Stealthy - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\stealthyextension@gmail.com.xpi [2012-12-18]
FF Extension: Flagfox - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Adblock Plus - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-07]
FF Extension: Adblock Edge - C:\Users\Администратор\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-04]

Chrome: 
=======
CHR Profile: C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [254328 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [121720 2010-03-30] (AVM Berlin)
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed]
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-12-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [153464 2010-03-30] (AVM Berlin)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 WDelMgr20; C:\Windows\system32\drivers\WDelMgr20.exe [57344 2002-05-29] () [File not signed]
S4 CamProExpress64; C:\Program Files\AirLive\CamPro Express 64\CamProExpress64.exe [X]
S3 EWSASERV; "C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [118784 2007-03-21] (ATI Technologies Inc.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 CMISTOR; C:\Windows\system32\DRIVERS\cmiucr.SYS [93056 2007-01-12] (C-Media Corporation)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2009-06-10] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hcw99rc; C:\Windows\System32\Drivers\hcw99rc.sys [10368 2007-03-23] (Hauppauge Computer Works, Inc.)
S3 hptmv; C:\Windows\system32\DRIVERS\hptmv.sys [71968 2006-09-27] (HighPoint Technologies, Inc.)
S3 ioatdma; C:\Windows\System32\Drivers\qd26032.sys [37504 2008-01-18] (Intel Corporation)
S3 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36480 2008-01-18] (Intel Corporation)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [75672 2007-06-19] (Intel Corporation)
S3 iteraid; C:\Windows\system32\DRIVERS\iteraid.sys [29184 2007-05-02] (ITE Tech. Inc.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [15200 2008-10-09] (JMicron )
S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [84320 2009-02-19] (JMicron Technology Corp.)
S3 m5287; C:\Windows\system32\DRIVERS\m5287.sys [104320 2006-07-20] (ULi Electronics Inc.) [File not signed]
S3 m5288; C:\Windows\system32\DRIVERS\m5288.sys [211072 2006-07-19] (ULi Electronics Inc.) [File not signed]
S3 m5289; C:\Windows\system32\DRIVERS\m5289.sys [52480 2005-07-04] (ULi Electronics Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [397632 2008-06-26] (LSI Corporation, Inc.)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation)
S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [13056 2006-11-14] (DiBcom S.A.)
R3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [5120 2007-03-21] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 mv61xx; C:\Windows\system32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.)
S3 NBv834x; C:\Windows\system32\DRIVERS\nbv834x.sys [104992 2008-10-19] (Bigfoot Networks, Inc.)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-01-19] (Windows (R) Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70656 2012-01-12] (Windows (R) Win 7 DDK provider)
S1 NtFsLdf20; C:\Windows\system32\Drivers\NtFsLdf20.sys [61440 2002-05-29] () [File not signed]
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [335224 2010-03-30] (AVM Berlin)
S3 PciIsaSerial; C:\Windows\System32\DRIVERS\PciIsaSerial.sys [65536 2008-12-19] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [82944 2009-07-23] ()
S3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [115200 2008-12-19] ()
S3 rr172x; C:\Windows\system32\DRIVERS\rr172x.sys [90400 2007-06-12] (HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\DRIVERS\rr2522.sys [112160 2007-07-02] (HighPoint Technologies, Inc.)
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [245248 2006-12-27] (Ralink Technology Inc.)
S3 SI3112; C:\Windows\system32\DRIVERS\SI3112.sys [69168 2007-01-26] (Silicon Image, Inc.)
S3 SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [110128 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\DRIVERS\SI3114.sys [68912 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys [110384 2007-04-11] (Silicon Image, Inc)
R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [210472 2008-04-29] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\DRIVERS\SI3124.sys [76208 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [207152 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
S3 Si3132r5; C:\Windows\system32\DRIVERS\Si3132r5.sys [217128 2008-10-30] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [10446720 2006-02-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [445936 2010-09-21] () [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R2 STM Parallel Driver; C:\Windows\system32\drivers\parstm.sys [43776 2003-07-09] (STMicroelectronics) [File not signed]
S3 uac4pdt; C:\Windows\System32\DRIVERS\uac4pdt.sys [15232 2007-02-04] (Micronas GmbH)
S3 usb2lpt; C:\Windows\System32\DRIVERS\usb2lpt.sys [15360 2009-11-13] (haftmann#software)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 viamraid; C:\Windows\system32\DRIVERS\viamraid.sys [137880 2008-04-21] (VIA Technologies Inc.,Ltd)
S3 VIAudio; C:\Windows\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
S3 ViBus; C:\Windows\system32\DRIVERS\ViBus.sys [20632 2008-04-15] (VIA Technologies, Inc.)
S3 ViPrt; C:\Windows\system32\DRIVERS\ViPrt.sys [56984 2008-04-15] (VIA Technologies, Inc.)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [475136 2007-03-18] (Vimicro Corporation)
S3 WinTVCIUSB; C:\Windows\system32\DRIVERS\hcw11.sys [91136 2008-02-28] (Hauppauge Computer Works, Inc.)
S3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.)
S3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [28168 2008-01-24] (Logitech Inc.)
S3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [29192 2008-01-24] (Logitech Inc.)
S3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.)
S3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 aj0pljhh; C:\Windows\system32\Drivers\aj0pljhh.sys [0 ] (Advanced Micro Devices)
S3 catchme; \??\C:\Users\836D~1\AppData\Local\Temp\catchme.sys [X]
S3 giveio; \??\C:\Windows\system32\giveio.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SNPSTD3; system32\DRIVERS\snpstd3.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 ZSMC0303; System32\Drivers\usbVM303.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 12:10 - 2015-01-11 19:16 - 00000224 _____ () C:\Windows\setupact.log
2015-01-10 12:10 - 2015-01-10 15:08 - 00001174 _____ () C:\Windows\PFRO.log
2015-01-10 12:10 - 2015-01-10 12:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-09 18:43 - 2015-01-09 18:43 - 00852505 _____ () C:\Users\Администратор\Desktop\SecurityCheck.exe
2015-01-09 15:24 - 2015-01-09 15:24 - 02347384 _____ (ESET) C:\Users\Администратор\Downloads\esetsmartinstaller_deu.exe
2015-01-07 20:46 - 2015-01-07 20:49 - 00000000 ____D () C:\Users\Администратор\Desktop\FRST-OlderVersion
2015-01-07 19:53 - 2015-01-07 19:53 - 00000000 ____D () C:\Windows\ERUNT
2015-01-07 19:46 - 2015-01-07 19:47 - 01707939 _____ (Thisisu) C:\Users\Администратор\Desktop\JRT.exe
2015-01-07 19:22 - 2015-01-07 19:34 - 00000000 ____D () C:\AdwCleaner
2015-01-07 19:21 - 2015-01-07 19:22 - 02173952 _____ () C:\Users\Администратор\Downloads\AdwCleaner_4.106.exe
2015-01-07 18:28 - 2015-01-07 18:28 - 00010639 _____ () C:\Users\Администратор\Desktop\mbam.txt
