| |
| |||||||
Log-Analyse und Auswertung: WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.08.2014, 13:23
| #1 |
 |  WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) Guten Tag ein routinemässiger Scan mit Malwarbytes hat > 160 Founds ergeben. Zudem kann ich Avira nicht mehr starten und auch nicht deinstallieren, da es anscheinend durch eine Gruppenrichtlinie gesperrt ist. Bitte um Hilfe und Analyse meiner Log-Files Grüsse xvolt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Angie at 2014-08-13 14:12:05
Running from C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VGN50HB
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7 Wonders II (HKLM\...\exent_586350) (Version: - )
7Go Games (HKLM\...\7Go Games) (Version: 1.0.0.0 - 7go.com)
7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
AVIConverter 5.1.6 (HKLM\...\AVIConverter) (Version: 5.1.6 - )
Avira AntiVir Personal - Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 10.0.0.567 - Avira GmbH)
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
Cradle of Rome (HKLM\...\exent_554750) (Version: - )
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fantastigames (HKLM\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version: - Exent Technologies Ltd) <==== ATTENTION
FileConverter 1.3 B2 Toolbar (HKLM\...\FileConverter_1.3_B2 Toolbar) (Version: 6.11.2.6 - FileConverter 1.3 B2)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
Heartwild Solitaire - Book Two (HKLM\...\exent_676150) (Version: - )
Heroes of Hellas (HKLM\...\exent_532150) (Version: - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}) (Version: 2.0.9.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.40 F1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 F1 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{340F521E-3576-4E1A-B75C-EB0ACF751379}) (Version: 3.00 J1 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
iLivid (HKLM\...\iLivid) (Version: 4.0.0.2208 - Bandoo Media Inc) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LayoutsExpress (HKLM\...\LayoutsExpress) (Version: - )
LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
PC Connectivity Solution (HKLM\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PC Performer (HKLM\...\PC Performer_is1) (Version: 11.10 - PerformerSoft LLC) <==== ATTENTION
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Speed Analysis 3 (HKLM\...\Speed Analysis 3) (Version: 1.0.0.4 - SpeedAnalysis.com) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Time Riddles: The Mansion (HKLM\...\exent_683150) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Wajam (HKLM\...\Wajam) (Version: 1.76 - Wajam) <==== ATTENTION
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent)
Winamp (HKLM\...\Winamp) (Version: 5.541 - Nullsoft, Inc)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1784021E-7CED-4A79-810D-7A4254C9C17F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2A5875CA-564A-48D5-BD59-A2DFA80B2C9C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Angie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {2A7FA053-C6C6-4CCA-87C6-7F165D78C11C} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CD53A98-87AB-44CE-8AB9-F47A4C68897E} - System32\Tasks\PC Performer => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {83A2220F-031D-4E6B-93F6-63028120B476} - System32\Tasks\PC Performer_UPDATES => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {99D546B7-304D-4321-A600-1C9DB414F713} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {C807222A-3809-41A1-B5EB-CE621F9BE417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F1A96772-4E0E-4102-A6E2-CFB46CB9A2E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {F6C63592-1E4C-4A23-8723-312FF58342D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-07-25 14:53 - 2011-10-25 17:56 - 00049152 _____ () C:\Windows\system32\CSRSRV.dll
2014-08-13 12:41 - 2010-01-28 13:57 - 00355688 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-07-08 06:01 - 2008-06-11 22:18 - 00120216 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2008-07-08 06:01 - 2008-06-11 22:18 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-07-08 06:01 - 2008-06-11 22:18 - 00345384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2008-08-04 01:02 - 2008-08-04 01:02 - 00036352 _____ () C:\Program Files\Winamp\winampa.exe
2011-06-18 20:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-07-08 06:55 - 2008-04-26 01:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe
2008-07-08 06:55 - 2007-11-15 01:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-07-08 06:48 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-07-08 06:07 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2014-08-13 14:08 - 2014-08-13 14:08 - 00050477 _____ () C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6S53WUC\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft Tun-Miniportadapter #2
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2014 02:12:07 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{aa6c1ff3-e938-11dd-908f-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.
Vorgang:
Automatisch freigegebene Schattenkopien werden entfernt
Anbieter wird geladen
Kontext:
Ausführungskontext: System Provider
Error: (08/13/2014 02:12:07 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{aa6c1ff3-e938-11dd-908f-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.
Vorgang:
Automatisch freigegebene Schattenkopien werden entfernt
Anbieter wird geladen
Kontext:
Ausführungskontext: System Provider
Error: (08/13/2014 02:12:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:12:04.683]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:11:30 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:11:30.174]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:10:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:10:55.665]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:10:21 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:10:21.138]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:09:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:09:46.635]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:09:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:09:12.082]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:08:37 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:08:37.579]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:08:03 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:08:03.074]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
System errors:
=============
Error: (08/13/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: avipbb%%31
Error: (08/13/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: avipbb
sptd
ssmdrv
Error: (08/13/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Avira AntiVir Guard
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Update Lizardlink%%3
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: MBAMServiceMBAMProtector%%31
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMProtector%%31
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: avgntflt%%31
Error: (08/13/2014 01:28:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMSwissArmy%%31
Error: (08/13/2014 01:28:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMSwissArmy%%31
Microsoft Office Sessions:
=========================
Error: (06/06/2013 03:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 531 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-08-13 13:55:08.747
Description: N/A
Date: 2014-08-13 13:55:08.407
Description: N/A
Date: 2014-08-13 13:55:08.057
Description: N/A
Date: 2014-08-13 13:55:07.667
Description: N/A
Date: 2014-08-13 13:55:07.087
Description: N/A
Date: 2014-08-13 13:55:06.647
Description: N/A
Date: 2014-08-13 13:55:06.107
Description: N/A
Date: 2014-08-13 13:55:05.587
Description: N/A
Date: 2014-08-13 13:54:35.489
Description: N/A
Date: 2014-08-13 13:54:35.079
Description: N/A
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 1978.45 MB
Available physical RAM: 883.5 MB
Total Pagefile: 4198.16 MB
Available Pagefile: 2948.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.1 GB) (Free:185.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8.98 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1163E3AD)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 Ran by Angie (administrator) on ANGIE-PC on 13-08-2014 14:11:16 Running from C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VGN50HB Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe () C:\Program Files\Winamp\winampa.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Exent Technologies Ltd.) C:\Program Files\FantastiGames\GPlayer.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe () C:\Windows\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe () C:\Windows\Installer\{6DC9FE55-927B-3523-1E6E-BE9DFE17D1D4}\syshost.exe (ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe (Wajam) C:\Program Files\Wajam\Updater\WajamUpdater.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe () C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6S53WUC\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKU\.DEFAULT\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.) HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.) HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.) HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.) HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [OletAyuxm] => regsvr32.exe "C:\ProgramData\OletAyuxm.dat" HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\MountPoints2: {6fe4f026-f5f2-11dd-a7c9-001f1656624b} - H:\Setup.exe Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=112543&tt=120812_bandext_3312_5&babsrc=HP_ss&mntrId=5efdfc0400000000000000234e6026b1 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?affID=121240&tt=gc_170513_18210&babsrc=HP_ss&mntrId=5EFD00234E6026B1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb URLSearchHook: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) URLSearchHook: HKLM - appbarioDE Toolbar - {525ba996-1ce4-4677-91c5-9fc4ead2d245} - C:\Program Files\appbarioDE\prxtbappb.dll No File URLSearchHook: HKCU - FroggyBoss Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>) URLSearchHook: HKCU - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) URLSearchHook: HKCU - appbarioDE Toolbar - {525ba996-1ce4-4677-91c5-9fc4ead2d245} - C:\Program Files\appbarioDE\prxtbappb.dll No File SearchScopes: HKLM - DefaultScope {6CCBCF51-EC11-4D0F-8671-A366CF72FB90} URL = SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM - {29FA9B66-0816-48BC-9EBD-938CBC2903A4} URL = SearchScopes: HKLM - {2AD9BACB-2264-4A41-A318-6F1BDE25A2A7} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7273501263574128&q={searchTerms} SearchScopes: HKLM - {D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN65847689334022286&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV= SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN65847689334022286&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121240&tt=gc_170513_18210&babsrc=SP_ss_wls&mntrId=5EFD00234E6026B1 SearchScopes: HKCU - {29FA9B66-0816-48BC-9EBD-938CBC2903A4} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN65847689334022286&UM=2 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7273501263574128&q={searchTerms} SearchScopes: HKCU - {DCC31AE4-5661-401A-8268-5B2CB045F10D} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_deDE466 BHO: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File BHO: appbarioDE Toolbar -> {525ba996-1ce4-4677-91c5-9fc4ead2d245} -> C:\Program Files\appbarioDE\prxtbappb.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File BHO: MrFroggy Class -> {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} -> C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>) BHO: FileConverter 1.3 B2 Toolbar -> {99a9c3ba-07f6-4699-bc81-65cab16e204b} -> C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) BHO: Speed Analysis 3 -> {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} -> C:\Program Files\Speed Analysis 3\ScriptHost.dll No File BHO: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files\Wajam\IE\priam_bho.dll (Wajam) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files\Minibar\Kango.dll (KangoExtensions) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: Lizardlink -> {eb9e4cdf-b007-450c-b0af-b66467c3d6e0} -> C:\Program Files\Lizardlink\Lizardlinkbho.dll No File BHO: 7Go Games -> {FF103732-4528-4322-AA8B-F7849AB7776B} -> C:\Program Files\7Go Games\ScriptHost.dll No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) Toolbar: HKLM - appbarioDE Toolbar - {525ba996-1ce4-4677-91c5-9fc4ead2d245} - C:\Program Files\appbarioDE\prxtbappb.