Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.08.2014, 13:23   #1
xvolt
 
WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)



Guten Tag

ein routinemässiger Scan mit Malwarbytes hat > 160 Founds ergeben. Zudem kann ich Avira nicht mehr starten und auch nicht deinstallieren, da es anscheinend durch eine Gruppenrichtlinie gesperrt ist.

Bitte um Hilfe und Analyse meiner Log-Files

Grüsse
xvolt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Angie at 2014-08-13 14:12:05
Running from C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VGN50HB
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders II (HKLM\...\exent_586350) (Version:  - )
7Go Games (HKLM\...\7Go Games) (Version: 1.0.0.0 - 7go.com)
7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
AVIConverter 5.1.6 (HKLM\...\AVIConverter) (Version: 5.1.6 - )
Avira AntiVir Personal - Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 10.0.0.567 - Avira GmbH)
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
Cradle of Rome (HKLM\...\exent_554750) (Version:  - )
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fantastigames (HKLM\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - Exent Technologies Ltd) <==== ATTENTION
FileConverter 1.3 B2 Toolbar (HKLM\...\FileConverter_1.3_B2 Toolbar) (Version: 6.11.2.6 - FileConverter 1.3 B2)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
Heartwild Solitaire - Book Two (HKLM\...\exent_676150) (Version:  - )
Heroes of Hellas (HKLM\...\exent_532150) (Version:  - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}) (Version: 2.0.9.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.40 F1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 F1 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{340F521E-3576-4E1A-B75C-EB0ACF751379}) (Version: 3.00 J1 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
iLivid (HKLM\...\iLivid) (Version: 4.0.0.2208 - Bandoo Media Inc) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LayoutsExpress (HKLM\...\LayoutsExpress) (Version:  - )
LightScribe System Software  1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
PC Connectivity Solution (HKLM\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PC Performer (HKLM\...\PC Performer_is1) (Version: 11.10 - PerformerSoft LLC) <==== ATTENTION
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Speed Analysis 3 (HKLM\...\Speed Analysis 3) (Version: 1.0.0.4 - SpeedAnalysis.com) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Time Riddles: The Mansion (HKLM\...\exent_683150) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Wajam (HKLM\...\Wajam) (Version: 1.76 - Wajam) <==== ATTENTION
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent)
Winamp (HKLM\...\Winamp) (Version: 5.541  - Nullsoft, Inc)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1784021E-7CED-4A79-810D-7A4254C9C17F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2A5875CA-564A-48D5-BD59-A2DFA80B2C9C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Angie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {2A7FA053-C6C6-4CCA-87C6-7F165D78C11C} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CD53A98-87AB-44CE-8AB9-F47A4C68897E} - System32\Tasks\PC Performer => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {83A2220F-031D-4E6B-93F6-63028120B476} - System32\Tasks\PC Performer_UPDATES => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {99D546B7-304D-4321-A600-1C9DB414F713} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {C807222A-3809-41A1-B5EB-CE621F9BE417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F1A96772-4E0E-4102-A6E2-CFB46CB9A2E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {F6C63592-1E4C-4A23-8723-312FF58342D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-07-25 14:53 - 2011-10-25 17:56 - 00049152 _____ () C:\Windows\system32\CSRSRV.dll
2014-08-13 12:41 - 2010-01-28 13:57 - 00355688 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-07-08 06:01 - 2008-06-11 22:18 - 00120216 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2008-07-08 06:01 - 2008-06-11 22:18 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-07-08 06:01 - 2008-06-11 22:18 - 00345384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2008-08-04 01:02 - 2008-08-04 01:02 - 00036352 _____ () C:\Program Files\Winamp\winampa.exe
2011-06-18 20:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-07-08 06:55 - 2008-04-26 01:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe
2008-07-08 06:55 - 2007-11-15 01:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-07-08 06:48 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-07-08 06:07 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2014-08-13 14:08 - 2014-08-13 14:08 - 00050477 _____ () C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6S53WUC\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft Tun-Miniportadapter #2
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2014 02:12:07 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{aa6c1ff3-e938-11dd-908f-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (08/13/2014 02:12:07 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{aa6c1ff3-e938-11dd-908f-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (08/13/2014 02:12:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:12:04.683]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/13/2014 02:11:30 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:11:30.174]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/13/2014 02:10:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:10:55.665]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/13/2014 02:10:21 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:10:21.138]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/13/2014 02:09:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:09:46.635]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/13/2014 02:09:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:09:12.082]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/13/2014 02:08:37 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:08:37.579]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/13/2014 02:08:03 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:08:03.074]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error


System errors:
=============
Error: (08/13/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: avipbb%%31

Error: (08/13/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: avipbb
sptd
ssmdrv

Error: (08/13/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Avira AntiVir Guard

Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Update Lizardlink%%3

Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: MBAMServiceMBAMProtector%%31

Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMProtector%%31

Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: avgntflt%%31

Error: (08/13/2014 01:28:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMSwissArmy%%31

Error: (08/13/2014 01:28:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMSwissArmy%%31


Microsoft Office Sessions:
=========================
Error: (06/06/2013 03:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 531 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-13 13:55:08.747
  Description: N/A

  Date: 2014-08-13 13:55:08.407
  Description: N/A

  Date: 2014-08-13 13:55:08.057
  Description: N/A

  Date: 2014-08-13 13:55:07.667
  Description: N/A

  Date: 2014-08-13 13:55:07.087
  Description: N/A

  Date: 2014-08-13 13:55:06.647
  Description: N/A

  Date: 2014-08-13 13:55:06.107
  Description: N/A

  Date: 2014-08-13 13:55:05.587
  Description: N/A

  Date: 2014-08-13 13:54:35.489
  Description: N/A

  Date: 2014-08-13 13:54:35.079
  Description: N/A


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 1978.45 MB
Available physical RAM: 883.5 MB
Total Pagefile: 4198.16 MB
Available Pagefile: 2948.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289.1 GB) (Free:185.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8.98 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1163E3AD)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by Angie (administrator) on ANGIE-PC on 13-08-2014 14:11:16
Running from C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VGN50HB
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Winamp\winampa.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Exent Technologies Ltd.) C:\Program Files\FantastiGames\GPlayer.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Windows\Installer\{6DC9FE55-927B-3523-1E6E-BE9DFE17D1D4}\syshost.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(Wajam) C:\Program Files\Wajam\Updater\WajamUpdater.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
() C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6S53WUC\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\.DEFAULT\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.)
HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.)
HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.)
HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [OletAyuxm] => regsvr32.exe "C:\ProgramData\OletAyuxm.dat"
HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\MountPoints2: {6fe4f026-f5f2-11dd-a7c9-001f1656624b} - H:\Setup.exe
Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=112543&tt=120812_bandext_3312_5&babsrc=HP_ss&mntrId=5efdfc0400000000000000234e6026b1
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?affID=121240&tt=gc_170513_18210&babsrc=HP_ss&mntrId=5EFD00234E6026B1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
URLSearchHook: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
URLSearchHook: HKLM - appbarioDE Toolbar - {525ba996-1ce4-4677-91c5-9fc4ead2d245} - C:\Program Files\appbarioDE\prxtbappb.dll No File
URLSearchHook: HKCU - FroggyBoss Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>)
URLSearchHook: HKCU - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
URLSearchHook: HKCU - appbarioDE Toolbar - {525ba996-1ce4-4677-91c5-9fc4ead2d245} - C:\Program Files\appbarioDE\prxtbappb.dll No File
SearchScopes: HKLM - DefaultScope {6CCBCF51-EC11-4D0F-8671-A366CF72FB90} URL = 
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {29FA9B66-0816-48BC-9EBD-938CBC2903A4} URL = 
SearchScopes: HKLM - {2AD9BACB-2264-4A41-A318-6F1BDE25A2A7} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7273501263574128&q={searchTerms}
SearchScopes: HKLM - {D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN65847689334022286&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV=
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN65847689334022286&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121240&tt=gc_170513_18210&babsrc=SP_ss_wls&mntrId=5EFD00234E6026B1
SearchScopes: HKCU - {29FA9B66-0816-48BC-9EBD-938CBC2903A4} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN65847689334022286&UM=2
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7273501263574128&q={searchTerms}
SearchScopes: HKCU - {DCC31AE4-5661-401A-8268-5B2CB045F10D} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_deDE466
BHO: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} ->  No File
BHO: appbarioDE Toolbar -> {525ba996-1ce4-4677-91c5-9fc4ead2d245} -> C:\Program Files\appbarioDE\prxtbappb.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: MrFroggy Class -> {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} -> C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>)
BHO: FileConverter 1.3 B2 Toolbar -> {99a9c3ba-07f6-4699-bc81-65cab16e204b} -> C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
BHO: Speed Analysis 3 -> {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} -> C:\Program Files\Speed Analysis 3\ScriptHost.dll No File
BHO: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files\Minibar\Kango.dll (KangoExtensions)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Lizardlink -> {eb9e4cdf-b007-450c-b0af-b66467c3d6e0} -> C:\Program Files\Lizardlink\Lizardlinkbho.dll No File
BHO: 7Go Games -> {FF103732-4528-4322-AA8B-F7849AB7776B} -> C:\Program Files\7Go Games\ScriptHost.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.)
Toolbar: HKLM - appbarioDE Toolbar - {525ba996-1ce4-4677-91c5-9fc4ead2d245} - C:\Program Files\appbarioDE\prxtbappb.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - appbarioDE Toolbar - {525BA996-1CE4-4677-91C5-9FC4EAD2D245} - C:\Program Files\appbarioDE\prxtbappb.dll No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\FantastiGames\NPGameTreatPlugin.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-25]
FF HKLM\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF Extension: 7Go Games - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013-09-16]
FF HKLM\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
FF Extension: Speed Analysis 3 - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013-09-16]
FF HKCU\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF HKCU\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com