2015-01-07 17:27 - 2015-01-11 20:15 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:24 - 2015-01-07 17:24 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:24 - 2015-01-07 17:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-07 17:24 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 17:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 17:23 - 2015-01-07 17:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Администратор\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 22:11 - 2015-01-05 22:11 - 00131244 _____ () C:\ComboFix.txt
2015-01-05 21:52 - 2015-01-05 21:52 - 00000000 ____D () C:\Users\Àäìèíèñòðàòîð
2015-01-05 21:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-05 21:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-05 21:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-05 21:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-05 21:28 - 2015-01-05 22:11 - 00000000 ____D () C:\Qoobox
2015-01-05 21:27 - 2015-01-05 22:09 - 00000000 ____D () C:\Windows\erdnt
2015-01-05 21:21 - 2015-01-05 21:21 - 05609498 ____R (Swearware) C:\Users\Администратор\Desktop\ComboFix.exe
2015-01-05 17:49 - 2015-01-05 16:54 - 00039636 _____ () C:\Users\Администратор\Desktop\Addition.txt
2015-01-05 17:40 - 2015-01-11 20:31 - 00024917 _____ () C:\Users\Администратор\Desktop\FRST.txt
2015-01-05 16:22 - 2015-01-11 20:31 - 00000000 ____D () C:\FRST
2015-01-05 16:21 - 2015-01-07 20:46 - 01115648 _____ (Farbar) C:\Users\Администратор\Desktop\FRST.exe
2015-01-05 01:29 - 2015-01-05 01:29 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\AVG2015
2015-01-05 01:22 - 2015-01-05 01:29 - 00000000 ____D () C:\$AVG
2015-01-05 01:16 - 2015-01-07 17:20 - 00000000 ____D () C:\Users\Администратор\AppData\Local\Avg2015
2015-01-04 23:46 - 2015-01-04 23:46 - 00000000 __SHD () C:\Users\Администратор\AppData\Local\EmieBrowserModeList
2015-01-04 23:32 - 2015-01-04 23:32 - 00000000 ____D () C:\Users\Администратор\AppData\Roaming\TuneUp Software
2014-12-21 22:24 - 2014-12-21 22:24 - 00002461 _____ () C:\Users\Администратор\Downloads\000000005_watchmaker.fb2.zip
2014-12-19 12:21 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-14 00:28 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-14 00:28 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-14 00:28 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-14 00:28 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-14 00:28 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-13 22:57 - 2014-12-13 22:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-13 21:48 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 21:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 21:48 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 21:48 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 21:48 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 21:48 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-13 21:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-13 21:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 21:48 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 21:48 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 21:48 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 21:48 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-13 21:48 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-13 21:48 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-13 21:48 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 21:48 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 21:48 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 21:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 21:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 21:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 21:48 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 21:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 21:48 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-13 21:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 21:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 21:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 21:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-13 21:48 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-13 21:48 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-13 21:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 21:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-13 21:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-13 21:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-13 21:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 19:44 - 2014-10-23 20:08 - 00002181 _____ () C:\Users\Администратор\AppData\Roaming\FoxitReaderUpdateInfo.txt
2015-01-11 19:44 - 2014-10-23 20:08 - 00002181 _____ () C:\FoxitReaderUpdateInfo.txt
2015-01-11 19:41 - 2012-03-29 20:02 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 19:26 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 19:26 - 2009-07-14 05:34 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 19:16 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 22:21 - 2012-05-06 18:01 - 00000000 ____D () C:\Users\Администратор\Documents\1 ЮЛЯ
2015-01-10 22:21 - 2010-03-24 13:38 - 01500740 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 15:06 - 2014-08-24 10:37 - 00000000 ____D () C:\Users\Администратор\Downloads\instal
2015-01-09 18:54 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Overwolf
2015-01-09 18:35 - 2010-03-25 18:51 - 00060416 _____ (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.VER
2015-01-09 15:24 - 2010-03-24 14:50 - 02499712 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 15:24 - 2009-07-14 09:41 - 00719598 _____ () C:\Windows\system32\perfh019.dat
2015-01-09 15:24 - 2009-07-14 09:41 - 00151680 _____ () C:\Windows\system32\perfc019.dat
2015-01-07 19:34 - 2014-04-11 14:38 - 00001018 _____ () C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-07 18:55 - 2014-10-22 12:53 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-05 22:11 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-05 22:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-05 22:01 - 2009-07-14 03:03 - 62390272 _____ () C:\Windows\system32\config\software.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 28049408 _____ () C:\Windows\system32\config\system.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-01-05 22:01 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-01-05 21:40 - 2013-11-29 21:26 - 00000000 ____D () C:\Users\Default
2015-01-05 01:29 - 2013-07-19 14:18 - 00000000 ____D () C:\Program Files\AVG
2015-01-05 01:18 - 2012-05-03 16:08 - 00000426 _____ () C:\Users\Администратор\Desktop\Keys.txt
2015-01-05 00:05 - 2005-12-31 23:10 - 00007600 _____ () C:\Users\Администратор\AppData\Local\resmon.resmoncfg
2014-12-19 12:12 - 2012-12-07 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 13:19 - 2014-10-19 19:47 - 00000000 ____D () C:\Windows\rescache
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-12-14 12:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-14 00:26 - 2013-08-24 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 00:19 - 2010-10-30 01:31 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 21:41 - 2012-03-29 20:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 21:41 - 2011-06-07 10:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Администратор\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 13:57