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - appbarioDE Toolbar - {525BA996-1CE4-4677-91C5-9FC4EAD2D245} - C:\Program Files\appbarioDE\prxtbappb.dll No File DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\FantastiGames\NPGameTreatPlugin.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-25] FF HKLM\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\7go@7go.com FF Extension: 7Go Games - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013-09-16] FF HKLM\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com FF Extension: Speed Analysis 3 - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013-09-16] FF HKCU\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\7go@7go.com FF HKCU\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com Chrome: ======= CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3312331&SearchSource=48&CUI=UN25533360282111013&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV= CHR StartupUrls: "http:\/\/search.conduit.com\/?ctid=CT3312331&SearchSource=48&CUI=UN25533360282111013&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV=" CHR NewTab: "chrome-extension://kdneagjiboclldmglpjofpeipkbollcf/Search/NewTabPages/html/new_tab.html" CHR Extension: (Google Search) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-21] CHR Extension: (Avira Browser Safety) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-13] CHR Extension: (7Go Games) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi [2013-09-16] CHR Extension: (appbarioDE) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdneagjiboclldmglpjofpeipkbollcf [2013-09-16] CHR Extension: (No Name) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbmpjbkgemhgalmeiigcdljkccfcafoj [2013-09-16] CHR Extension: (Google Wallet) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17] CHR Extension: (Gmail) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-21] CHR Extension: (Extutil) - C:\Users\Angie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-08-13] CHR Extension: (Managera) - C:\Users\Angie\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-08-13] CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Angie\AppData\Roaming\7go\7go.crx [2013-07-30] CHR HKLM\...\Chrome\Extension: [jainjonnknhmbbkibcbmhihbopigapdm] - C:\Program Files\Lizardlink\jainjonnknhmbbkibcbmhihbopigapdm.crx [2013-07-30] CHR HKLM\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28] CHR HKLM\...\Chrome\Extension: [mbmpjbkgemhgalmeiigcdljkccfcafoj] - C:\Users\Angie\AppData\Roaming\SpeedAnalysis3\SpeedAnalysis.crx [2013-08-28] CHR HKCU\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "5be5bf43b64694ac" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [135336 2010-02-24] (Avira GmbH) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267432 2010-04-01] (Avira GmbH) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed] R2 syshost32; C:\Windows\Installer\{6DC9FE55-927B-3523-1E6E-BE9DFE17D1D4}\syshost.exe [75776 2014-04-16] () [File not signed] R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.) S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) R2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2013-04-04] (Wajam) [File not signed] S2 Update Lizardlink; "C:\Program Files\Lizardlink\updateLizardlink.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 ACPI; C:\Windows\System32\drivers\acpi.sys [265688 2009-04-10] () [File not signed] R0 adp94xx; C:\Windows\System32\drivers\adp94xx.sys [422968 2008-01-21] () [File not signed] R0 adpahci; C:\Windows\System32\drivers\adpahci.sys [300600 2008-01-21] () [File not signed] R0 adpu160m; C:\Windows\System32\drivers\adpu160m.sys [101432 2008-01-21] () [File not signed] R0 adpu320; C:\Windows\System32\drivers\adpu320.sys [149560 2008-01-21] () [File not signed] R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2011-04-21] () [File not signed] S3 agp440; C:\Windows\system32\drivers\agp440.sys [56376 2008-01-21] () [File not signed] R0 aic78xx; C:\Windows\System32\drivers\djsvs.sys [71272 2006-11-02] () [File not signed] R0 aliide; C:\Windows\System32\drivers\aliide.sys [17464 2008-01-21] () [File not signed] S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [57400 2008-01-21] () [File not signed] R0 amdide; C:\Windows\System32\drivers\amdide.sys [17976 2008-01-21] () [File not signed] S3 AmdK7; C:\Windows\system32\drivers\amdk7.sys [41472 2008-01-21] () [File not signed] S3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [44032 2008-01-21] () [File not signed] R0 arc; C:\Windows\System32\drivers\arc.sys [79416 2008-01-21] () [File not signed] R0 arcsas; C:\Windows\System32\drivers\arcsas.sys [79928 2008-01-21] () [File not signed] S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17408 2008-01-21] () [File not signed] R0 atapi; C:\Windows\System32\drivers\atapi.sys [19944 2009-04-10] () [File not signed] R3 athr; C:\Windows\System32\DRIVERS\athr.sys [1183744 2009-09-05] () [File not signed] S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [60936 2010-02-16] (Avira GmbH) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [124784 2010-03-01] (Avira GmbH) S3 BCM43XV; C:\Windows\System32\DRIVERS\bcmwl6.sys [464384 2006-11-02] () [File not signed] R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2008-01-21] () [File not signed] S3 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45568 2008-01-21] () [File not signed] R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] () [File not signed] S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [13568 2006-11-02] () [File not signed] S3 BrFiltUp; C:\Windows\system32\drivers\brfiltup.sys [5248 2006-11-02] () [File not signed] S3 Brserid; C:\Windows\system32\drivers\brserid.sys [71808 2006-11-02] () [File not signed] S3 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [62336 2006-11-02] () [File not signed] S3 BrUsbMdm; C:\Windows\system32\drivers\brusbmdm.sys [12160 2006-11-02] () [File not signed] S3 BrUsbSer; C:\Windows\system32\drivers\brusbser.sys [11904 2006-11-02] () [File not signed] S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [39936 2006-11-02] () [File not signed] R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70144 2008-01-21] () [File not signed] R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [67072 2009-04-10] () [File not signed] S3 circlass; C:\Windows\system32\drivers\circlass.sys [35328 2008-01-21] () [File not signed] R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] () [File not signed] R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14208 2008-01-21] () [File not signed] R0 cmdide; C:\Windows\System32\drivers\cmdide.sys [19000 2008-01-21] () [File not signed] R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT32.sys [222208 2008-10-03] () [File not signed] R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [20792 2008-01-21] () [File not signed] R0 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [24632 2008-01-21] () [File not signed] S3 Crusoe; C:\Windows\system32\drivers\crusoe.sys [40960 2008-01-21] () [File not signed] R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [75264 2011-04-14] () [File not signed] R0 disk; C:\Windows\System32\drivers\disk.sys [53736 2009-04-10] () [File not signed] S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2008-01-21] () [File not signed] R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [638336 2012-07-25] () [File not signed] S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] () [File not signed] R0 Ecache; C:\Windows\System32\drivers\ecache.sys [141288 2009-04-10] () [File not signed] R0 elxstor; C:\Windows\System32\drivers\elxstor.sys [342584 2008-01-21] () [File not signed] S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [6656 2008-01-21] () [File not signed] S3 exfat; C:\Windows\system32\Drivers\exfat.sys [136704 2009-04-10] () [File not signed] S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [142848 2009-04-10] () [File not signed] S3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2008-01-21] () [File not signed] R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58936 2008-01-21] () [File not signed] S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [27648 2008-01-21] () [File not signed] S3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2008-01-21] () [File not signed] R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] () [File not signed] S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] U1 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [12800 2012-02-29] () [File not signed] S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [61496 2008-01-21] () [File not signed] S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [235520 2006-11-02] () [File not signed] R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [561152 2009-04-10] () [File not signed] S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [29184 2006-11-02] () [File not signed] S3 HidIr; C:\Windows\system32\drivers\hidir.sys [21504 2006-11-02] () [File not signed] S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [12800 2009-04-10] () [File not signed] R0 HpCISSs; C:\Windows\System32\drivers\hpcisss.sys [40504 2008-01-21] () [File not signed] R3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [16768 2007-06-18] () [File not signed] S3 HSFHWAZL; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [200704 2008-01-21] () [File not signed] R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [985600 2007-11-01] () [File not signed] R3 HSXHWAZL; C:\Windows\System32\DRIVERS\HSXHWAZL.sys [208896 2007-11-01] () [File not signed] R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [411648 2010-02-20] () [File not signed] R0 i2omp; C:\Windows\System32\drivers\i2omp.sys [30264 2008-01-21] () [File not signed] R1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2008-01-21] () [File not signed] R0 iaStorV; C:\Windows\System32\drivers\iastorv.sys [235064 2008-01-21] () [File not signed] R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9036800 2011-02-11] () [File not signed] R0 iirsp; C:\Windows\System32\drivers\iirsp.sys [41576 2006-11-02] () [File not signed] R3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [113664 2008-06-04] () [File not signed] R0 intelide; C:\Windows\System32\drivers\intelide.sys [17976 2008-01-21] () [File not signed] R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [41472 2008-01-21] () [File not signed] S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [47616 2008-01-21] () [File not signed] S3 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [64512 2008-01-21] () [File not signed] S3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [100864 2008-01-21] () [File not signed] S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13312 2008-01-21] () [File not signed] R0 isapnp; C:\Windows\System32\drivers\isapnp.sys [49720 2008-01-21] () [File not signed] R3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [180712 2009-04-10] () [File not signed] R0 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [35944 2006-11-02] () [File not signed] R0 iteraid; C:\Windows\System32\drivers\iteraid.sys [35944 2006-11-02] () [File not signed] R1 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [35384 2008-01-21] () [File not signed] S1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [17408 2009-04-10] () [File not signed] S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] () [File not signed] R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [440704 2012-06-04] () [File not signed] R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [47104 2008-01-21] () [File not signed] R0 LSI_FC; C:\Windows\System32\drivers\lsi_fc.sys [96312 2008-01-21] () [File not signed] R0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [89656 2008-01-21] () [File not signed] R0 LSI_SCSI; C:\Windows\System32\drivers\lsi_scsi.sys [96312 2008-01-21] () [File not signed] R2 luafv; C:\Windows\system32\drivers\luafv.sys [84480 2008-01-21] () [File not signed] S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-13] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] () [File not signed] R0 megasas; C:\Windows\System32\drivers\megasas.sys [31288 2008-01-21] () [File not signed] R0 MegaSR; C:\Windows\System32\drivers\megasr.sys [386616 2008-01-21] () [File not signed] R3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2008-01-21] () [File not signed] R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [41984 2008-01-21] () [File not signed] R1 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [34360 2008-01-21] () [File not signed] S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [15872 2008-01-21] () [File not signed] R0 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [57400 2008-01-21] () [File not signed] R0 mpio; C:\Windows\System32\drivers\mpio.sys [105016 2008-01-21] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [64000 2008-01-21] () [File not signed] R0 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] () [File not signed] R3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [114688 2009-04-10] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [106496 2011-04-29] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [214016 2011-07-06] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [79872 2011-04-29] () [File not signed] R0 msahci; C:\Windows\System32\drivers\msahci.sys [27112 2009-04-10] () [File not signed] R0 msdsm; C:\Windows\System32\drivers\msdsm.sys [94776 2008-01-21] () [File not signed] R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2008-01-21] () [File not signed] R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [16440 2008-01-21] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8192 2008-01-21] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2008-01-21] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2008-01-21] () [File not signed] S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [161752 2009-04-10] () [File not signed] R3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [31288 2008-01-21] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6016 2008-01-21] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [48104 2009-04-10] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [148480 2009-04-10] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [527848 2009-04-10] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2008-01-21] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [16896 2008-01-21] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [121344 2009-04-10] () [File not signed] R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [49664 2008-01-21] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [35840 2008-01-21] () [File not signed] R1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] () [File not signed] R0 nfrd960; C:\Windows\System32\drivers\nfrd960.sys [45160 2006-11-02] () [File not signed] R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-04-10] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16384 2008-01-21] () [File not signed] R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-10] () [File not signed] S3 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] () [File not signed] R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2008-01-21] () [File not signed] S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x32.sys [429056 2006-11-02] () [File not signed] R0 nvraid; C:\Windows\System32\drivers\nvraid.sys [102968 2008-01-21] () [File not signed] R0 nvstor; C:\Windows\System32\drivers\nvstor.sys [45112 2008-01-21] () [File not signed] S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [109112 2008-01-21] () [File not signed] S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62080 2006-11-02] () [File not signed] S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2006-11-02] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [53120 2012-03-21] () [File not signed] S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2006-11-02] () [File not signed] S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] () [File not signed] R0 pci; C:\Windows\System32\drivers\pci.sys [149480 2009-04-10] () [File not signed] R0 pciide; C:\Windows\System32\drivers\pciide.sys [16440 2008-01-21] () [File not signed] S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [167528 2006-11-02] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [878080 2006-11-02] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [62976 2008-01-21] () [File not signed] S3 Processor; C:\Windows\system32\drivers\processr.sys [40960 2008-01-21] () [File not signed] R1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [72192 2009-04-10] () [File not signed] R0 ql2300; C:\Windows\System32\drivers\ql2300.sys [1122360 2008-01-21] () [File not signed] R0 ql40xx; C:\Windows\System32\drivers\ql40xx.sys [106088 2006-11-02] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2008-01-21] () [File not signed] R1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2008-01-21] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [76288 2008-01-21] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2009-04-10] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [69120 2009-04-10] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [225280 2009-04-10] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2008-01-21] () [File not signed] S3 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [248832 2008-01-21] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2008-01-21] () [File not signed] S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [180736 2012-05-01] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2008-01-21] () [File not signed] R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [123904 2008-06-10] () [File not signed] R3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [62464 2008-06-05] () [File not signed] R0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [76392 2006-11-02] () [File not signed] R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2006-11-02] () [File not signed] S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2006-11-02] () [File not signed] S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2006-11-02] () [File not signed] S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2008-01-21] () [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [13312 2008-01-21] () [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2008-01-21] () [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [11776 2008-01-21] () [File not signed] S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13312 2006-11-02] () [File not signed] S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [55864 2008-01-21] () [File not signed] R0 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [41016 2008-01-21] () [File not signed] R0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [74808 2008-01-21] () [File not signed] R1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66560 2009-04-10] () [File not signed] R0 spldr; C:\Windows\system32\Drivers\spldr.sys [21048 2008-01-21] () [File not signed] S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-02-08] (Duplex Secure Ltd.) R3 srv; C:\Windows\System32\DRIVERS\srv.sys [305152 2011-02-18] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [102400 2011-04-29] () [File not signed] S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH) R3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [9216 2008-01-21] () [File not signed] R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [15288 2008-01-21] () [File not signed] R0 Symc8xx; C:\Windows\System32\drivers\symc8xx.sys [35944 2006-11-02] () [File not signed] R0 Sym_hi; C:\Windows\System32\drivers\sym_hi.sys [31848 2006-11-02] () [File not signed] R0 Sym_u3; C:\Windows\System32\drivers\sym_u3.sys [34920 2006-11-02] () [File not signed] R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [199344 2008-04-17] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [905600 2012-03-30] () [File not signed] S3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [905600 2012-03-30] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [30720 2009-12-08] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2008-01-21] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29184 2008-01-21] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [72192 2009-04-10] () [File not signed] R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [53224 2009-04-10] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [23552 2008-01-21] () [File not signed] R3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [15360 2008-01-21] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [25088 2010-02-18] () [File not signed] S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [59448 2008-01-21] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [226816 2009-04-10] () [File not signed] S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [60984 2008-01-21] () [File not signed] R0 uliahci; C:\Windows\System32\drivers\uliahci.sys [238648 2008-01-21] () [File not signed] R0 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] () [File not signed] R0 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2008-01-21] () [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2008-01-21] () [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2008-01-21] () [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] () [File not signed] R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2009-04-10] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [196096 2009-04-10] () [File not signed] S3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [19456 2008-01-21] () [File not signed] S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [18944 2008-01-21] () [File not signed] S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2008-01-21] () [File not signed] S3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [28160 2008-01-21] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [65536 2009-04-10] () [File not signed] R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [23552 2008-01-21] () [File not signed] R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [134016 2008-01-21] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2008-01-21] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2008-01-21] () [File not signed] S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [56888 2008-01-21] () [File not signed] S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [41472 2008-01-21] () [File not signed] R0 viaide; C:\Windows\System32\drivers\viaide.sys [20024 2008-01-21] () [File not signed] R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [52792 2008-01-21] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [292840 2009-04-10] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [226280 2009-04-10] () [File not signed] R0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [130616 2008-01-21] () [File not signed] S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] () [File not signed] S3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] () [File not signed] R0 Wd; C:\Windows\System32\drivers\wd.sys [22072 2008-01-21] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] () [File not signed] R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 2007-11-01] () [File not signed] R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2008-01-21] () [File not signed] S3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [40448 2009-10-01] () [File not signed] S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2008-01-21] () [File not signed] R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2009-07-14] () [File not signed] R2 X6XSEx_Pr143; C:\Program Files\FantastiGames\X6XSEx_Pr143.Sys [47432 2012-08-02] () [File not signed] R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8704 2007-10-18] () [File not signed] U5 5be5bf43b64694ac; C:\Windows\System32\Drivers\5be5bf43b64694ac.sys [57856 2014-04-16] () <===== ATTENTION Necurs Rootkit? U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28216 2008-01-21] () [File not signed] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 nmwcd; system32\drivers\ccdcmb.sys [X] S3 nmwcdc; system32\drivers\ccdcmbo.sys [X] S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X] S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 14:08 - 2014-08-13 14:09 - 00004704 _____ () C:\Users\Angie\Desktop\defogger_disable.log 2014-08-13 14:08 - 2014-08-13 14:09 - 00000020 _____ () C:\Users\Angie\defogger_reenable 2014-08-13 13:54 - 2014-08-13 14:11 - 00000000 ____D () C:\FRST 