Chrome: 
=======
CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3312331&SearchSource=48&CUI=UN25533360282111013&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV=
CHR StartupUrls: "http:\/\/search.conduit.com\/?ctid=CT3312331&SearchSource=48&CUI=UN25533360282111013&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV="
CHR NewTab: "chrome-extension://kdneagjiboclldmglpjofpeipkbollcf/Search/NewTabPages/html/new_tab.html"
CHR Extension: (Google Search) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-21]
CHR Extension: (Avira Browser Safety) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-13]
CHR Extension: (7Go Games) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi [2013-09-16]
CHR Extension: (appbarioDE) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdneagjiboclldmglpjofpeipkbollcf [2013-09-16]
CHR Extension: (No Name) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbmpjbkgemhgalmeiigcdljkccfcafoj [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Gmail) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-21]
CHR Extension: (Extutil) - C:\Users\Angie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-08-13]
CHR Extension: (Managera) - C:\Users\Angie\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-08-13]
CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Angie\AppData\Roaming\7go\7go.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [jainjonnknhmbbkibcbmhihbopigapdm] - C:\Program Files\Lizardlink\jainjonnknhmbbkibcbmhihbopigapdm.crx [2013-07-30]
CHR HKLM\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28]
CHR HKLM\...\Chrome\Extension: [mbmpjbkgemhgalmeiigcdljkccfcafoj] - C:\Users\Angie\AppData\Roaming\SpeedAnalysis3\SpeedAnalysis.crx [2013-08-28]
CHR HKCU\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "5be5bf43b64694ac" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [135336 2010-02-24] (Avira GmbH)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267432 2010-04-01] (Avira GmbH)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 syshost32; C:\Windows\Installer\{6DC9FE55-927B-3523-1E6E-BE9DFE17D1D4}\syshost.exe [75776 2014-04-16] () [File not signed]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
R2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2013-04-04] (Wajam) [File not signed]
S2 Update Lizardlink; "C:\Program Files\Lizardlink\updateLizardlink.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\Windows\System32\drivers\acpi.sys [265688 2009-04-10] () [File not signed]
R0 adp94xx; C:\Windows\System32\drivers\adp94xx.sys [422968 2008-01-21] () [File not signed]
R0 adpahci; C:\Windows\System32\drivers\adpahci.sys [300600 2008-01-21] () [File not signed]
R0 adpu160m; C:\Windows\System32\drivers\adpu160m.sys [101432 2008-01-21] () [File not signed]
R0 adpu320; C:\Windows\System32\drivers\adpu320.sys [149560 2008-01-21] () [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2011-04-21] () [File not signed]
S3 agp440; C:\Windows\system32\drivers\agp440.sys [56376 2008-01-21] () [File not signed]
R0 aic78xx; C:\Windows\System32\drivers\djsvs.sys [71272 2006-11-02] () [File not signed]
R0 aliide; C:\Windows\System32\drivers\aliide.sys [17464 2008-01-21] () [File not signed]
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [57400 2008-01-21] () [File not signed]
R0 amdide; C:\Windows\System32\drivers\amdide.sys [17976 2008-01-21] () [File not signed]
S3 AmdK7; C:\Windows\system32\drivers\amdk7.sys [41472 2008-01-21] () [File not signed]
S3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [44032 2008-01-21] () [File not signed]
R0 arc; C:\Windows\System32\drivers\arc.sys [79416 2008-01-21] () [File not signed]
R0 arcsas; C:\Windows\System32\drivers\arcsas.sys [79928 2008-01-21] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17408 2008-01-21] () [File not signed]
R0 atapi; C:\Windows\System32\drivers\atapi.sys [19944 2009-04-10] () [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [1183744 2009-09-05] () [File not signed]
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [60936 2010-02-16] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [124784 2010-03-01] (Avira GmbH)
S3 BCM43XV; C:\Windows\System32\DRIVERS\bcmwl6.sys [464384 2006-11-02] () [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2008-01-21] () [File not signed]
S3 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45568 2008-01-21] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [13568 2006-11-02] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\brfiltup.sys [5248 2006-11-02] () [File not signed]
S3 Brserid; C:\Windows\system32\drivers\brserid.sys [71808 2006-11-02] () [File not signed]
S3 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [62336 2006-11-02] () [File not signed]
S3 BrUsbMdm; C:\Windows\system32\drivers\brusbmdm.sys [12160 2006-11-02] () [File not signed]
S3 BrUsbSer; C:\Windows\system32\drivers\brusbser.sys [11904 2006-11-02] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [39936 2006-11-02] () [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70144 2008-01-21] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [67072 2009-04-10] () [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [35328 2008-01-21] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] () [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14208 2008-01-21] () [File not signed]
R0 cmdide; C:\Windows\System32\drivers\cmdide.sys [19000 2008-01-21] () [File not signed]
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT32.sys [222208 2008-10-03] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [20792 2008-01-21] () [File not signed]
R0 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [24632 2008-01-21] () [File not signed]
S3 Crusoe; C:\Windows\system32\drivers\crusoe.sys [40960 2008-01-21] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [75264 2011-04-14] () [File not signed]
R0 disk; C:\Windows\System32\drivers\disk.sys [53736 2009-04-10] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2008-01-21] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [638336 2012-07-25] () [File not signed]
S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] () [File not signed]
R0 Ecache; C:\Windows\System32\drivers\ecache.sys [141288 2009-04-10] () [File not signed]
R0 elxstor; C:\Windows\System32\drivers\elxstor.sys [342584 2008-01-21] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [6656 2008-01-21] () [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [136704 2009-04-10] () [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [142848 2009-04-10] () [File not signed]
S3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2008-01-21] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58936 2008-01-21] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [27648 2008-01-21] () [File not signed]
S3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2008-01-21] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] () [File not signed]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
U1 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [12800 2012-02-29] () [File not signed]
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [61496 2008-01-21] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [235520 2006-11-02] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [561152 2009-04-10] () [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [29184 2006-11-02] () [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [21504 2006-11-02] () [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [12800 2009-04-10] () [File not signed]
R0 HpCISSs; C:\Windows\System32\drivers\hpcisss.sys [40504 2008-01-21] () [File not signed]
R3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [16768 2007-06-18] () [File not signed]
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [200704 2008-01-21] () [File not signed]
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [985600 2007-11-01] () [File not signed]
R3 HSXHWAZL; C:\Windows\System32\DRIVERS\HSXHWAZL.sys [208896 2007-11-01] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [411648 2010-02-20] () [File not signed]
R0 i2omp; C:\Windows\System32\drivers\i2omp.sys [30264 2008-01-21] () [File not signed]
R1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2008-01-21] () [File not signed]
R0 iaStorV; C:\Windows\System32\drivers\iastorv.sys [235064 2008-01-21] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9036800 2011-02-11] () [File not signed]
R0 iirsp; C:\Windows\System32\drivers\iirsp.sys [41576 2006-11-02] () [File not signed]
R3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [113664 2008-06-04] () [File not signed]
R0 intelide; C:\Windows\System32\drivers\intelide.sys [17976 2008-01-21] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [41472 2008-01-21] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [47616 2008-01-21] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [64512 2008-01-21] () [File not signed]
S3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [100864 2008-01-21] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13312 2008-01-21] () [File not signed]
R0 isapnp; C:\Windows\System32\drivers\isapnp.sys [49720 2008-01-21] () [File not signed]
R3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [180712 2009-04-10] () [File not signed]
R0 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [35944 2006-11-02] () [File not signed]
R0 iteraid; C:\Windows\System32\drivers\iteraid.sys [35944 2006-11-02] () [File not signed]
R1 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [35384 2008-01-21] () [File not signed]
S1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [17408 2009-04-10] () [File not signed]
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [440704 2012-06-04] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [47104 2008-01-21] () [File not signed]
R0 LSI_FC; C:\Windows\System32\drivers\lsi_fc.sys [96312 2008-01-21] () [File not signed]
R0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [89656 2008-01-21] () [File not signed]
R0 LSI_SCSI; C:\Windows\System32\drivers\lsi_scsi.sys [96312 2008-01-21] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [84480 2008-01-21] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] () [File not signed]
R0 megasas; C:\Windows\System32\drivers\megasas.sys [31288 2008-01-21] () [File not signed]
R0 MegaSR; C:\Windows\System32\drivers\megasr.sys [386616 2008-01-21] () [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2008-01-21] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [41984 2008-01-21] () [File not signed]
R1 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [34360 2008-01-21] () [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [15872 2008-01-21] () [File not signed]
R0 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [57400 2008-01-21] () [File not signed]
R0 mpio; C:\Windows\System32\drivers\mpio.sys [105016 2008-01-21] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [64000 2008-01-21] () [File not signed]
R0 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] () [File not signed]
R3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [114688 2009-04-10] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [106496 2011-04-29] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [214016 2011-07-06] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [79872 2011-04-29] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [27112 2009-04-10] () [File not signed]
R0 msdsm; C:\Windows\System32\drivers\msdsm.sys [94776 2008-01-21] () [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2008-01-21] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [16440 2008-01-21] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8192 2008-01-21] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2008-01-21] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2008-01-21] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [161752 2009-04-10] () [File not signed]
R3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [31288 2008-01-21] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6016 2008-01-21] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [48104 2009-04-10] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [148480 2009-04-10] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [527848 2009-04-10] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2008-01-21] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [16896 2008-01-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [121344 2009-04-10] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [49664 2008-01-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [35840 2008-01-21] () [File not signed]
R1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] () [File not signed]
R0 nfrd960; C:\Windows\System32\drivers\nfrd960.sys [45160 2006-11-02] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-04-10] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16384 2008-01-21] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-10] () [File not signed]
S3 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] () [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2008-01-21] () [File not signed]
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x32.sys [429056 2006-11-02] () [File not signed]
R0 nvraid; C:\Windows\System32\drivers\nvraid.sys [102968 2008-01-21] () [File not signed]
R0 nvstor; C:\Windows\System32\drivers\nvstor.sys [45112 2008-01-21] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [109112 2008-01-21] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62080 2006-11-02] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2006-11-02] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [53120 2012-03-21] () [File not signed]
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2006-11-02] () [File not signed]
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [149480 2009-04-10] () [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [16440 2008-01-21] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [167528 2006-11-02] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [878080 2006-11-02] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [62976 2008-01-21] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [40960 2008-01-21] () [File not signed]
R1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [72192 2009-04-10] () [File not signed]
R0 ql2300; C:\Windows\System32\drivers\ql2300.sys [1122360 2008-01-21] () [File not signed]
R0 ql40xx; C:\Windows\System32\drivers\ql40xx.sys [106088 2006-11-02] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2008-01-21] () [File not signed]
R1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2008-01-21] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [76288 2008-01-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2009-04-10] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [69120 2009-04-10] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [225280 2009-04-10] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2008-01-21] () [File not signed]
S3 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [248832 2008-01-21] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2008-01-21] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [180736 2012-05-01] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2008-01-21] () [File not signed]
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [123904 2008-06-10] () [File not signed]
R3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [62464 2008-06-05] () [File not signed]
R0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [76392 2006-11-02] () [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2006-11-02] () [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2006-11-02] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2006-11-02] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2008-01-21] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [13312 2008-01-21] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2008-01-21] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [11776 2008-01-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13312 2006-11-02] () [File not signed]
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [55864 2008-01-21] () [File not signed]
R0 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [41016 2008-01-21] () [File not signed]
R0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [74808 2008-01-21] () [File not signed]
R1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66560 2009-04-10] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [21048 2008-01-21] () [File not signed]
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-02-08] (Duplex Secure Ltd.)
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [305152 2011-02-18] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [102400 2011-04-29] () [File not signed]
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
R3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [9216 2008-01-21] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [15288 2008-01-21] () [File not signed]
R0 Symc8xx; C:\Windows\System32\drivers\symc8xx.sys [35944 2006-11-02] () [File not signed]
R0 Sym_hi; C:\Windows\System32\drivers\sym_hi.sys [31848 2006-11-02] () [File not signed]
R0 Sym_u3; C:\Windows\System32\drivers\sym_u3.sys [34920 2006-11-02] () [File not signed]
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [199344 2008-04-17] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [905600 2012-03-30] () [File not signed]
S3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [905600 2012-03-30] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [30720 2009-12-08] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2008-01-21] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29184 2008-01-21] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [72192 2009-04-10] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [53224 2009-04-10] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [23552 2008-01-21] () [File not signed]
R3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [15360 2008-01-21] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [25088 2010-02-18] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [59448 2008-01-21] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [226816 2009-04-10] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [60984 2008-01-21] () [File not signed]
R0 uliahci; C:\Windows\System32\drivers\uliahci.sys [238648 2008-01-21] () [File not signed]
R0 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] () [File not signed]
R0 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2008-01-21] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2008-01-21] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2008-01-21] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2009-04-10] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [196096 2009-04-10] () [File not signed]
S3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [19456 2008-01-21] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [18944 2008-01-21] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2008-01-21] () [File not signed]
S3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [28160 2008-01-21] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [65536 2009-04-10] () [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [23552 2008-01-21] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [134016 2008-01-21] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2008-01-21] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2008-01-21] () [File not signed]
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [56888 2008-01-21] () [File not signed]
S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [41472 2008-01-21] () [File not signed]
R0 viaide; C:\Windows\System32\drivers\viaide.sys [20024 2008-01-21] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [52792 2008-01-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [292840 2009-04-10] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [226280 2009-04-10] () [File not signed]
R0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [130616 2008-01-21] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] () [File not signed]
S3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] () [File not signed]
R0 Wd; C:\Windows\System32\drivers\wd.sys [22072 2008-01-21] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] () [File not signed]
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 2007-11-01] () [File not signed]
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2008-01-21] () [File not signed]
S3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [40448 2009-10-01] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2008-01-21] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2009-07-14] () [File not signed]
R2 X6XSEx_Pr143; C:\Program Files\FantastiGames\X6XSEx_Pr143.Sys [47432 2012-08-02] () [File not signed]
R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8704 2007-10-18] () [File not signed]
U5 5be5bf43b64694ac; C:\Windows\System32\Drivers\5be5bf43b64694ac.sys [57856 2014-04-16] () <===== ATTENTION Necurs Rootkit?
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28216 2008-01-21] () [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 14:08 - 2014-08-13 14:09 - 00004704 _____ () C:\Users\Angie\Desktop\defogger_disable.log
2014-08-13 14:08 - 2014-08-13 14:09 - 00000020 _____ () C:\Users\Angie\defogger_reenable
2014-08-13 13:54 - 2014-08-13 14:11 - 00000000 ____D () C:\FRST
2014-08-13 13:28 - 2014-08-13 13:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 13:28 - 2014-08-13 13:28 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-13 13:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-13 13:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-13 13:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-13 13:01 - 2014-08-13 13:01 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Angie\Downloads\avira_de_av___ws.exe
2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira
2014-08-13 12:42 - 2014-08-13 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-13 12:41 - 2014-08-13 13:19 - 00000000 ____D () C:\ProgramData\Avira
2014-08-13 12:41 - 2014-08-13 13:18 - 00000000 ____D () C:\Program Files\Avira
2014-08-13 12:41 - 2010-03-01 10:05 - 00124784 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys
2014-08-13 12:41 - 2010-02-16 14:24 - 00060936 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-13 12:41 - 2009-05-11 12:49 - 00051992 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntdd.sys
2014-08-13 12:41 - 2009-05-11 12:49 - 00017016 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntmgr.sys
2014-08-13 12:41 - 2009-05-11 10:12 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-02 09:56 - 2014-08-13 12:55 - 00000000 ____D () C:\ProgramData\UstuWogu
2014-08-02 09:55 - 2014-08-13 12:55 - 00000000 ____D () C:\ProgramData\UskiTqop