==================== End Of Log ============================
         
--- --- ---


Soweit funktioniert alles wieder und hoffentlich auch besser als vorher

Alt 11.01.2015, 23:59   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Avg durch Gruppenrichtlinie blockiert - Standard

Avg durch Gruppenrichtlinie blockiert



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [Cmiboot] => C:\Windows\cmiboot.exe [65536 2007-02-07] ()
HKLM\...\Run: [SoundMan] => Ђ  !
HKLM\...\Run: [AdobeAAMUpdater-1.0] => Ђ0”и¦mЋД‚   @hРћvzТ‚ш“и¦ 
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Avg durch Gruppenrichtlinie blockiert
administratorkonto, arten, avg, avg problem, avg vierenschutz, blockiert, deinstaliere, durch gruppenrichtlinie blockiert, ebenfalls, einiger, error, freue, gruppe, gruppenrichtlinie, gruppenrichtlinie blockiert, hilfe, meldung, probleme, programm, rechte, richtlinie, starte, starten



Ähnliche Themen: Avg durch Gruppenrichtlinie blockiert


  1. AVG 2013 durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 03.03.2015 (5)
  2. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 27.11.2014 (11)
  3. Klassiker: Durch Gruppenrichtlinie blockiert.
    Plagegeister aller Art und deren Bekämpfung - 22.11.2014 (13)
  4. Avast durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 24.10.2014 (13)
  5. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 18.09.2014 (19)
  6. Avast durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (8)
  7. Avira durch gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 26.07.2014 (17)
  8. Avira durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 28.06.2014 (13)
  9. AntiVir durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 27.06.2014 (10)
  10. Antivir durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 21.06.2014 (25)
  11. Avast durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (13)
  12. Avast durch Gruppenrichtlinie blockiert.
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (5)
  13. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 22.05.2014 (7)
  14. Antivir durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 13.05.2014 (15)
  15. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 30.04.2014 (11)
  16. Avg durch Gruppenrichtlinie blockiert. Ebenso Malewarebytes
    Plagegeister aller Art und deren Bekämpfung - 28.04.2014 (7)
  17. Avast durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 04.04.2014 (11)

Zum Thema Avg durch Gruppenrichtlinie blockiert - Hallo, ich habe seit einiger Zeit Probleme mit meinem Avg Vierenschutz. Ich kann ihn weder starten noch deinstalieren. Ich bekomme jedes Mal die Meldung, dass das Programm durch eine Gruppenrichtlinie - Avg durch Gruppenrichtlinie blockiert...
Archiv
Du betrachtest: Avg durch Gruppenrichtlinie blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.