2014-08-13 13:28 - 2014-08-13 13:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 13:28 - 2014-08-13 13:28 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-13 13:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-13 13:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-13 13:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-13 13:01 - 2014-08-13 13:01 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Angie\Downloads\avira_de_av___ws.exe 2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira 2014-08-13 12:42 - 2014-08-13 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-13 12:41 - 2014-08-13 13:19 - 00000000 ____D () C:\ProgramData\Avira 2014-08-13 12:41 - 2014-08-13 13:18 - 00000000 ____D () C:\Program Files\Avira 2014-08-13 12:41 - 2010-03-01 10:05 - 00124784 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys 2014-08-13 12:41 - 2010-02-16 14:24 - 00060936 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-13 12:41 - 2009-05-11 12:49 - 00051992 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntdd.sys 2014-08-13 12:41 - 2009-05-11 12:49 - 00017016 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntmgr.sys 2014-08-13 12:41 - 2009-05-11 10:12 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-02 09:56 - 2014-08-13 12:55 - 00000000 ____D () C:\ProgramData\UstuWogu 2014-08-02 09:55 - 2014-08-13 12:55 - 00000000 ____D () C:\ProgramData\UskiTqop ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 14:11 - 2014-08-13 13:54 - 00000000 ____D () C:\FRST 2014-08-13 14:09 - 2014-08-13 14:08 - 00004704 _____ () C:\Users\Angie\Desktop\defogger_disable.log 2014-08-13 14:09 - 2014-08-13 14:08 - 00000020 _____ () C:\Users\Angie\defogger_reenable 2014-08-13 14:08 - 2009-01-23 13:29 - 00000000 ____D () C:\Users\Angie 2014-08-13 13:51 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-13 13:51 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-13 13:49 - 2008-12-04 01:32 - 00000286 _____ () C:\Users\Public\Documents\hpqp.ini 2014-08-13 13:46 - 2010-02-12 22:42 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-13 13:46 - 2008-01-21 04:47 - 00212242 _____ () C:\Windows\PFRO.log 2014-08-13 13:46 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-13 13:45 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-13 13:41 - 2010-02-12 22:42 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-13 13:31 - 2013-04-14 10:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-13 13:28 - 2014-08-13 13:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 13:28 - 2014-08-13 13:28 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-13 13:28 - 2012-07-24 20:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-13 13:27 - 2013-10-20 12:08 - 00000000 ____D () C:\SearchProtect 2014-08-13 13:19 - 2014-08-13 12:41 - 00000000 ____D () C:\ProgramData\Avira 2014-08-13 13:18 - 2014-08-13 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-13 13:18 - 2014-08-13 12:41 - 00000000 ____D () C:\Program Files\Avira 2014-08-13 13:18 - 2008-12-04 00:43 - 01058835 _____ () C:\Windows\WindowsUpdate.log 2014-08-13 13:13 - 2014-07-10 20:48 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys 2014-08-13 13:09 - 2009-02-12 21:18 - 00000680 _____ () C:\Users\Angie\AppData\Local\d3d9caps.dat 2014-08-13 13:02 - 2013-09-16 21:20 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Mozilla 2014-08-13 13:01 - 2014-08-13 13:01 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Angie\Downloads\avira_de_av___ws.exe 2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira 2014-08-13 12:56 - 2014-06-07 08:44 - 00230236 _____ (Microsoft Corporation) C:\ProgramData\OletAyuxm.dat 2014-08-13 12:55 - 2014-08-02 09:56 - 00000000 ____D () C:\ProgramData\UstuWogu 2014-08-13 12:55 - 2014-08-02 09:55 - 00000000 ____D () C:\ProgramData\UskiTqop 2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-04 21:37 - 2006-11-02 12:33 - 01453910 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-27 15:01 - 2013-09-16 21:21 - 00000264 _____ () C:\Windows\Tasks\PC Performer_DEFAULT.job Files to move or delete: ==================== C:\ProgramData\OletAyuxm.dat Some content of TEMP: ==================== C:\Users\Angie\AppData\Local\Temp\BackupSetup.exe C:\Users\Angie\AppData\Local\Temp\csrss.exe C:\Users\Angie\AppData\Local\Temp\dotNetFx40_Client_setup.exe C:\Users\Angie\AppData\Local\Temp\eTypeSetup.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate02.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate03.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate04.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate05.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate06.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate07.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate08.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate09.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate10.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate11.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate12.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate13.exe C:\Users\Angie\AppData\Local\Temp\HPQSi.exe C:\Users\Angie\AppData\Local\Temp\incredibar_installer.exe C:\Users\Angie\AppData\Local\Temp\installhelper.dll C:\Users\Angie\AppData\Local\Temp\jre-6u11-windows-i586-p-iftw_196cf524.exe C:\Users\Angie\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe C:\Users\Angie\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\minibar-master-v1.exe C:\Users\Angie\AppData\Local\Temp\MyBabylonTB_google_20120807.exe C:\Users\Angie\AppData\Local\Temp\NEventMessages.dll C:\Users\Angie\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Angie\AppData\Local\Temp\nsd6DE2.exe C:\Users\Angie\AppData\Local\Temp\nso31BD.exe C:\Users\Angie\AppData\Local\Temp\nsy409E.exe C:\Users\Angie\AppData\Local\Temp\nsyDF1E.exe C:\Users\Angie\AppData\Local\Temp\nsz3D71.exe C:\Users\Angie\AppData\Local\Temp\ose00000.exe C:\Users\Angie\AppData\Local\Temp\SecondStepInstaller.exe C:\Users\Angie\AppData\Local\Temp\setup.exe C:\Users\Angie\AppData\Local\Temp\SmartbarExeInstaller.exe C:\Users\Angie\AppData\Local\Temp\SPSetup.exe C:\Users\Angie\AppData\Local\Temp\SPStub.exe C:\Users\Angie\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\Angie\AppData\Local\Temp\ToolbarHelper.exe C:\Users\Angie\AppData\Local\Temp\uninst1.exe C:\Users\Angie\AppData\Local\Temp\vcredist_x86.exe C:\Users\Angie\AppData\Local\Temp\zzhEC53.exe C:\Users\Angie\AppData\Local\Temp\_isCA22.exe C:\Users\Angie\AppData\Local\Temp\?odec Performer803975.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys [2012-07-25 12:24] - [2009-04-10 23:32] - 0226280 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION! LastRegBack: 2014-08-13 13:54 ==================== End Of Log ============================ MBAM-Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.24.07 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Angie :: ANGIE-PC [Administrator] Schutz: Aktiviert 24.07.2012 20:05:40 mbam-log-2012-07-24 (20-05-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 186950 Laufzeit: 6 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:08 on 13/08/2014 (Angie)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read 5be5bf43b64694ac.sys
Unable to read SISAGP.SYS
Unable to read sisraid2.sys
Unable to read sisraid4.sys
Unable to read smb.sys
Unable to read smclib.sys
Unable to read spldr.sys
Unable to read spsys.sys
Unable to read srv.sys
Unable to read srv2.sys
Unable to read srvnet.sys
Unable to read StarOpen.sys
Unable to read Storport.sys
Unable to read swenum.sys
Unable to read symc8xx.sys
Unable to read sym_hi.sys
Unable to read sym_u3.sys
Unable to read SynTP.sys
Unable to read tape.sys
Unable to read tcpip.sys
Unable to read tcpipreg.sys
Unable to read tdi.sys
Unable to read tdpipe.sys
Unable to read tdtcp.sys
Unable to read tdx.sys
Unable to read termdd.sys
Unable to read tssecsrv.sys
Unable to read TUNMP.SYS
Unable to read tunnel.sys
Unable to read UAGP35.SYS
Unable to read udfs.sys
Unable to read ULIAGPKX.SYS
Unable to read uliahci.sys
Unable to read ulsata.sys
Unable to read ulsata2.sys
Unable to read umbus.sys
Unable to read umpass.sys
Unable to read usb8023.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read usbscan.sys
Unable to read usbser.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read usbvideo.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vsmraid.sys
Unable to read VSTAZL3.SYS
Unable to read VSTCNXT3.SYS
Unable to read VSTDPV3.SYS
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read WpdUsb.sys
Unable to read ws2ifsl.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys
Unable to read XAudio.sys
SPTD -> Disabled
-=E.O.F=-
kein Inhalt, da nur Systemfehler beim Start Geändert von xvolt (13.08.2014 um 13:32 Uhr) |
|
13.08.2014, 13:40
| #2 |
| /// the machine /// TB-Ausbilder    | WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) hi,
__________________Adware & Co. deinstallieren
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Scan mit Combofix
__________________ |
|
13.08.2014, 16:53
| #3 |
| | WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) Hallo schrauber,
__________________tausend Dank dass du mir hilfst. Beim Revo Uninstaller konnte ich nur Avira deinstallieren. Der Windows Defender wird nicht als installiertes Programm angezeigt. Hier der Inhalt nach FRST Fix: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by Angie at 2014-08-13 15:25:51 Run:1
Running from C:\Users\Angie\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
Gruss xvolt Hier nun das Combofix-Log: Code:
ATTFilter Combofix Logfile: |
|
14.08.2014, 12:53
| #4 |
| /// the machine /// TB-Ausbilder | WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.08.2014, 14:17
| #5 |
| | WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) Hi hier nun die Logs mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.08.2014 Suchlauf-Zeit: 14:05:11 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.14.04 Rootkit Datenbank: v2014.08.04.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Angie Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319987 Verstrichene Zeit: 11 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner[S1].txt: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.305 - Bericht erstellt am 14/08/2014 um 14:23:25
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Angie - ANGIE-PC
# Gestartet von : C:\Users\Angie\Desktop\adwcleaner_3.305.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [7go@7go.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\5e53888de26fec45
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DSNR Labs
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Minibar
Schlüssel Gelöscht : HKCU\Software\PerformerSoft
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\LayoutsExpress
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Performer_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Speed Analysis 3
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16447
-\\ Mozilla Firefox v
*************************
AdwCleaner[R0].txt - [15342 octets] - [14/08/2014 13:02:48]
AdwCleaner[R1].txt - [2837 octets] - [14/08/2014 14:22:13]
AdwCleaner[S0].txt - [15299 octets] - [14/08/2014 13:04:44]
AdwCleaner[S1].txt - [2728 octets] - [14/08/2014 14:23:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2788 octets] ##########
JRT.txt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Angie on 14.08.2014 at 14:54:28,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Angie\start menu\programs\browser manager"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2014 at 15:01:01,89