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 14:11 - 2014-08-13 13:54 - 00000000 ____D () C:\FRST
2014-08-13 14:09 - 2014-08-13 14:08 - 00004704 _____ () C:\Users\Angie\Desktop\defogger_disable.log
2014-08-13 14:09 - 2014-08-13 14:08 - 00000020 _____ () C:\Users\Angie\defogger_reenable
2014-08-13 14:08 - 2009-01-23 13:29 - 00000000 ____D () C:\Users\Angie
2014-08-13 13:51 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 13:51 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 13:49 - 2008-12-04 01:32 - 00000286 _____ () C:\Users\Public\Documents\hpqp.ini
2014-08-13 13:46 - 2010-02-12 22:42 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 13:46 - 2008-01-21 04:47 - 00212242 _____ () C:\Windows\PFRO.log
2014-08-13 13:46 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 13:45 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 13:41 - 2010-02-12 22:42 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 13:31 - 2013-04-14 10:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 13:28 - 2014-08-13 13:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 13:28 - 2014-08-13 13:28 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-13 13:28 - 2012-07-24 20:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 13:27 - 2013-10-20 12:08 - 00000000 ____D () C:\SearchProtect
2014-08-13 13:19 - 2014-08-13 12:41 - 00000000 ____D () C:\ProgramData\Avira
2014-08-13 13:18 - 2014-08-13 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-13 13:18 - 2014-08-13 12:41 - 00000000 ____D () C:\Program Files\Avira
2014-08-13 13:18 - 2008-12-04 00:43 - 01058835 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 13:13 - 2014-07-10 20:48 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-13 13:09 - 2009-02-12 21:18 - 00000680 _____ () C:\Users\Angie\AppData\Local\d3d9caps.dat
2014-08-13 13:02 - 2013-09-16 21:20 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Mozilla
2014-08-13 13:01 - 2014-08-13 13:01 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Angie\Downloads\avira_de_av___ws.exe
2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira
2014-08-13 12:56 - 2014-06-07 08:44 - 00230236 _____ (Microsoft Corporation) C:\ProgramData\OletAyuxm.dat
2014-08-13 12:55 - 2014-08-02 09:56 - 00000000 ____D () C:\ProgramData\UstuWogu
2014-08-13 12:55 - 2014-08-02 09:55 - 00000000 ____D () C:\ProgramData\UskiTqop
2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 21:37 - 2006-11-02 12:33 - 01453910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 15:01 - 2013-09-16 21:21 - 00000264 _____ () C:\Windows\Tasks\PC Performer_DEFAULT.job

Files to move or delete:
====================
C:\ProgramData\OletAyuxm.dat


Some content of TEMP:
====================
C:\Users\Angie\AppData\Local\Temp\BackupSetup.exe
C:\Users\Angie\AppData\Local\Temp\csrss.exe
C:\Users\Angie\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\Angie\AppData\Local\Temp\eTypeSetup.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\Angie\AppData\Local\Temp\HPQSi.exe
C:\Users\Angie\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Angie\AppData\Local\Temp\installhelper.dll
C:\Users\Angie\AppData\Local\Temp\jre-6u11-windows-i586-p-iftw_196cf524.exe
C:\Users\Angie\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Angie\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Angie\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Angie\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Angie\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Angie\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Angie\AppData\Local\Temp\minibar-master-v1.exe
C:\Users\Angie\AppData\Local\Temp\MyBabylonTB_google_20120807.exe
C:\Users\Angie\AppData\Local\Temp\NEventMessages.dll
C:\Users\Angie\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Angie\AppData\Local\Temp\nsd6DE2.exe
C:\Users\Angie\AppData\Local\Temp\nso31BD.exe
C:\Users\Angie\AppData\Local\Temp\nsy409E.exe
C:\Users\Angie\AppData\Local\Temp\nsyDF1E.exe
C:\Users\Angie\AppData\Local\Temp\nsz3D71.exe
C:\Users\Angie\AppData\Local\Temp\ose00000.exe
C:\Users\Angie\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Angie\AppData\Local\Temp\setup.exe
C:\Users\Angie\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Angie\AppData\Local\Temp\SPSetup.exe
C:\Users\Angie\AppData\Local\Temp\SPStub.exe
C:\Users\Angie\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Angie\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Angie\AppData\Local\Temp\uninst1.exe
C:\Users\Angie\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Angie\AppData\Local\Temp\zzhEC53.exe
C:\Users\Angie\AppData\Local\Temp\_isCA22.exe
C:\Users\Angie\AppData\Local\Temp\?odec Performer803975.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2012-07-25 12:24] - [2009-04-10 23:32] - 0226280 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



LastRegBack: 2014-08-13 13:54

==================== End Of Log ============================
         
--- --- ---



MBAM-Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.24.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Angie :: ANGIE-PC [Administrator]

Schutz: Aktiviert

24.07.2012 20:05:40
mbam-log-2012-07-24 (20-05-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 186950
Laufzeit: 6 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

defogger_disable.txt:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:08 on 13/08/2014 (Angie)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read 5be5bf43b64694ac.sys
Unable to read SISAGP.SYS
Unable to read sisraid2.sys
Unable to read sisraid4.sys
Unable to read smb.sys
Unable to read smclib.sys
Unable to read spldr.sys
Unable to read spsys.sys
Unable to read srv.sys
Unable to read srv2.sys
Unable to read srvnet.sys
Unable to read StarOpen.sys
Unable to read Storport.sys
Unable to read swenum.sys
Unable to read symc8xx.sys
Unable to read sym_hi.sys
Unable to read sym_u3.sys
Unable to read SynTP.sys
Unable to read tape.sys
Unable to read tcpip.sys
Unable to read tcpipreg.sys
Unable to read tdi.sys
Unable to read tdpipe.sys
Unable to read tdtcp.sys
Unable to read tdx.sys
Unable to read termdd.sys
Unable to read tssecsrv.sys
Unable to read TUNMP.SYS
Unable to read tunnel.sys
Unable to read UAGP35.SYS
Unable to read udfs.sys
Unable to read ULIAGPKX.SYS
Unable to read uliahci.sys
Unable to read ulsata.sys
Unable to read ulsata2.sys
Unable to read umbus.sys
Unable to read umpass.sys
Unable to read usb8023.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read usbscan.sys
Unable to read usbser.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read usbvideo.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vsmraid.sys
Unable to read VSTAZL3.SYS
Unable to read VSTCNXT3.SYS
Unable to read VSTDPV3.SYS
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read WpdUsb.sys
Unable to read ws2ifsl.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys
Unable to read XAudio.sys
SPTD -> Disabled

-=E.O.F=-
         
Gmer.txt:
kein Inhalt, da nur Systemfehler beim Start

Geändert von xvolt (13.08.2014 um 13:32 Uhr)

Alt 13.08.2014, 13:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)



hi,

Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 13.08.2014, 16:53   #3
xvolt
 
WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)



Hallo schrauber,

tausend Dank dass du mir hilfst.

Beim Revo Uninstaller konnte ich nur Avira deinstallieren.
Der Windows Defender wird nicht als installiertes Programm angezeigt.


Hier der Inhalt nach FRST Fix:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by Angie at 2014-08-13 15:25:51 Run:1
Running from C:\Users\Angie\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
         
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         
Soll ich ComboFix ausführen?

Gruss
xvolt

Hier nun das Combofix-Log:

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 14-08-12.01 - Angie 13.08.2014  15:44:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1978.1005 [GMT 2:00]
ausgeführt von:: c:\users\Angie\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Minibar\FrOGgy.dll
c:\program files\Minibar\KaNGo.dll
c:\program files\Minibar\MiNIbarbutton.dll
c:\programdata\OletAyuxm.dat
c:\users\Angie\AppData\Local\Minibar
c:\users\Angie\AppData\Local\Minibar\chrome\background.html
c:\users\Angie\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Angie\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Angie\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Angie\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Angie\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Angie\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Angie\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Angie\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Angie\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Angie\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Angie\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Angie\AppData\Local\Minibar\chrome\main.js
c:\users\Angie\AppData\Local\Minibar\chrome\manifest.json
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Angie\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Angie\AppData\Local\Minibar\chrome\popup.html
c:\users\Angie\AppData\Local\Minibar\chrome\popup.js
c:\users\Angie\AppData\Local\Minibar\chrome\tab.html
c:\users\Angie\AppData\Local\Minibar\chrome\tab.js
c:\users\Angie\AppData\Local\Minibar\chrome_installer.js
c:\users\Angie\AppData\Local\Minibar\common.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome.manifest
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\cached_http_request.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\content.xul
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\extension_info.json
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\main.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\config.json
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
c:\users\Angie\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
c:\users\Angie\AppData\Local\Minibar\firefox\install.rdf
c:\users\Angie\AppData\Local\Minibar\firefox_installer.js
c:\users\Angie\AppData\Local\Minibar\ie_installer.js
c:\users\Angie\AppData\Local\Minibar\install.json
c:\users\Angie\AppData\Local\Minibar\minibar.crx
c:\users\Angie\AppData\Local\Minibar\minibar.xpi
c:\users\Angie\AppData\Local\Minibar\sqlite3.exe
c:\users\Angie\AppData\Local\Minibar\Uninstall.exe
c:\users\Angie\AppData\Roaming\7go
c:\users\Angie\AppData\Roaming\7go\7go.crx
c:\users\Angie\AppData\Roaming\7go\icon.ico
c:\windows\system32\drivers\5be5bf43b64694ac.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Run
-------\Service_syshost32
-------\Legacy_5be5bf43b64694ac
-------\Service_5be5bf43b64694ac
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-13 bis 2014-08-13  ))))))))))))))))))))))))))))))
.
.
2014-08-13 13:55 . 2014-08-13 13:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-13 13:09 . 2014-08-13 13:09	--------	d-----w-	c:\program files\VS Revo Group
2014-08-13 11:54 . 2014-08-13 13:25	--------	d-----w-	C:\FRST
2014-08-13 10:59 . 2014-08-13 10:59	--------	d-----w-	c:\users\Angie\AppData\Roaming\Avira
2014-08-13 10:41 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-08-13 10:41 . 2010-02-16 12:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-08-13 10:41 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2014-08-13 10:41 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2014-08-13 10:41 . 2014-08-13 11:19	--------	d-----w-	c:\programdata\Avira
2014-08-13 10:41 . 2014-08-13 11:18	--------	d-----w-	c:\program files\Avira
2014-08-02 07:56 . 2014-08-13 10:55	--------	d-----w-	c:\programdata\UstuWogu
2014-08-02 07:55 . 2014-08-13 10:55	--------	d-----w-	c:\programdata\UskiTqop
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 11:13 . 2014-07-10 18:48	18872	----a-w-	c:\windows\system32\drivers\SPPD.sys
2014-07-12 06:32 . 2013-04-14 08:16	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-12 06:32 . 2013-04-14 08:16	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-07-12 06:32 . 2014-07-12 06:32	10603008	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{99a9c3ba-07f6-4699-bc81-65cab16e204b}"= "c:\program files\FileConverter_1.3_B2\prxtbFile.dll" [2013-03-05 231168]
.
[HKEY_CLASSES_ROOT\clsid\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
2013-03-05 12:37	231168	----a-w-	c:\program files\FileConverter_1.3_B2\prxtbFile.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99a9c3ba-07f6-4699-bc81-65cab16e204b}"= "c:\program files\FileConverter_1.3_B2\prxtbFile.dll" [2013-03-05 231168]
.
[HKEY_CLASSES_ROOT\clsid\{99a9c3ba-07f6-4699-bc81-65cab16e204b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-11 39408]
"Exetender"="c:\program files\FantastiGames\GPlayer.exe" [2012-12-04 4936152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\FantastiGames\GPlayer.exe" [2012-12-04 4936152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1332518490-556231238-1997960668-1000]
"EnableNotificationsRef"=dword:00000002
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 06:41	1104200	----a-w-	c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 06:32]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 20:41]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 20:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{525ba996-1ce4-4677-91c5-9fc4ead2d245} - c:\program files\appbarioDE\prxtbappb.dll
BHO-{525ba996-1ce4-4677-91c5-9fc4ead2d245} - c:\program files\appbarioDE\prxtbappb.dll
Toolbar-10 - (no file)
Toolbar-{525ba996-1ce4-4677-91c5-9fc4ead2d245} - c:\program files\appbarioDE\prxtbappb.dll
WebBrowser-{525BA996-1CE4-4677-91C5-9FC4EAD2D245} - c:\program files\appbarioDE\prxtbappb.dll
HKCU-Run-OletAyuxm - c:\programdata\OletAyuxm.dat
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-7go - c:\program files\7go\uninst.exe
AddRemove-7Go Games - c:\program files\7Go Games\uninstall.exe
AddRemove-PC Performer_is1 - c:\program files\PC Performer\unins000.exe
AddRemove-Speed Analysis 3 - c:\program files\Speed Analysis 3\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-08-13 16:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{99A9C3BA-07F6-4699-BC81-65CAB16E204B}"=hex:51,66,7a,6c,4c,1d,38,12,d4,c0,ba,
   9d,c4,49,f7,03,c3,97,26,8a,b4,30,64,5f
"{525BA996-1CE4-4677-91C5-9FC4EAD2D245}"=hex:51,66,7a,6c,4c,1d,38,12,f8,aa,48,
   56,d6,52,19,03,ee,d3,dc,84,ef,8c,96,51
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
   0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}"=hex:51,66,7a,6c,4c,1d,38,12,db,11,7d,
   81,e5,6c,4c,0b,e5,dc,a9,da,05,d3,92,4f
"{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}"=hex:51,66,7a,6c,4c,1d,38,12,92,62,71,
   a2,1c,f6,a9,0b,e0,7b,81,b3,6e,d9,59,e4
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
   a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AA74D58F-ACD0-450D-A85E-6C04B171C044}"=hex:51,66,7a,6c,4c,1d,38,12,e1,d6,67,
   ae,e2,e2,63,00,d7,48,2f,44,b4,2f,84,50
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EB9E4CDF-B007-450C-B0AF-B66467C3D6E0}"=hex:51,66,7a,6c,4c,1d,38,12,b1,4f,8d,
   ef,35,fe,62,00,cf,b9,f5,24,62,9d,92,f4
"{FF103732-4528-4322-AA8B-F7849AB7776B}"=hex:51,66,7a,6c,4c,1d,38,12,5c,34,03,
   fb,1a,0b,4c,06,d5,9d,b4,c4,9f,e9,33,7f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:20,82,89,dc,5d,6c,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,51,a9,d3,6a,5d,8d,4a,b2,0c,42,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\conime.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Tbccint\ToolbarService\ToolbarService.exe
c:\program files\Wajam\Updater\WajamUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\regsvr32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Browny02\BrYNSvc.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-13  16:06:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-13 14:06
.
Vor Suchlauf: 12 Verzeichnis(se), 201.077.706.752 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 202.577.977.344 Bytes frei
.
- - End Of File - - 31A670EE8E5E7BE6E36CF5CF87AD79BD
         
--- --- --- 85D751F0E41B8E520AEE8C07A8DA777B
__________________

Alt 14.08.2014, 12:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.08.2014, 14:17   #5
xvolt
 
WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)



Hi

hier nun die Logs

mbam.txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.08.2014
Suchlauf-Zeit: 14:05:11
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.14.04
Rootkit Datenbank: v2014.08.04.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Angie

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 319987
Verstrichene Zeit: 11 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         


AdwCleaner[S1].txt:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.305 - Bericht erstellt am 14/08/2014 um 14:23:25
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Angie - ANGIE-PC
# Gestartet von : C:\Users\Angie\Desktop\adwcleaner_3.305.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [7go@7go.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\5e53888de26fec45
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DSNR Labs
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Minibar
Schlüssel Gelöscht : HKCU\Software\PerformerSoft
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\LayoutsExpress
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Performer_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Speed Analysis 3
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16447


-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [15342 octets] - [14/08/2014 13:02:48]
AdwCleaner[R1].txt - [2837 octets] - [14/08/2014 14:22:13]
AdwCleaner[S0].txt - [15299 octets] - [14/08/2014 13:04:44]
AdwCleaner[S1].txt - [2728 octets] - [14/08/2014 14:23:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2788 octets] ##########
         