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 Ran by Angie (administrator) on ANGIE-PC on 14-08-2014 15:02:07 Running from C:\Users\Angie\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe () C:\Program Files\Winamp\winampa.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.) Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-14] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14] CHR HKLM\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28] CHR HKCU\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed] S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X] S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-14] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-14] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-14] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-14] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [60936 2010-02-16] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [124784 2010-03-01] (Avira GmbH) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-02-08] (Duplex Secure Ltd.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Angie\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 nmwcd; system32\drivers\ccdcmb.sys [X] S3 nmwcdc; system32\drivers\ccdcmbo.sys [X] S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X] S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 15:02 - 2014-08-14 15:02 - 00000000 ____D () C:\FRST 2014-08-14 15:01 - 2014-08-14 15:01 - 00000746 _____ () C:\Users\Angie\Desktop\JRT.txt 2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\Windows\ERUNT 2014-08-14 14:28 - 2014-08-14 14:28 - 00002868 _____ () C:\Users\Angie\Desktop\AdwCleaner[S1].txt 2014-08-14 14:21 - 2014-08-14 14:21 - 01016261 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe 2014-08-14 14:20 - 2014-08-14 14:20 - 01356107 _____ () C:\Users\Angie\Desktop\adwcleaner_3.305.exe 2014-08-14 14:18 - 2014-08-14 14:18 - 00001161 _____ () C:\Users\Angie\Desktop\mbam.txt 2014-08-14 14:03 - 2014-08-14 14:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:03 - 2014-08-14 14:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:03 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-14 14:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-14 13:35 - 2014-08-14 13:35 - 00013519 _____ () C:\ComboFix.txt 2014-08-14 13:18 - 2014-08-14 13:35 - 00000000 ____D () C:\ComboFix 2014-08-14 13:17 - 2014-08-14 13:35 - 00000000 ____D () C:\Qoobox 2014-08-14 13:06 - 2014-08-14 13:06 - 00008224 _____ () C:\Users\jv\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-14 13:02 - 2014-08-14 14:23 - 00000000 ____D () C:\AdwCleaner 2014-08-14 12:24 - 2014-08-14 12:24 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 12:17 - 2014-08-14 13:01 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Google 2014-08-14 12:17 - 2014-08-14 12:18 - 00000000 ____D () C:\Users\jv\AppData\Local\Google 2014-08-14 12:05 - 2014-08-14 12:05 - 00004608 _____ () C:\Users\jv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 12:04 - 2014-08-14 12:04 - 00000949 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Macromedia 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\AVAST Software 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Adobe 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\QSwitch.txt 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\DSwitch.txt 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\AtStart.txt 2014-08-14 12:03 - 2014-08-14 13:10 - 00000944 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-14 12:03 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv 2014-08-14 12:03 - 2014-08-14 12:03 - 00000915 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-08-14 12:03 - 2014-08-14 12:03 - 00000020 ___SH () C:\Users\jv\ntuser.ini 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Startmenü 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Netzwerkumgebung 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Druckumgebung 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Musik 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Bilder 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Local\Verlauf 2014-08-14 12:03 - 2008-12-04 01:30 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 2014-08-14 12:03 - 2008-12-04 01:28 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-08-14 12:03 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-14 12:03 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-14 10:55 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\AVAST Software 2014-08-14 10:54 - 2014-08-14 10:54 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-14 10:54 - 2014-08-14 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-08-14 10:52 - 2014-08-14 10:54 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-14 10:52 - 2014-08-14 10:51 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-14 10:51 - 2014-08-14 10:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-14 10:50 - 2014-08-14 10:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-14 10:47 - 2014-08-14 10:50 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-14 10:47 - 2014-08-14 10:47 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\qswlqhwk.sys 2014-08-14 10:43 - 2014-08-14 10:47 - 91906368 _____ (AVAST Software) C:\Users\Angie\Downloads\avast_free_antivirus_setup_9.0.2021.exe 2014-08-14 10:06 - 2014-08-14 10:08 - 00025527 _____ () C:\Users\Angie\Downloads\Addition.txt 2014-08-14 10:03 - 2014-08-14 15:02 - 00013308 _____ () C:\Users\Angie\Downloads\FRST.txt 2014-08-14 09:29 - 2014-08-14 13:42 - 24017152 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\mpas-fe.exe 2014-08-13 15:42 - 2014-08-13 16:05 - 00000000 ____D () C:\Windows\erdnt 2014-08-13 15:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-13 15:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-13 15:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-13 15:30 - 2014-08-14 13:15 - 05571579 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe 2014-08-13 15:29 - 2014-08-13 15:41 - 05569662 ____R (Swearware) C:\Users\Angie\Downloads\ComboFix.exe 2014-08-13 15:25 - 2014-08-13 15:25 - 01092096 _____ (Farbar) C:\Users\Angie\Downloads\FRST.exe 2014-08-13 15:09 - 2014-08-14 12:59 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-13 15:08 - 2014-08-13 15:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angie\Downloads\revosetup95.exe 2014-08-13 14:13 - 2014-08-13 14:15 - 00380416 _____ () C:\Users\Angie\Downloads\Gmer-19357.exe 2014-08-13 14:08 - 2014-08-13 14:09 - 00000020 _____ () C:\Users\Angie\defogger_reenable 2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira 2014-08-13 12:42 - 2014-08-14 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-13 12:41 - 2014-08-14 10:24 - 00000000 ____D () C:\Program Files\Avira 2014-08-13 12:41 - 2014-08-14 09:57 - 00000000 ____D () C:\ProgramData\Avira 2014-08-13 12:41 - 2010-03-01 10:05 - 00124784 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys 2014-08-13 12:41 - 2010-02-16 14:24 - 00060936 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-13 12:41 - 2009-05-11 12:49 - 00051992 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntdd.sys 2014-08-13 12:41 - 2009-05-11 12:49 - 00017016 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntmgr.sys 2014-08-13 12:41 - 2009-05-11 10:12 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 15:02 - 2014-08-14 15:02 - 00000000 ____D () C:\FRST 2014-08-14 15:02 - 2014-08-14 10:03 - 00013308 _____ () C:\Users\Angie\Downloads\FRST.txt 2014-08-14 15:01 - 2014-08-14 15:01 - 00000746 _____ () C:\Users\Angie\Desktop\JRT.txt 2014-08-14 14:54 - 2014-08-14 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:54 - 2008-12-04 01:32 - 00000286 _____ () C:\Users\Public\Documents\hpqp.ini 2014-08-14 14:54 - 2008-12-04 00:43 - 01153192 _____ () C:\Windows\WindowsUpdate.log 2014-08-14 14:53 - 2010-02-12 22:42 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-14 14:50 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 14:50 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 14:50 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 14:49 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\Windows\ERUNT 2014-08-14 14:41 - 2010-02-12 22:42 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-14 14:31 - 2013-04-14 10:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-14 14:28 - 2014-08-14 14:28 - 00002868 _____ () C:\Users\Angie\Desktop\AdwCleaner[S1].txt 2014-08-14 14:24 - 2008-01-21 04:47 - 00568532 _____ () C:\Windows\PFRO.log 2014-08-14 14:23 - 2014-08-14 13:02 - 00000000 ____D () C:\AdwCleaner 2014-08-14 14:21 - 2014-08-14 14:21 - 01016261 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe 2014-08-14 14:20 - 2014-08-14 14:20 - 01356107 _____ () C:\Users\Angie\Desktop\adwcleaner_3.305.exe 2014-08-14 14:18 - 2014-08-14 14:18 - 00001161 _____ () C:\Users\Angie\Desktop\mbam.txt 2014-08-14 14:03 - 2014-08-14 14:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 13:42 - 2014-08-14 09:29 - 24017152 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\mpas-fe.exe 2014-08-14 13:35 - 2014-08-14 13:35 - 00013519 _____ () C:\ComboFix.txt 2014-08-14 13:35 - 2014-08-14 13:18 - 00000000 ____D () C:\ComboFix 2014-08-14 13:35 - 2014-08-14 13:17 - 00000000 ____D () C:\Qoobox 2014-08-14 13:32 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2014-08-14 13:21 - 2009-01-23 13:36 - 00000944 _____ () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-14 13:15 - 2014-08-13 15:30 - 05571579 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe 2014-08-14 13:10 - 2014-08-14 12:03 - 00000944 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-14 13:06 - 2014-08-14 13:06 - 00008224 _____ () C:\Users\jv\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-14 13:06 - 2012-08-13 11:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-14 13:01 - 2014-08-14 12:17 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Google 2014-08-14 12:59 - 2014-08-13 15:09 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-14 12:24 - 2014-08-14 12:24 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 12:18 - 2014-08-14 12:17 - 00000000 ____D () C:\Users\jv\AppData\Local\Google 2014-08-14 12:05 - 2014-08-14 12:05 - 00004608 _____ () C:\Users\jv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 12:04 - 2014-08-14 12:04 - 00000949 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Macromedia 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\AVAST Software 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Adobe 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\QSwitch.txt 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\DSwitch.txt 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\AtStart.txt 2014-08-14 12:04 - 2014-08-14 12:03 - 00000000 ____D () C:\Users\jv 2014-08-14 12:03 - 2014-08-14 12:03 - 00000915 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-08-14 12:03 - 2014-08-14 12:03 - 00000020 ___SH () C:\Users\jv\ntuser.ini 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Startmenü 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Netzwerkumgebung 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Druckumgebung 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Musik 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Bilder 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Local\Verlauf 2014-08-14 10:58 - 2009-01-23 15:15 - 00000000 ____D () C:\Users\Angie\AppData\Local\Google 2014-08-14 10:58 - 2009-01-23 15:15 - 00000000 ____D () C:\Program Files\Google 2014-08-14 10:58 - 2009-01-23 13:36 - 00000949 _____ () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-14 10:55 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\AVAST Software 2014-08-14 10:54 - 2014-08-14 10:54 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-14 10:54 - 2014-08-14 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-08-14 10:54 - 2014-08-14 10:52 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-14 10:51 - 2014-08-14 10:52 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-14 10:51 - 2014-08-14 10:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-14 10:50 - 2014-08-14 10:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-14 10:50 - 2014-08-14 10:47 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-14 10:47 - 2014-08-14 10:47 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\qswlqhwk.sys 2014-08-14 10:47 - 2014-08-14 10:43 - 91906368 _____ (AVAST Software) C:\Users\Angie\Downloads\avast_free_antivirus_setup_9.0.2021.exe 2014-08-14 10:24 - 2014-08-13 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-14 10:24 - 2014-08-13 12:41 - 00000000 ____D () C:\Program Files\Avira 2014-08-14 10:08 - 2014-08-14 10:06 - 00025527 _____ () C:\Users\Angie\Downloads\Addition.txt 2014-08-14 09:57 - 2014-08-13 12:41 - 00000000 ____D () C:\ProgramData\Avira 2014-08-14 09:20 - 2008-07-08 05:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-08-14 08:48 - 2009-02-12 21:18 - 00000680 _____ () C:\Users\Angie\AppData\Local\d3d9caps.dat 2014-08-13 16:07 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2014-08-13 16:06 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-08-13 16:05 - 2014-08-13 15:42 - 00000000 ____D () C:\Windows\erdnt 2014-08-13 15:58 - 2006-11-02 12:22 - 44826624 _____ () C:\Windows\system32\config\software.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 42467328 _____ () C:\Windows\system32\config\COMPON~3.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 19922944 _____ () C:\Windows\system32\config\system.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2014-08-13 15:41 - 2014-08-13 15:29 - 05569662 ____R (Swearware) C:\Users\Angie\Downloads\ComboFix.exe 2014-08-13 15:25 - 2014-08-13 15:25 - 01092096 _____ (Farbar) C:\Users\Angie\Downloads\FRST.exe 2014-08-13 15:08 - 2014-08-13 15:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angie\Downloads\revosetup95.exe 2014-08-13 14:15 - 2014-08-13 14:13 - 00380416 _____ () C:\Users\Angie\Downloads\Gmer-19357.exe 2014-08-13 14:09 - 2014-08-13 14:08 - 00000020 _____ () C:\Users\Angie\defogger_reenable 2014-08-13 14:08 - 2009-01-23 13:29 - 00000000 ____D () C:\Users\Angie 2014-08-13 13:13 - 2014-07-10 20:48 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys 2014-08-13 13:02 - 2013-09-16 21:20 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Mozilla 2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira 2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-05 09:20 - 2009-10-07 08:42 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-04 21:37 - 2006-11-02 12:33 - 01453910 _____ () C:\Windows\system32\PerfStringBackup.INI Some content of TEMP: ==================== C:\Users\Angie\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-14 14:58 ==================== End Of Log ============================ Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Angie at 2014-08-14 15:02:57