--- --- ---



JRT.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Angie on 14.08.2014 at 14:54:28,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Angie\start menu\programs\browser manager"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2014 at 15:01:01,89
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by Angie (administrator) on ANGIE-PC on 14-08-2014 15:02:07
Running from C:\Users\Angie\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Winamp\winampa.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.)
Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]
CHR HKLM\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28]
CHR HKCU\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-14] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-14] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-14] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [60936 2010-02-16] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [124784 2010-03-01] (Avira GmbH)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-02-08] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Angie\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 15:02 - 2014-08-14 15:02 - 00000000 ____D () C:\FRST
2014-08-14 15:01 - 2014-08-14 15:01 - 00000746 _____ () C:\Users\Angie\Desktop\JRT.txt
2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 14:28 - 2014-08-14 14:28 - 00002868 _____ () C:\Users\Angie\Desktop\AdwCleaner[S1].txt
2014-08-14 14:21 - 2014-08-14 14:21 - 01016261 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe
2014-08-14 14:20 - 2014-08-14 14:20 - 01356107 _____ () C:\Users\Angie\Desktop\adwcleaner_3.305.exe
2014-08-14 14:18 - 2014-08-14 14:18 - 00001161 _____ () C:\Users\Angie\Desktop\mbam.txt
2014-08-14 14:03 - 2014-08-14 14:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 14:03 - 2014-08-14 14:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-14 14:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 14:03 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 14:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 13:35 - 2014-08-14 13:35 - 00013519 _____ () C:\ComboFix.txt
2014-08-14 13:18 - 2014-08-14 13:35 - 00000000 ____D () C:\ComboFix
2014-08-14 13:17 - 2014-08-14 13:35 - 00000000 ____D () C:\Qoobox
2014-08-14 13:06 - 2014-08-14 13:06 - 00008224 _____ () C:\Users\jv\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 13:02 - 2014-08-14 14:23 - 00000000 ____D () C:\AdwCleaner
2014-08-14 12:24 - 2014-08-14 12:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 12:17 - 2014-08-14 13:01 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Google
2014-08-14 12:17 - 2014-08-14 12:18 - 00000000 ____D () C:\Users\jv\AppData\Local\Google
2014-08-14 12:05 - 2014-08-14 12:05 - 00004608 _____ () C:\Users\jv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-14 12:04 - 2014-08-14 12:04 - 00000949 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Macromedia
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\AVAST Software
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Adobe
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\QSwitch.txt
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\DSwitch.txt
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\AtStart.txt
2014-08-14 12:03 - 2014-08-14 13:10 - 00000944 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-14 12:03 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv
2014-08-14 12:03 - 2014-08-14 12:03 - 00000915 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-14 12:03 - 2014-08-14 12:03 - 00000020 ___SH () C:\Users\jv\ntuser.ini
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Startmenü
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Netzwerkumgebung
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Druckumgebung
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Musik
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Bilder
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Local\Verlauf
2014-08-14 12:03 - 2008-12-04 01:30 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-08-14 12:03 - 2008-12-04 01:28 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-08-14 12:03 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-14 12:03 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-14 10:55 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\AVAST Software
2014-08-14 10:54 - 2014-08-14 10:54 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-14 10:54 - 2014-08-14 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-14 10:52 - 2014-08-14 10:54 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-14 10:52 - 2014-08-14 10:51 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 10:51 - 2014-08-14 10:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 10:50 - 2014-08-14 10:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-14 10:47 - 2014-08-14 10:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-14 10:47 - 2014-08-14 10:47 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\qswlqhwk.sys
2014-08-14 10:43 - 2014-08-14 10:47 - 91906368 _____ (AVAST Software) C:\Users\Angie\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-08-14 10:06 - 2014-08-14 10:08 - 00025527 _____ () C:\Users\Angie\Downloads\Addition.txt
2014-08-14 10:03 - 2014-08-14 15:02 - 00013308 _____ () C:\Users\Angie\Downloads\FRST.txt
2014-08-14 09:29 - 2014-08-14 13:42 - 24017152 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\mpas-fe.exe
2014-08-13 15:42 - 2014-08-13 16:05 - 00000000 ____D () C:\Windows\erdnt
2014-08-13 15:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-13 15:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-13 15:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-13 15:30 - 2014-08-14 13:15 - 05571579 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe
2014-08-13 15:29 - 2014-08-13 15:41 - 05569662 ____R (Swearware) C:\Users\Angie\Downloads\ComboFix.exe
2014-08-13 15:25 - 2014-08-13 15:25 - 01092096 _____ (Farbar) C:\Users\Angie\Downloads\FRST.exe
2014-08-13 15:09 - 2014-08-14 12:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-13 15:08 - 2014-08-13 15:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angie\Downloads\revosetup95.exe
2014-08-13 14:13 - 2014-08-13 14:15 - 00380416 _____ () C:\Users\Angie\Downloads\Gmer-19357.exe
2014-08-13 14:08 - 2014-08-13 14:09 - 00000020 _____ () C:\Users\Angie\defogger_reenable
2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira
2014-08-13 12:42 - 2014-08-14 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-13 12:41 - 2014-08-14 10:24 - 00000000 ____D () C:\Program Files\Avira
2014-08-13 12:41 - 2014-08-14 09:57 - 00000000 ____D () C:\ProgramData\Avira
2014-08-13 12:41 - 2010-03-01 10:05 - 00124784 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys
2014-08-13 12:41 - 2010-02-16 14:24 - 00060936 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-13 12:41 - 2009-05-11 12:49 - 00051992 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntdd.sys
2014-08-13 12:41 - 2009-05-11 12:49 - 00017016 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntmgr.sys
2014-08-13 12:41 - 2009-05-11 10:12 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 15:02 - 2014-08-14 15:02 - 00000000 ____D () C:\FRST
2014-08-14 15:02 - 2014-08-14 10:03 - 00013308 _____ () C:\Users\Angie\Downloads\FRST.txt
2014-08-14 15:01 - 2014-08-14 15:01 - 00000746 _____ () C:\Users\Angie\Desktop\JRT.txt
2014-08-14 14:54 - 2014-08-14 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 14:54 - 2008-12-04 01:32 - 00000286 _____ () C:\Users\Public\Documents\hpqp.ini
2014-08-14 14:54 - 2008-12-04 00:43 - 01153192 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 14:53 - 2010-02-12 22:42 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 14:50 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 14:50 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 14:50 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 14:49 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 14:41 - 2010-02-12 22:42 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 14:31 - 2013-04-14 10:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-14 14:28 - 2014-08-14 14:28 - 00002868 _____ () C:\Users\Angie\Desktop\AdwCleaner[S1].txt
2014-08-14 14:24 - 2008-01-21 04:47 - 00568532 _____ () C:\Windows\PFRO.log
2014-08-14 14:23 - 2014-08-14 13:02 - 00000000 ____D () C:\AdwCleaner
2014-08-14 14:21 - 2014-08-14 14:21 - 01016261 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe
2014-08-14 14:20 - 2014-08-14 14:20 - 01356107 _____ () C:\Users\Angie\Desktop\adwcleaner_3.305.exe
2014-08-14 14:18 - 2014-08-14 14:18 - 00001161 _____ () C:\Users\Angie\Desktop\mbam.txt
2014-08-14 14:03 - 2014-08-14 14:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-14 13:42 - 2014-08-14 09:29 - 24017152 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\mpas-fe.exe
2014-08-14 13:35 - 2014-08-14 13:35 - 00013519 _____ () C:\ComboFix.txt
2014-08-14 13:35 - 2014-08-14 13:18 - 00000000 ____D () C:\ComboFix
2014-08-14 13:35 - 2014-08-14 13:17 - 00000000 ____D () C:\Qoobox
2014-08-14 13:32 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-14 13:21 - 2009-01-23 13:36 - 00000944 _____ () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-14 13:15 - 2014-08-13 15:30 - 05571579 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe
2014-08-14 13:10 - 2014-08-14 12:03 - 00000944 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-14 13:06 - 2014-08-14 13:06 - 00008224 _____ () C:\Users\jv\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 13:06 - 2012-08-13 11:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-14 13:01 - 2014-08-14 12:17 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Google
2014-08-14 12:59 - 2014-08-13 15:09 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-14 12:24 - 2014-08-14 12:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 12:18 - 2014-08-14 12:17 - 00000000 ____D () C:\Users\jv\AppData\Local\Google
2014-08-14 12:05 - 2014-08-14 12:05 - 00004608 _____ () C:\Users\jv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-14 12:04 - 2014-08-14 12:04 - 00000949 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Macromedia
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\AVAST Software
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Adobe
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\QSwitch.txt
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\DSwitch.txt
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\AtStart.txt
2014-08-14 12:04 - 2014-08-14 12:03 - 00000000 ____D () C:\Users\jv
2014-08-14 12:03 - 2014-08-14 12:03 - 00000915 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-14 12:03 - 2014-08-14 12:03 - 00000020 ___SH () C:\Users\jv\ntuser.ini
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Startmenü
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Netzwerkumgebung
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Druckumgebung
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Musik
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Bilder
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Local\Verlauf
2014-08-14 10:58 - 2009-01-23 15:15 - 00000000 ____D () C:\Users\Angie\AppData\Local\Google
2014-08-14 10:58 - 2009-01-23 15:15 - 00000000 ____D () C:\Program Files\Google
2014-08-14 10:58 - 2009-01-23 13:36 - 00000949 _____ () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-14 10:55 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\AVAST Software
2014-08-14 10:54 - 2014-08-14 10:54 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-14 10:54 - 2014-08-14 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-14 10:54 - 2014-08-14 10:52 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-14 10:51 - 2014-08-14 10:52 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 10:51 - 2014-08-14 10:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 10:50 - 2014-08-14 10:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-14 10:50 - 2014-08-14 10:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-14 10:47 - 2014-08-14 10:47 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\qswlqhwk.sys
2014-08-14 10:47 - 2014-08-14 10:43 - 91906368 _____ (AVAST Software) C:\Users\Angie\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-08-14 10:24 - 2014-08-13 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-14 10:24 - 2014-08-13 12:41 - 00000000 ____D () C:\Program Files\Avira
2014-08-14 10:08 - 2014-08-14 10:06 - 00025527 _____ () C:\Users\Angie\Downloads\Addition.txt
2014-08-14 09:57 - 2014-08-13 12:41 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 09:20 - 2008-07-08 05:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-14 08:48 - 2009-02-12 21:18 - 00000680 _____ () C:\Users\Angie\AppData\Local\d3d9caps.dat
2014-08-13 16:07 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-08-13 16:06 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-08-13 16:05 - 2014-08-13 15:42 - 00000000 ____D () C:\Windows\erdnt
2014-08-13 15:58 - 2006-11-02 12:22 - 44826624 _____ () C:\Windows\system32\config\software.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 42467328 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 19922944 _____ () C:\Windows\system32\config\system.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-13 15:41 - 2014-08-13 15:29 - 05569662 ____R (Swearware) C:\Users\Angie\Downloads\ComboFix.exe
2014-08-13 15:25 - 2014-08-13 15:25 - 01092096 _____ (Farbar) C:\Users\Angie\Downloads\FRST.exe
2014-08-13 15:08 - 2014-08-13 15:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angie\Downloads\revosetup95.exe
2014-08-13 14:15 - 2014-08-13 14:13 - 00380416 _____ () C:\Users\Angie\Downloads\Gmer-19357.exe
2014-08-13 14:09 - 2014-08-13 14:08 - 00000020 _____ () C:\Users\Angie\defogger_reenable
2014-08-13 14:08 - 2009-01-23 13:29 - 00000000 ____D () C:\Users\Angie
2014-08-13 13:13 - 2014-07-10 20:48 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-13 13:02 - 2013-09-16 21:20 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Mozilla
2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira
2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-05 09:20 - 2009-10-07 08:42 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 21:37 - 2006-11-02 12:33 - 01453910 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Angie\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-14 14:58