Running from C:\Users\Angie\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVIConverter 5.1.6 (HKLM\...\AVIConverter) (Version: 5.1.6 - )
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version: - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}) (Version: 2.0.9.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.40 F1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 F1 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{340F521E-3576-4E1A-B75C-EB0ACF751379}) (Version: 3.00 J1 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
PC Connectivity Solution (HKLM\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent)
Winamp (HKLM\...\Winamp) (Version: 5.541 - Nullsoft, Inc)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1332518490-556231238-1997960668-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
==================== Restore Points =========================
06-03-2014 17:40:55 Geplanter Prüfpunkt
09-03-2014 10:09:43 Geplanter Prüfpunkt
12-03-2014 09:30:26 Geplanter Prüfpunkt
20-03-2014 16:13:12 Geplanter Prüfpunkt
22-03-2014 11:12:10 Geplanter Prüfpunkt
23-03-2014 12:13:47 Geplanter Prüfpunkt
24-03-2014 16:11:20 Geplanter Prüfpunkt
26-03-2014 17:19:41 Geplanter Prüfpunkt
31-03-2014 15:45:37 Geplanter Prüfpunkt
01-04-2014 15:21:27 Geplanter Prüfpunkt
06-04-2014 10:39:52 Geplanter Prüfpunkt
11-04-2014 18:08:28 Geplanter Prüfpunkt
12-04-2014 09:05:09 Geplanter Prüfpunkt
13-04-2014 10:18:23 Geplanter Prüfpunkt
21-04-2014 08:39:04 Geplanter Prüfpunkt
07-05-2014 16:32:25 Geplanter Prüfpunkt
09-05-2014 14:37:34 Geplanter Prüfpunkt
10-05-2014 15:25:24 Geplanter Prüfpunkt
11-05-2014 09:05:00 Geplanter Prüfpunkt
19-06-2014 07:26:31 Geplanter Prüfpunkt
13-08-2014 10:40:51 Avira AntiVir Personal - 13.08.2014 12:39
13-08-2014 13:14:32 Revo Uninstaller's restore point - Avira AntiVir Personal - Free Antivirus
14-08-2014 07:02:27 Windows Update
14-08-2014 08:49:02 avast! antivirus system restore point
14-08-2014 10:50:59 Revo Uninstaller's restore point - FileConverter 1.3 B2 Toolbar
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2014-08-13 15:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1784021E-7CED-4A79-810D-7A4254C9C17F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CD53A98-87AB-44CE-8AB9-F47A4C68897E} - \PC Performer No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {99D546B7-304D-4321-A600-1C9DB414F713} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {A5620634-E49C-4245-81AB-EEA61B3ADF1A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Angie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {C807222A-3809-41A1-B5EB-CE621F9BE417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
Task: {E141E7D3-3456-4F8E-AD17-5E1B4FEF728F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F1A96772-4E0E-4102-A6E2-CFB46CB9A2E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {F6C63592-1E4C-4A23-8723-312FF58342D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-14 10:51 - 2014-08-14 10:51 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-14 13:54 - 2014-08-14 13:54 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081400\algo.dll
2008-07-08 06:55 - 2008-04-26 01:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe
2008-07-08 06:55 - 2007-11-15 01:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-07-08 06:48 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-06-18 20:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-08-04 01:02 - 2008-08-04 01:02 - 00036352 _____ () C:\Program Files\Winamp\winampa.exe
2014-08-14 10:51 - 2014-08-14 10:51 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-07-08 06:07 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft Tun-Miniportadapter #2
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/14/2014 03:04:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:04:53.563]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/14/2014 03:04:18 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:04:18.962]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/14/2014 03:03:44 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:03:44.361]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/14/2014 03:03:09 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:03:09.760]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/14/2014 03:02:35 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:02:35.159]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/14/2014 03:02:00 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:02:00.558]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/14/2014 03:01:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:01:26.000]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/14/2014 03:00:51 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:00:51.399]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (06/06/2013 03:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 531 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-08-14 15:02:47.686
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 15:02:47.389
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 15:02:47.015
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 15:02:46.578
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 14:51:26.524
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 14:25:57.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 14:10:06.763
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 14:10:06.414
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 14:10:06.039
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 14:10:05.243
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 54%
Total physical RAM: 1978.45 MB
Available physical RAM: 907.13 MB
Total Pagefile: 4200.16 MB
Available Pagefile: 2938.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.65 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.1 GB) (Free:189.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8.98 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1163E3AD)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gruss, xvolt |
|
15.08.2014, 11:23
| #6 |
| /// the machine /// TB-Ausbilder | WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) |
|
15.08.2014, 13:55
| #7 |
| | WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) Hallo, Probleme habe ich keine mehr :-) Hier dennoch noch die Logfiles, da ESET etwas gefunden hat. Eset.txt Code:
ATTFilter C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R0KLZ96.004 Variante von Win32/Wajam.G evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R20S7PL.dll möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R23IYS8.037 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R2OC18U.007 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RGG025V.0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RH6LB9D.032 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RIT8TV8.048 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RMHHILB.0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RP6J253.018 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RRJRX6C.cpi Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RTVOF5E.052 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RZGKOTN.050 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R41BLQR.3_B2\hk64tbFile.dll Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R41BLQR.3_B2\hktbFile.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R41BLQR.3_B2\ldrtbFile.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R41BLQR.3_B2\tbFile.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RBUXLWO\kdneagjiboclldmglpjofpeipkbollcf.crx Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RBYTSB2\Java\Deployment\cache\6.0\55\523b3677-5014ee4a Mehrere Bedrohungen
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RCY7J3O\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RCY7J3O\Quarantine\C\Program Files\Conduit\CT3312331\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RCY7J3O\Quarantine\C\Users\Angie\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\004A1017.exe.vir Variante von Win32/Toolbar.MyWebSearch.V evtl. unerwünschte Anwendung
C:\Users\Angie\Downloads\7-PDFSplitMerge.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Angie\Downloads\PDFCreator-1_6_2_2_setup.exe Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung
C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\hk64tbFil0.dll Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\hktbFil0.dll möglicherweise Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\hktbFile.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\ldrtbFile.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\tbFil0.dll Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\tbFil1.dll möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\tbFile.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
checkup.txt Code:
ATTFilter Results of screen317's Security Check version 0.99.86 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Java version out of Date! Adobe Reader 10.1.11 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Windows Defender MSASCui.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 Ran by Angie (administrator) on ANGIE-PC on 15-08-2014 14:45:58 Running from C:\Users\Angie\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SMINST\BLService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe () C:\Program Files\Winamp\winampa.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.) Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-14] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14] CHR HKLM\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2014-08-14] CHR HKCU\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2014-08-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed] S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X] S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-14] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-14] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-14] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-14] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [60936 2010-02-16] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [124784 2010-03-01] (Avira GmbH) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-02-08] (Duplex Secure Ltd.