==================== End Of Log ============================
         
--- --- ---




Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Angie at 2014-08-14 15:02:57
Running from C:\Users\Angie\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVIConverter 5.1.6 (HKLM\...\AVIConverter) (Version: 5.1.6 - )
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version:  - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}) (Version: 2.0.9.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.40 F1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 F1 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{340F521E-3576-4E1A-B75C-EB0ACF751379}) (Version: 3.00 J1 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software  1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
PC Connectivity Solution (HKLM\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent)
Winamp (HKLM\...\Winamp) (Version: 5.541  - Nullsoft, Inc)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1332518490-556231238-1997960668-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-03-2014 17:40:55 Geplanter Prüfpunkt
09-03-2014 10:09:43 Geplanter Prüfpunkt
12-03-2014 09:30:26 Geplanter Prüfpunkt
20-03-2014 16:13:12 Geplanter Prüfpunkt
22-03-2014 11:12:10 Geplanter Prüfpunkt
23-03-2014 12:13:47 Geplanter Prüfpunkt
24-03-2014 16:11:20 Geplanter Prüfpunkt
26-03-2014 17:19:41 Geplanter Prüfpunkt
31-03-2014 15:45:37 Geplanter Prüfpunkt
01-04-2014 15:21:27 Geplanter Prüfpunkt
06-04-2014 10:39:52 Geplanter Prüfpunkt
11-04-2014 18:08:28 Geplanter Prüfpunkt
12-04-2014 09:05:09 Geplanter Prüfpunkt
13-04-2014 10:18:23 Geplanter Prüfpunkt
21-04-2014 08:39:04 Geplanter Prüfpunkt
07-05-2014 16:32:25 Geplanter Prüfpunkt
09-05-2014 14:37:34 Geplanter Prüfpunkt
10-05-2014 15:25:24 Geplanter Prüfpunkt
11-05-2014 09:05:00 Geplanter Prüfpunkt
19-06-2014 07:26:31 Geplanter Prüfpunkt
13-08-2014 10:40:51 Avira AntiVir Personal - 13.08.2014 12:39
13-08-2014 13:14:32 Revo Uninstaller's restore point - Avira AntiVir Personal - Free Antivirus
14-08-2014 07:02:27 Windows Update
14-08-2014 08:49:02 avast! antivirus system restore point
14-08-2014 10:50:59 Revo Uninstaller's restore point - FileConverter 1.3 B2 Toolbar

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2014-08-13 15:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1784021E-7CED-4A79-810D-7A4254C9C17F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CD53A98-87AB-44CE-8AB9-F47A4C68897E} - \PC Performer No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {99D546B7-304D-4321-A600-1C9DB414F713} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {A5620634-E49C-4245-81AB-EEA61B3ADF1A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Angie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {C807222A-3809-41A1-B5EB-CE621F9BE417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
Task: {E141E7D3-3456-4F8E-AD17-5E1B4FEF728F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F1A96772-4E0E-4102-A6E2-CFB46CB9A2E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {F6C63592-1E4C-4A23-8723-312FF58342D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-14 10:51 - 2014-08-14 10:51 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-14 13:54 - 2014-08-14 13:54 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081400\algo.dll
2008-07-08 06:55 - 2008-04-26 01:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe
2008-07-08 06:55 - 2007-11-15 01:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-07-08 06:48 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-06-18 20:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-08-04 01:02 - 2008-08-04 01:02 - 00036352 _____ () C:\Program Files\Winamp\winampa.exe
2014-08-14 10:51 - 2014-08-14 10:51 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-07-08 06:07 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft Tun-Miniportadapter #2
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2014 03:04:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:04:53.563]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/14/2014 03:04:18 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:04:18.962]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/14/2014 03:03:44 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:03:44.361]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/14/2014 03:03:09 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:03:09.760]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/14/2014 03:02:35 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:02:35.159]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/14/2014 03:02:00 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:02:00.558]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/14/2014 03:01:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:01:26.000]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/14/2014 03:00:51 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/14 15:00:51.399]: [00002340]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/06/2013 03:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 531 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-14 15:02:47.686
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 15:02:47.389
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 15:02:47.015
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 15:02:46.578
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 14:51:26.524
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 14:25:57.087
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 14:10:06.763
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 14:10:06.414
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 14:10:06.039
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 14:10:05.243
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 54%
Total physical RAM: 1978.45 MB
Available physical RAM: 907.13 MB
Total Pagefile: 4200.16 MB
Available Pagefile: 2938.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289.1 GB) (Free:189.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8.98 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1163E3AD)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Gruss, xvolt


Alt 15.08.2014, 11:23   #6
schrauber
/// the machine
/// TB-Ausbilder
 

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)

Alt 15.08.2014, 13:55   #7
xvolt
 
WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)



Hallo,

Probleme habe ich keine mehr :-)

Hier dennoch noch die Logfiles, da ESET etwas gefunden hat.

Eset.txt
Code:
ATTFilter
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R0KLZ96.004	Variante von Win32/Wajam.G evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R20S7PL.dll	möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R23IYS8.037	Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R2OC18U.007	Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RGG025V.0	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RH6LB9D.032	Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RIT8TV8.048	Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RMHHILB.0	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RP6J253.018	Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RRJRX6C.cpi	Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RTVOF5E.052	Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RZGKOTN.050	Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R41BLQR.3_B2\hk64tbFile.dll	Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R41BLQR.3_B2\hktbFile.dll	Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R41BLQR.3_B2\ldrtbFile.dll	Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$R41BLQR.3_B2\tbFile.dll	Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RBUXLWO\kdneagjiboclldmglpjofpeipkbollcf.crx	Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RBYTSB2\Java\Deployment\cache\6.0\55\523b3677-5014ee4a	Mehrere Bedrohungen
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RCY7J3O\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir	Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RCY7J3O\Quarantine\C\Program Files\Conduit\CT3312331\plugins\TBVerifier.dll.vir	Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung
C:\$RECYCLE.BIN\S-1-5-21-1332518490-556231238-1997960668-1000\$RCY7J3O\Quarantine\C\Users\Angie\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\004A1017.exe.vir	Variante von Win32/Toolbar.MyWebSearch.V evtl. unerwünschte Anwendung
C:\Users\Angie\Downloads\7-PDFSplitMerge.exe	Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Angie\Downloads\PDFCreator-1_6_2_2_setup.exe	Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung
C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll	Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll	Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\hk64tbFil0.dll	Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\hktbFil0.dll	möglicherweise Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\hktbFile.dll	Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\ldrtbFile.dll	Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\tbFil0.dll	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\tbFil1.dll	möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\tbFile.dll	Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\LocalLow\FileConverter_1.3_B2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll	Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
         

checkup.txt
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.86  
 Windows Vista Service Pack 2 x86 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java version out of Date! 
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MSASCui.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by Angie (administrator) on ANGIE-PC on 15-08-2014 14:45:58
Running from C:\Users\Angie\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SMINST\BLService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Winamp\winampa.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.)
Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]
CHR HKLM\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2014-08-14]
CHR HKCU\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2014-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-14] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-14] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-14] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [60936 2010-02-16] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [124784 2010-03-01] (Avira GmbH)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-02-08] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Angie\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 14:45 - 2014-08-15 14:45 - 00001052 _____ () C:\Users\Angie\Desktop\checkup.txt
2014-08-15 14:23 - 2014-08-15 14:23 - 00005108 _____ () C:\Users\Angie\Desktop\ESET_OnlineScanner.txt
2014-08-15 12:45 - 2014-08-15 12:45 - 00000000 ____D () C:\Program Files\ESET
2014-08-15 08:34 - 2014-08-15 08:32 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-15 08:33 - 2014-08-15 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-15 08:33 - 2014-08-15 08:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-15 08:33 - 2014-08-15 08:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-15 08:33 - 2014-08-15 08:32 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-15 08:32 - 2014-08-15 08:32 - 00000000 ____D () C:\Program Files\Java
2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN125A.tmp
2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN1259.tmp
2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN1248.tmp
2014-08-15 08:08 - 2014-08-15 08:08 - 00001057 _____ () C:\Users\Angie\Desktop\Revo Uninstaller.lnk
2014-08-14 22:53 - 2014-08-14 22:53 - 00005546 _____ () C:\Users\Angie\Desktop\Eset.txt
2014-08-14 15:24 - 2014-08-14 23:01 - 00854410 _____ () C:\Users\Angie\Downloads\SecurityCheck.exe
2014-08-14 15:23 - 2014-08-14 15:24 - 02347384 _____ (ESET) C:\Users\Angie\Downloads\esetsmartinstaller_deu.exe
2014-08-14 15:12 - 2014-08-14 15:05 - 00033717 _____ () C:\Users\Angie\Desktop\FRST.txt
2014-08-14 15:12 - 2014-08-14 15:05 - 00023737 _____ () C:\Users\Angie\Desktop\Addition.txt
2014-08-14 15:02 - 2014-08-15 14:46 - 00000000 ____D () C:\FRST
2014-08-14 15:01 - 2014-08-14 15:01 - 00000746 _____ () C:\Users\Angie\Desktop\JRT.txt
2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 14:28 - 2014-08-14 14:28 - 00002868 _____ () C:\Users\Angie\Desktop\AdwCleaner[S1].txt
2014-08-14 14:21 - 2014-08-14 14:21 - 01016261 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe
2014-08-14 14:20 - 2014-08-14 14:20 - 01356107 _____ () C:\Users\Angie\Desktop\adwcleaner_3.305.exe
2014-08-14 14:18 - 2014-08-14 14:18 - 00001161 _____ () C:\Users\Angie\Desktop\mbam.txt
2014-08-14 14:03 - 2014-08-15 12:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 14:03 - 2014-08-14 14:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-14 14:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 14:03 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 14:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 13:35 - 2014-08-14 13:35 - 00013519 _____ () C:\ComboFix.txt
2014-08-14 13:18 - 2014-08-14 13:35 - 00000000 ____D () C:\ComboFix
2014-08-14 13:17 - 2014-08-14 13:35 - 00000000 ____D () C:\Qoobox
2014-08-14 13:06 - 2014-08-14 13:06 - 00008224 _____ () C:\Users\jv\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 12:24 - 2014-08-14 12:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 12:17 - 2014-08-14 13:01 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Google
2014-08-14 12:17 - 2014-08-14 12:18 - 00000000 ____D () C:\Users\jv\AppData\Local\Google
2014-08-14 12:05 - 2014-08-14 12:05 - 00004608 _____ () C:\Users\jv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-14 12:04 - 2014-08-14 12:04 - 00000949 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Macromedia
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\AVAST Software
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Adobe
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\QSwitch.txt
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\DSwitch.txt
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\AtStart.txt
2014-08-14 12:03 - 2014-08-14 13:10 - 00000944 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-14 12:03 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv
2014-08-14 12:03 - 2014-08-14 12:03 - 00000915 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-14 12:03 - 2014-08-14 12:03 - 00000020 ___SH () C:\Users\jv\ntuser.ini
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Startmenü
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Netzwerkumgebung
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Druckumgebung
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Musik
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Bilder
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Local\Verlauf
2014-08-14 12:03 - 2008-12-04 01:30 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-08-14 12:03 - 2008-12-04 01:28 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-08-14 12:03 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-14 12:03 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-14 10:55 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\AVAST Software
2014-08-14 10:54 - 2014-08-14 10:54 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-14 10:54 - 2014-08-14 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-14 10:52 - 2014-08-14 10:54 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-14 10:52 - 2014-08-14 10:51 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-14 10:52 - 2014-08-14 10:51 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 10:51 - 2014-08-14 10:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 10:50 - 2014-08-14 10:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-14 10:47 - 2014-08-14 10:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-14 10:47 - 2014-08-14 10:47 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\qswlqhwk.sys
2014-08-14 10:43 - 2014-08-14 10:47 - 91906368 _____ (AVAST Software) C:\Users\Angie\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-08-14 10:03 - 2014-08-15 14:46 - 00013846 _____ () C:\Users\Angie\Downloads\FRST.txt
2014-08-14 09:29 - 2014-08-14 13:42 - 24017152 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\mpas-fe.exe
2014-08-13 15:42 - 2014-08-13 16:05 - 00000000 ____D () C:\Windows\erdnt
2014-08-13 15:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-13 15:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-13 15:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-13 15:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-13 15:30 - 2014-08-14 13:15 - 05571579 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe
2014-08-13 15:29 - 2014-08-13 15:41 - 05569662 ____R (Swearware) C:\Users\Angie\Downloads\ComboFix.exe
2014-08-13 15:25 - 2014-08-13 15:25 - 01092096 _____ (Farbar) C:\Users\Angie\Downloads\FRST.exe
2014-08-13 15:09 - 2014-08-15 08:08 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-13 15:08 - 2014-08-13 15:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angie\Downloads\revosetup95.exe
2014-08-13 14:13 - 2014-08-13 14:15 - 00380416 _____ () C:\Users\Angie\Downloads\Gmer-19357.exe
2014-08-13 14:08 - 2014-08-13 14:09 - 00000020 _____ () C:\Users\Angie\defogger_reenable
2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira
2014-08-13 12:42 - 2014-08-14 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-13 12:41 - 2014-08-14 10:24 - 00000000 ____D () C:\Program Files\Avira
2014-08-13 12:41 - 2014-08-14 09:57 - 00000000 ____D () C:\ProgramData\Avira
2014-08-13 12:41 - 2010-03-01 10:05 - 00124784 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys
2014-08-13 12:41 - 2010-02-16 14:24 - 00060936 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-13 12:41 - 2009-05-11 12:49 - 00051992 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntdd.sys
2014-08-13 12:41 - 2009-05-11 12:49 - 00017016 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntmgr.sys
2014-08-13 12:41 - 2009-05-11 10:12 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 14:46 - 2014-08-14 15:02 - 00000000 ____D () C:\FRST
2014-08-15 14:46 - 2014-08-14 10:03 - 00013846 _____ () C:\Users\Angie\Downloads\FRST.txt
2014-08-15 14:45 - 2014-08-15 14:45 - 00001052 _____ () C:\Users\Angie\Desktop\checkup.txt
2014-08-15 14:41 - 2010-02-12 22:42 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 14:31 - 2013-04-14 10:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 14:23 - 2014-08-15 14:23 - 00005108 _____ () C:\Users\Angie\Desktop\ESET_OnlineScanner.txt
2014-08-15 14:01 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 14:01 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 12:45 - 2014-08-15 12:45 - 00000000 ____D () C:\Program Files\ESET
2014-08-15 12:18 - 2014-08-14 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 08:41 - 2010-02-12 22:42 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 08:36 - 2008-12-04 00:43 - 01208576 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 08:34 - 2008-07-08 06:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-15 08:33 - 2014-08-15 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-15 08:32 - 2014-08-15 08:34 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-15 08:32 - 2014-08-15 08:33 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-15 08:32 - 2014-08-15 08:33 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-15 08:32 - 2014-08-15 08:33 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-15 08:32 - 2014-08-15 08:32 - 00000000 ____D () C:\Program Files\Java
2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN125A.tmp
2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN1259.tmp
2014-08-15 08:26 - 2014-08-15 08:26 - 00000000 _____ () C:\Windows\system32\REN1248.tmp
2014-08-15 08:08 - 2014-08-15 08:08 - 00001057 _____ () C:\Users\Angie\Desktop\Revo Uninstaller.lnk
2014-08-15 08:08 - 2014-08-13 15:09 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-15 08:04 - 2008-12-04 01:32 - 00000286 _____ () C:\Users\Public\Documents\hpqp.ini
2014-08-15 08:01 - 2008-01-21 04:47 - 00570512 _____ () C:\Windows\PFRO.log
2014-08-15 08:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 23:05 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-14 23:01 - 2014-08-14 15:24 - 00854410 _____ () C:\Users\Angie\Downloads\SecurityCheck.exe
2014-08-14 22:53 - 2014-08-14 22:53 - 00005546 _____ () C:\Users\Angie\Desktop\Eset.txt
2014-08-14 15:24 - 2014-08-14 15:23 - 02347384 _____ (ESET) C:\Users\Angie\Downloads\esetsmartinstaller_deu.exe
2014-08-14 15:05 - 2014-08-14 15:12 - 00033717 _____ () C:\Users\Angie\Desktop\FRST.txt
2014-08-14 15:05 - 2014-08-14 15:12 - 00023737 _____ () C:\Users\Angie\Desktop\Addition.txt
2014-08-14 15:01 - 2014-08-14 15:01 - 00000746 _____ () C:\Users\Angie\Desktop\JRT.txt
2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 14:28 - 2014-08-14 14:28 - 00002868 _____ () C:\Users\Angie\Desktop\AdwCleaner[S1].txt
2014-08-14 14:21 - 2014-08-14 14:21 - 01016261 _____ (Thisisu) C:\Users\Angie\Desktop\JRT.exe
2014-08-14 14:20 - 2014-08-14 14:20 - 01356107 _____ () C:\Users\Angie\Desktop\adwcleaner_3.305.exe
2014-08-14 14:18 - 2014-08-14 14:18 - 00001161 _____ () C:\Users\Angie\Desktop\mbam.txt
2014-08-14 14:03 - 2014-08-14 14:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-14 14:03 - 2014-08-14 14:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-14 13:42 - 2014-08-14 09:29 - 24017152 _____ (Microsoft Corporation) C:\Users\Angie\Downloads\mpas-fe.exe
2014-08-14 13:35 - 2014-08-14 13:35 - 00013519 _____ () C:\ComboFix.txt
2014-08-14 13:35 - 2014-08-14 13:18 - 00000000 ____D () C:\ComboFix
2014-08-14 13:35 - 2014-08-14 13:17 - 00000000 ____D () C:\Qoobox
2014-08-14 13:32 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-14 13:21 - 2009-01-23 13:36 - 00000944 _____ () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-14 13:15 - 2014-08-13 15:30 - 05571579 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe
2014-08-14 13:10 - 2014-08-14 12:03 - 00000944 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-14 13:06 - 2014-08-14 13:06 - 00008224 _____ () C:\Users\jv\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 13:06 - 2012-08-13 11:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-14 13:01 - 2014-08-14 12:17 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Google
2014-08-14 12:24 - 2014-08-14 12:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 12:18 - 2014-08-14 12:17 - 00000000 ____D () C:\Users\jv\AppData\Local\Google
2014-08-14 12:05 - 2014-08-14 12:05 - 00004608 _____ () C:\Users\jv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-14 12:04 - 2014-08-14 12:04 - 00000949 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Macromedia
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\AVAST Software
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 ____D () C:\Users\jv\AppData\Roaming\Adobe
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\QSwitch.txt
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\DSwitch.txt
2014-08-14 12:04 - 2014-08-14 12:04 - 00000000 _____ () C:\Users\jv\AppData\Local\AtStart.txt
2014-08-14 12:04 - 2014-08-14 12:03 - 00000000 ____D () C:\Users\jv
2014-08-14 12:03 - 2014-08-14 12:03 - 00000915 _____ () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-14 12:03 - 2014-08-14 12:03 - 00000020 ___SH () C:\Users\jv\ntuser.ini
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Startmenü
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Netzwerkumgebung
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Druckumgebung
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Musik
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\Documents\Eigene Bilder
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-14 12:03 - 2014-08-14 12:03 - 00000000 _SHDL () C:\Users\jv\AppData\Local\Verlauf
2014-08-14 10:58 - 2009-01-23 15:15 - 00000000 ____D () C:\Users\Angie\AppData\Local\Google
2014-08-14 10:58 - 2009-01-23 15:15 - 00000000 ____D () C:\Program Files\Google
2014-08-14 10:58 - 2009-01-23 13:36 - 00000949 _____ () C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-14 10:55 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\AVAST Software
2014-08-14 10:54 - 2014-08-14 10:54 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-14 10:54 - 2014-08-14 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-14 10:54 - 2014-08-14 10:52 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-14 10:51 - 2014-08-14 10:52 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-14 10:51 - 2014-08-14 10:52 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 10:51 - 2014-08-14 10:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 10:50 - 2014-08-14 10:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-14 10:50 - 2014-08-14 10:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-14 10:47 - 2014-08-14 10:47 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\qswlqhwk.sys
2014-08-14 10:47 - 2014-08-14 10:43 - 91906368 _____ (AVAST Software) C:\Users\Angie\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-08-14 10:24 - 2014-08-13 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-14 10:24 - 2014-08-13 12:41 - 00000000 ____D () C:\Program Files\Avira
2014-08-14 09:57 - 2014-08-13 12:41 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 09:20 - 2008-07-08 05:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-14 08:48 - 2009-02-12 21:18 - 00000680 _____ () C:\Users\Angie\AppData\Local\d3d9caps.dat
2014-08-13 16:07 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-08-13 16:06 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-08-13 16:05 - 2014-08-13 15:42 - 00000000 ____D () C:\Windows\erdnt
2014-08-13 15:58 - 2006-11-02 12:22 - 44826624 _____ () C:\Windows\system32\config\software.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 42467328 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 19922944 _____ () C:\Windows\system32\config\system.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-13 15:58 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-13 15:41 - 2014-08-13 15:29 - 05569662 ____R (Swearware) C:\Users\Angie\Downloads\ComboFix.exe
2014-08-13 15:25 - 2014-08-13 15:25 - 01092096 _____ (Farbar) C:\Users\Angie\Downloads\FRST.exe
2014-08-13 15:08 - 2014-08-13 15:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angie\Downloads\revosetup95.exe
2014-08-13 14:15 - 2014-08-13 14:13 - 00380416 _____ () C:\Users\Angie\Downloads\Gmer-19357.exe
2014-08-13 14:09 - 2014-08-13 14:08 - 00000020 _____ () C:\Users\Angie\defogger_reenable
2014-08-13 14:08 - 2009-01-23 13:29 - 00000000 ____D () C:\Users\Angie
2014-08-13 13:13 - 2014-07-10 20:48 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-13 13:02 - 2013-09-16 21:20 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Mozilla
2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira
2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-05 09:20 - 2009-10-07 08:42 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 21:37 - 2006-11-02 12:33 - 01453910 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Angie\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-15 08:09