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Angie\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 nmwcd; system32\drivers\ccdcmb.sys [X] S3 nmwcdc; system32\drivers\ccdcmbo.sys [X] S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X] S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 14:45 - 2014-08-15 14:45 - 00001052 _____ () C:\Users\Angie\Desktop\checkup.txt 2014-08-15 14:23 - 2014-08-15 14:23 - 00005108 _____ () C:\Users\Angie\Desktop\ESET_OnlineScanner.txt 2014-08-15 12:45 - 2014-08-15 12:45 - 00000000 ____D () C:\Program Files\ESET 2014-08-15 08:34 - 2014-08-15 08:32 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-15 08:33 - 2014-08-15 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-15 08:33 - 2014-08-15 08:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-15 08:33 - 2014-08-15 08:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-15 08:33 - 2014-08-15 08:32 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-15 08:32 - 2014-08-15 08:32 - 00000000 ____D () C:\Program Files\Java 2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN125A.tmp 2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN1259.tmp 2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN1248.tmp 2014-08-15 08:08 - 2014-08-15 08:08 - 00001057 _____ () C:\Users\Angie\Desktop\Revo Uninstaller.lnk 2014-08-14 22:53 - 2014-08-14 22:53 - 00005546 _____ () C:\Users\Angie\Desktop\Eset.txt 2014-08-14 15:24 - 2014-08-14 23:01 - 00854410 _____ () C:\Users\Angie\Downloads\SecurityCheck.exe 2014-08-14 15:23 - 2014-08-14 15:24 - 02347384 _____ (ESET) C:\Users\Angie\Downloads\esetsmartinstaller_deu.exe 2014-08-14 15:12 - 2014-08-14 15:05 - 00033717 _____ () C:\Users\Angie\Desktop\FRST.txt 2014-08-14 15:12 - 2014-08-14 15:05 - 00023737 _____ () C:\Users\Angie\Desktop\Addition.txt 2014-08-14 15:02 - 2014-08-15 14:46 - 00000000 ____D () C:\FRST 2014-08-14 15:01 - 2014-08-14 15:01 - 00000746 _____ () C:\Users\Angie\Desktop\JRT.txt 2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\Windows\ERUNT 2014-08-14 14:28 - 2014-08-14 14:28 - 00002868 _____ () C:\Users\Angie\Desktop\AdwCleaner[S1].txt 2014-08-14 14:21 - 2014-08-14 14:21 - 01016261 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe 2014-08-14 14:20 - 2014-08-14 14:20 - 01356107 _____ () C:\Users\Angie\Desktop\adwcleaner_3.305.exe 2014-08-14 14:18 - 2014-08-14 14:18 - 00001161 _____ () C:\Users\Angie\Desktop\mbam.txt 2014-08-14 14:03 - 2014-08-15 12:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 14:03 - 2014-08-14 14:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 14:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 14:03 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-14 14:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-14 13:35 - 2014-08-14 13:35 - 00013519 _____ () C:\ComboFix.txt 2014-08-14 13:18 - 2014-08-14 13:35 - 00000000 ____D () C:\ComboFix 2014-08-14 13:17 - 2014-08-14 13:35 - 00000000 ____D () C:\Qoobox 2014-08-14 13:06 - 2014-08-14 13:06 - 00008224 _____ () C:\Users\jv\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-14 12:24 - 2014-08-14 12:24 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 12:17 - 2014-08-14 13:01 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Google 2014-08-14 12:17 - 2014-08-14 12:18 - 00000000 ____D () C:\Users\jv\AppData\Local\Google 2014-08-14 12:05 - 2014-08-14 12:05 - 00004608 _____ () C:\Users\jv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 12:04 - 2014-08-14 12:04 - 00000949 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Macromedia 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\AVAST Software 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Adobe 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\QSwitch.txt 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\DSwitch.txt 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\AtStart.txt 2014-08-14 12:03 - 2014-08-14 13:10 - 00000944 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-14 12:03 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv 2014-08-14 12:03 - 2014-08-14 12:03 - 00000915 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-08-14 12:03 - 2014-08-14 12:03 - 00000020 ___SH () C:\Users\jv\ntuser.ini 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Startmenü 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Netzwerkumgebung 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Druckumgebung 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Musik 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Bilder 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Local\Verlauf 2014-08-14 12:03 - 2008-12-04 01:30 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 2014-08-14 12:03 - 2008-12-04 01:28 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-08-14 12:03 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-14 12:03 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-14 10:55 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\AVAST Software 2014-08-14 10:54 - 2014-08-14 10:54 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-14 10:54 - 2014-08-14 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-08-14 10:52 - 2014-08-14 10:54 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-14 10:52 - 2014-08-14 10:51 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-14 10:52 - 2014-08-14 10:51 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-14 10:51 - 2014-08-14 10:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-14 10:50 - 2014-08-14 10:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-14 10:47 - 2014-08-14 10:50 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-14 10:47 - 2014-08-14 10:47 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\qswlqhwk.sys 2014-08-14 10:43 - 2014-08-14 10:47 - 91906368 _____ (AVAST Software) C:\Users\Angie\Downloads\avast_free_antivirus_setup_9.0.2021.exe 2014-08-14 10:03 - 2014-08-15 14:46 - 00013846 _____ () C:\Users\Angie\Downloads\FRST.txt 2014-08-14 09:29 - 2014-08-14 13:42 - 24017152 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\mpas-fe.exe 2014-08-13 15:42 - 2014-08-13 16:05 - 00000000 ____D () C:\Windows\erdnt 2014-08-13 15:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-13 15:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-13 15:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-13 15:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-13 15:30 - 2014-08-14 13:15 - 05571579 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe 2014-08-13 15:29 - 2014-08-13 15:41 - 05569662 ____R (Swearware) C:\Users\Angie\Downloads\ComboFix.exe 2014-08-13 15:25 - 2014-08-13 15:25 - 01092096 _____ (Farbar) C:\Users\Angie\Downloads\FRST.exe 2014-08-13 15:09 - 2014-08-15 08:08 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-13 15:08 - 2014-08-13 15:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angie\Downloads\revosetup95.exe 2014-08-13 14:13 - 2014-08-13 14:15 - 00380416 _____ () C:\Users\Angie\Downloads\Gmer-19357.exe 2014-08-13 14:08 - 2014-08-13 14:09 - 00000020 _____ () C:\Users\Angie\defogger_reenable 2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira 2014-08-13 12:42 - 2014-08-14 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-13 12:41 - 2014-08-14 10:24 - 00000000 ____D () C:\Program Files\Avira 2014-08-13 12:41 - 2014-08-14 09:57 - 00000000 ____D () C:\ProgramData\Avira 2014-08-13 12:41 - 2010-03-01 10:05 - 00124784 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys 2014-08-13 12:41 - 2010-02-16 14:24 - 00060936 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-13 12:41 - 2009-05-11 12:49 - 00051992 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntdd.sys 2014-08-13 12:41 - 2009-05-11 12:49 - 00017016 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntmgr.sys 2014-08-13 12:41 - 2009-05-11 10:12 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 14:46 - 2014-08-14 15:02 - 00000000 ____D () C:\FRST 2014-08-15 14:46 - 2014-08-14 10:03 - 00013846 _____ () C:\Users\Angie\Downloads\FRST.txt 2014-08-15 14:45 - 2014-08-15 14:45 - 00001052 _____ () C:\Users\Angie\Desktop\checkup.txt 2014-08-15 14:41 - 2010-02-12 22:42 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-15 14:31 - 2013-04-14 10:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-15 14:23 - 2014-08-15 14:23 - 00005108 _____ () C:\Users\Angie\Desktop\ESET_OnlineScanner.txt 2014-08-15 14:01 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-15 14:01 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-15 12:45 - 2014-08-15 12:45 - 00000000 ____D () C:\Program Files\ESET 2014-08-15 12:18 - 2014-08-14 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-15 08:41 - 2010-02-12 22:42 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 08:36 - 2008-12-04 00:43 - 01208576 _____ () C:\Windows\WindowsUpdate.log 2014-08-15 08:34 - 2008-07-08 06:59 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-15 08:33 - 2014-08-15 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-15 08:32 - 2014-08-15 08:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-15 08:32 - 2014-08-15 08:33 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-15 08:32 - 2014-08-15 08:33 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-15 08:32 - 2014-08-15 08:33 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-15 08:32 - 2014-08-15 08:32 - 00000000 ____D () C:\Program Files\Java 2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN125A.tmp 2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN1259.tmp 2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN1248.tmp 2014-08-15 08:08 - 2014-08-15 08:08 - 00001057 _____ () C:\Users\Angie\Desktop\Revo Uninstaller.lnk 2014-08-15 08:08 - 2014-08-13 15:09 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-08-15 08:04 - 2008-12-04 01:32 - 00000286 _____ () C:\Users\Public\Documents\hpqp.ini 2014-08-15 08:01 - 2008-01-21 04:47 - 00570512 _____ () C:\Windows\PFRO.log 2014-08-15 08:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 23:05 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-14 23:01 - 2014-08-14 15:24 - 00854410 _____ () C:\Users\Angie\Downloads\SecurityCheck.exe 2014-08-14 22:53 - 2014-08-14 22:53 - 00005546 _____ () C:\Users\Angie\Desktop\Eset.txt 2014-08-14 15:24 - 2014-08-14 15:23 - 02347384 _____ (ESET) C:\Users\Angie\Downloads\esetsmartinstaller_deu.exe 2014-08-14 15:05 - 2014-08-14 15:12 - 00033717 _____ () C:\Users\Angie\Desktop\FRST.txt 2014-08-14 15:05 - 2014-08-14 15:12 - 00023737 _____ () C:\Users\Angie\Desktop\Addition.txt 2014-08-14 15:01 - 2014-08-14 15:01 - 00000746 _____ () C:\Users\Angie\Desktop\JRT.txt 2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\Windows\ERUNT 2014-08-14 14:28 - 2014-08-14 14:28 - 00002868 _____ () C:\Users\Angie\Desktop\AdwCleaner[S1].txt 2014-08-14 14:21 - 2014-08-14 14:21 - 01016261 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe 2014-08-14 14:20 - 2014-08-14 14:20 - 01356107 _____ () C:\Users\Angie\Desktop\adwcleaner_3.305.exe 2014-08-14 14:18 - 2014-08-14 14:18 - 00001161 _____ () C:\Users\Angie\Desktop\mbam.txt 2014-08-14 14:03 - 2014-08-14 14:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 13:42 - 2014-08-14 09:29 - 24017152 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\mpas-fe.exe 2014-08-14 13:35 - 2014-08-14 13:35 - 00013519 _____ () C:\ComboFix.txt 2014-08-14 13:35 - 2014-08-14 13:18 - 00000000 ____D () C:\ComboFix 2014-08-14 13:35 - 2014-08-14 13:17 - 00000000 ____D () C:\Qoobox 2014-08-14 13:32 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2014-08-14 13:21 - 2009-01-23 13:36 - 00000944 _____ () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-14 13:15 - 2014-08-13 15:30 - 05571579 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe 2014-08-14 13:10 - 2014-08-14 12:03 - 00000944 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-14 13:06 - 2014-08-14 13:06 - 00008224 _____ () C:\Users\jv\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-14 13:06 - 2012-08-13 11:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-14 13:01 - 2014-08-14 12:17 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Google 2014-08-14 12:24 - 2014-08-14 12:24 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 12:18 - 2014-08-14 12:17 - 00000000 ____D () C:\Users\jv\AppData\Local\Google 2014-08-14 12:05 - 2014-08-14 12:05 - 00004608 _____ () C:\Users\jv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 12:04 - 2014-08-14 12:04 - 00000949 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Macromedia 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\AVAST Software 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Adobe 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\QSwitch.txt 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\DSwitch.txt 2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\AtStart.txt 2014-08-14 12:04 - 2014-08-14 12:03 - 00000000 ____D () C:\Users\jv 2014-08-14 12:03 - 2014-08-14 12:03 - 00000915 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-08-14 12:03 - 2014-08-14 12:03 - 00000020 ___SH () C:\Users\jv\ntuser.ini 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Startmenü 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Netzwerkumgebung 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Druckumgebung 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Musik 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Bilder 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Local\Verlauf 2014-08-14 10:58 - 2009-01-23 15:15 - 00000000 ____D () C:\Users\Angie\AppData\Local\Google 2014-08-14 10:58 - 2009-01-23 15:15 - 00000000 ____D () C:\Program Files\Google 2014-08-14 10:58 - 2009-01-23 13:36 - 00000949 _____ () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-14 10:55 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\AVAST Software 2014-08-14 10:54 - 2014-08-14 10:54 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-14 10:54 - 2014-08-14 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-08-14 10:54 - 2014-08-14 10:52 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-14 10:51 - 2014-08-14 10:52 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-14 10:51 - 2014-08-14 10:52 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-14 10:51 - 2014-08-14 10:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-14 10:50 - 2014-08-14 10:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-14 10:50 - 2014-08-14 10:47 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-14 10:47 - 2014-08-14 10:47 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\qswlqhwk.sys 2014-08-14 10:47 - 2014-08-14 10:43 - 91906368 _____ (AVAST Software) C:\Users\Angie\Downloads\avast_free_antivirus_setup_9.0.2021.exe 2014-08-14 10:24 - 2014-08-13 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-14 10:24 - 2014-08-13 12:41 - 00000000 ____D () C:\Program Files\Avira 2014-08-14 09:57 - 2014-08-13 12:41 - 00000000 ____D () C:\ProgramData\Avira 2014-08-14 09:20 - 2008-07-08 05:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-08-14 08:48 - 2009-02-12 21:18 - 00000680 _____ () C:\Users\Angie\AppData\Local\d3d9caps.dat 2014-08-13 16:07 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2014-08-13 16:06 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-08-13 16:05 - 2014-08-13 15:42 - 00000000 ____D () C:\Windows\erdnt 2014-08-13 15:58 - 2006-11-02 12:22 - 44826624 _____ () C:\Windows\system32\config\software.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 42467328 _____ () C:\Windows\system32\config\COMPON~3.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 19922944 _____ () C:\Windows\system32\config\system.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-08-13 15:58 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2014-08-13 15:41 - 2014-08-13 15:29 - 05569662 ____R (Swearware) C:\Users\Angie\Downloads\ComboFix.exe 2014-08-13 15:25 - 2014-08-13 15:25 - 01092096 _____ (Farbar) C:\Users\Angie\Downloads\FRST.exe 2014-08-13 15:08 - 2014-08-13 15:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angie\Downloads\revosetup95.exe 2014-08-13 14:15 - 2014-08-13 14:13 - 00380416 _____ () C:\Users\Angie\Downloads\Gmer-19357.exe 2014-08-13 14:09 - 2014-08-13 14:08 - 00000020 _____ () C:\Users\Angie\defogger_reenable 2014-08-13 14:08 - 2009-01-23 13:29 - 00000000 ____D () C:\Users\Angie 2014-08-13 13:13 - 2014-07-10 20:48 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys 2014-08-13 13:02 - 2013-09-16 21:20 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Mozilla 2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira 2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-05 09:20 - 2009-10-07 08:42 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-04 21:37 - 2006-11-02 12:33 - 01453910 _____ () C:\Windows\system32\PerfStringBackup.INI Some content of TEMP: ==================== C:\Users\Angie\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-15 08:09 ==================== End Of Log ============================ addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Angie at 2014-08-15 14:47:08
Running from C:\Users\Angie\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVIConverter 5.1.6 (HKLM\...\AVIConverter) (Version: 5.1.6 - )
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version: - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}) (Version: 2.0.9.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.40 F1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 F1 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{340F521E-3576-4E1A-B75C-EB0ACF751379}) (Version: 3.00 J1 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
PC Connectivity Solution (HKLM\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent)
Winamp (HKLM\...\Winamp) (Version: 5.541 - Nullsoft, Inc)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1332518490-556231238-1997960668-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
==================== Restore Points =========================
22-03-2014 11:12:10 Geplanter Prüfpunkt
23-03-2014 12:13:47 Geplanter Prüfpunkt
24-03-2014 16:11:20 Geplanter Prüfpunkt
26-03-2014 17:19:41 Geplanter Prüfpunkt
31-03-2014 15:45:37 Geplanter Prüfpunkt
01-04-2014 15:21:27 Geplanter Prüfpunkt
06-04-2014 10:39:52 Geplanter Prüfpunkt
11-04-2014 18:08:28 Geplanter Prüfpunkt
12-04-2014 09:05:09 Geplanter Prüfpunkt
13-04-2014 10:18:23 Geplanter Prüfpunkt
21-04-2014 08:39:04 Geplanter Prüfpunkt
07-05-2014 16:32:25 Geplanter Prüfpunkt
09-05-2014 14:37:34 Geplanter Prüfpunkt
10-05-2014 15:25:24 Geplanter Prüfpunkt
11-05-2014 09:05:00 Geplanter Prüfpunkt
19-06-2014 07:26:31 Geplanter Prüfpunkt
13-08-2014 10:40:51 Avira AntiVir Personal - 13.08.2014 12:39
13-08-2014 13:14:32 Revo Uninstaller's restore point - Avira AntiVir Personal - Free Antivirus
14-08-2014 07:02:27 Windows Update
14-08-2014 08:49:02 avast! antivirus system restore point
14-08-2014 10:50:59 Revo Uninstaller's restore point - FileConverter 1.3 B2 Toolbar
15-08-2014 06:22:24 Revo Uninstaller's restore point - Java(TM) 6 Update 5
15-08-2014 06:25:09 Revo Uninstaller's restore point - Java(TM) 6 Update 29
15-08-2014 06:25:24 Removed Java(TM) 6 Update 29
15-08-2014 06:31:53 Installed Java 7 Update 67
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2014-08-13 15:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1784021E-7CED-4A79-810D-7A4254C9C17F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CD53A98-87AB-44CE-8AB9-F47A4C68897E} - \PC Performer No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5E676CBE-5E24-422C-8B4F-DA7BC8276DB7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Angie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {99D546B7-304D-4321-A600-1C9DB414F713} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {C807222A-3809-41A1-B5EB-CE621F9BE417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
Task: {E141E7D3-3456-4F8E-AD17-5E1B4FEF728F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F1A96772-4E0E-4102-A6E2-CFB46CB9A2E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {F6C63592-1E4C-4A23-8723-312FF58342D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-14 10:51 - 2014-08-14 10:51 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-15 12:02 - 2014-08-15 12:02 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081500\algo.dll
2008-07-08 06:55 - 2008-04-26 01:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe
2008-07-08 06:55 - 2007-11-15 01:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-07-08 06:48 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-06-18 20:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-08-04 01:02 - 2008-08-04 01:02 - 00036352 _____ () C:\Program Files\Winamp\winampa.exe
2014-08-14 10:51 - 2014-08-14 10:51 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-07-08 06:07 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft Tun-Miniportadapter #2
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/15/2014 02:47:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:47:42.391]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/15/2014 02:47:07 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:47:07.790]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/15/2014 02:46:33 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:46:33.189]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/15/2014 02:45:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:45:58.588]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/15/2014 02:45:23 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:45:23.987]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/15/2014 02:44:49 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:44:49.366]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/15/2014 02:44:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:44:14.864]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/15/2014 02:43:40 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:43:40.055]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/15/2014 02:43:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:43:05.553]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/15/2014 02:42:31 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:42:31.049]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
System errors:
=============
Error: (08/15/2014 08:04:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira AntiVir Guard%%2
Error: (08/15/2014 08:04:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/15/2014 08:04:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira AntiVir Planer%%2
Microsoft Office Sessions:
=========================
Error: (06/06/2013 03:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 531 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-08-15 14:46:59.537
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-15 14:46:59.225
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-15 14:46:58.929
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-15 14:46:58.617
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-15 14:46:58.165
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-15 14:46:57.884
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-15 14:46:57.603
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-15 14:46:57.338
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-15 14:46:22.066
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-15 14:46:21.785
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 63%
Total physical RAM: 1978.45 MB
Available physical RAM: 724.67 MB
Total Pagefile: 4198.21 MB
Available Pagefile: 2661.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.1 GB) (Free:189.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8.98 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1163E3AD)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gruss Jürgen |
|
16.08.2014, 07:38
| #8 |
| /// the machine /// TB-Ausbilder | WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) Java und Adobe updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$RECYCLE.BIN
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.08.2014, 08:40
| #9 |
| | WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) Hallo Schrauber, vielen, vieln Dank für deine Hilfe - und dann auch alles immer so schnell!!! S U P E R! Hier noch das Fixlist-Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by Angie at 2014-08-16 09:35:37 Run:1
Running from C:\Users\Angie\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\$RECYCLE.BIN
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
*****************
C:\$RECYCLE.BIN => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
==== End of Fixlog ====
xvolt |
|
17.08.2014, 06:58
| #10 |
| /// the machine /// TB-Ausbilder | WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) |
| 4d36e972-e325-11ce-bfc1-08002be10318, conduitsearch, conduitsearch entfernen, device driver, dxgkrnl, gruppenrichtlinie, gruppenrichtlinie gesperrt, launch, newtab, tunnel, usbvideo.sys, vcredist, vista home premium, win32/bundled.toolbar.ask, win32/installmonetizer.aq, win32/pricegong.a, win32/toolbar.conduit.ac, win32/toolbar.conduit.ah, win32/toolbar.conduit.b, win32/toolbar.conduit.p, win32/toolbar.conduit.x, win32/toolbar.conduit.y, win32/toolbar.linkury.g, win32/toolbar.mywebsearch.v, win32/wajam.d, win32/wajam.g, win64/toolbar.conduit.b |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