==================== End Of Log ============================
         
--- --- ---


addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Angie at 2014-08-15 14:47:08
Running from C:\Users\Angie\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVIConverter 5.1.6 (HKLM\...\AVIConverter) (Version: 5.1.6 - )
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version:  - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}) (Version: 2.0.9.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.40 F1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 F1 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{340F521E-3576-4E1A-B75C-EB0ACF751379}) (Version: 3.00 J1 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software  1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
PC Connectivity Solution (HKLM\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent)
Winamp (HKLM\...\Winamp) (Version: 5.541  - Nullsoft, Inc)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1332518490-556231238-1997960668-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)

==================== Restore Points  =========================

22-03-2014 11:12:10 Geplanter Prüfpunkt
23-03-2014 12:13:47 Geplanter Prüfpunkt
24-03-2014 16:11:20 Geplanter Prüfpunkt
26-03-2014 17:19:41 Geplanter Prüfpunkt
31-03-2014 15:45:37 Geplanter Prüfpunkt
01-04-2014 15:21:27 Geplanter Prüfpunkt
06-04-2014 10:39:52 Geplanter Prüfpunkt
11-04-2014 18:08:28 Geplanter Prüfpunkt
12-04-2014 09:05:09 Geplanter Prüfpunkt
13-04-2014 10:18:23 Geplanter Prüfpunkt
21-04-2014 08:39:04 Geplanter Prüfpunkt
07-05-2014 16:32:25 Geplanter Prüfpunkt
09-05-2014 14:37:34 Geplanter Prüfpunkt
10-05-2014 15:25:24 Geplanter Prüfpunkt
11-05-2014 09:05:00 Geplanter Prüfpunkt
19-06-2014 07:26:31 Geplanter Prüfpunkt
13-08-2014 10:40:51 Avira AntiVir Personal - 13.08.2014 12:39
13-08-2014 13:14:32 Revo Uninstaller's restore point - Avira AntiVir Personal - Free Antivirus
14-08-2014 07:02:27 Windows Update
14-08-2014 08:49:02 avast! antivirus system restore point
14-08-2014 10:50:59 Revo Uninstaller's restore point - FileConverter 1.3 B2 Toolbar
15-08-2014 06:22:24 Revo Uninstaller's restore point - Java(TM) 6 Update 5
15-08-2014 06:25:09 Revo Uninstaller's restore point - Java(TM) 6 Update 29
15-08-2014 06:25:24 Removed Java(TM) 6 Update 29
15-08-2014 06:31:53 Installed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2014-08-13 15:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1784021E-7CED-4A79-810D-7A4254C9C17F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CD53A98-87AB-44CE-8AB9-F47A4C68897E} - \PC Performer No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5E676CBE-5E24-422C-8B4F-DA7BC8276DB7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Angie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {99D546B7-304D-4321-A600-1C9DB414F713} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {C807222A-3809-41A1-B5EB-CE621F9BE417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
Task: {E141E7D3-3456-4F8E-AD17-5E1B4FEF728F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F1A96772-4E0E-4102-A6E2-CFB46CB9A2E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {F6C63592-1E4C-4A23-8723-312FF58342D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-14 10:51 - 2014-08-14 10:51 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-15 12:02 - 2014-08-15 12:02 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081500\algo.dll
2008-07-08 06:55 - 2008-04-26 01:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe
2008-07-08 06:55 - 2007-11-15 01:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-07-08 06:48 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-06-18 20:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-08-04 01:02 - 2008-08-04 01:02 - 00036352 _____ () C:\Program Files\Winamp\winampa.exe
2014-08-14 10:51 - 2014-08-14 10:51 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-07-08 06:07 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft Tun-Miniportadapter #2
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2014 02:47:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:47:42.391]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/15/2014 02:47:07 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:47:07.790]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/15/2014 02:46:33 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:46:33.189]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/15/2014 02:45:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:45:58.588]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/15/2014 02:45:23 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:45:23.987]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/15/2014 02:44:49 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:44:49.366]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/15/2014 02:44:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:44:14.864]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/15/2014 02:43:40 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:43:40.055]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/15/2014 02:43:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:43:05.553]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error

Error: (08/15/2014 02:42:31 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/15 14:42:31.049]: [00003388]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error


System errors:
=============
Error: (08/15/2014 08:04:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira AntiVir Guard%%2

Error: (08/15/2014 08:04:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/15/2014 08:04:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Avira AntiVir Planer%%2


Microsoft Office Sessions:
=========================
Error: (06/06/2013 03:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 531 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-15 14:46:59.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-15 14:46:59.225
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-15 14:46:58.929
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-15 14:46:58.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-15 14:46:58.165
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-15 14:46:57.884
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-15 14:46:57.603
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-15 14:46:57.338
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-15 14:46:22.066
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-15 14:46:21.785
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 63%
Total physical RAM: 1978.45 MB
Available physical RAM: 724.67 MB
Total Pagefile: 4198.21 MB
Available Pagefile: 2661.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289.1 GB) (Free:189.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8.98 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1163E3AD)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Gruss
Jürgen

Alt 16.08.2014, 07:38   #8
schrauber
/// the machine
/// TB-Ausbilder
 

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)



Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\$RECYCLE.BIN
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.08.2014, 08:40   #9
xvolt
 
WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)



Hallo Schrauber,

vielen, vieln Dank für deine Hilfe - und dann auch alles immer so schnell!!!

S U P E R!

Hier noch das Fixlist-Log:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by Angie at 2014-08-16 09:35:37 Run:1
Running from C:\Users\Angie\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\$RECYCLE.BIN
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
         
*****************

C:\$RECYCLE.BIN => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.

==== End of Fixlog ====
         
Viele Grüsse & riesengrosses DANKESCHÖN
xvolt

Alt 17.08.2014, 06:58   #10
schrauber
/// the machine
/// TB-Ausbilder
 

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Standard

WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)
4d36e972-e325-11ce-bfc1-08002be10318, conduitsearch, conduitsearch entfernen, device driver, dxgkrnl, gruppenrichtlinie, gruppenrichtlinie gesperrt, launch, newtab, tunnel, usbvideo.sys, vcredist, vista home premium, win32/bundled.toolbar.ask, win32/installmonetizer.aq, win32/pricegong.a, win32/toolbar.conduit.ac, win32/toolbar.conduit.ah, win32/toolbar.conduit.b, win32/toolbar.conduit.p, win32/toolbar.conduit.x, win32/toolbar.conduit.y, win32/toolbar.linkury.g, win32/toolbar.mywebsearch.v, win32/wajam.d, win32/wajam.g, win64/toolbar.conduit.b



Ähnliche Themen: WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)


  1. Win7 - Avira lässt sich nicht ausführen / Programm durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 06.01.2015 (39)
  2. Windows 7 Home Premium - Avast - Gruppenrichtlinie
    Log-Analyse und Auswertung - 04.11.2014 (5)
  3. Windows 7 Home Premium - SpyHunter 4 deinstallieren
    Log-Analyse und Auswertung - 16.09.2014 (17)
  4. Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie
    Log-Analyse und Auswertung - 22.08.2014 (11)
  5. Avira Free Antivirus lässt sich nicht komplett deinstallieren
    Log-Analyse und Auswertung - 06.07.2014 (15)
  6. Avira lässt sich nicht starten - Gruppenrichtlinie
    Log-Analyse und Auswertung - 14.06.2014 (5)
  7. Windows Vista 32 bit: Avira lässt sich nicht mehr öffnen
    Log-Analyse und Auswertung - 06.06.2014 (7)
  8. Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 11.05.2014 (10)
  9. Windows Vista Home Premium lässt sich nicht starten.
    Alles rund um Windows - 02.01.2014 (14)
  10. Trojaner TR/Crypt.XPACK.Gen3 auf Vista Home Premium 32 Bit mit Avira Free
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (11)
  11. GVU Trojaner 2.07 Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (5)
  12. Polizeivirus auf Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (33)
  13. GVU Trojaner 2.07 - Windows Vista Home Premium 32 Bit
    Log-Analyse und Auswertung - 07.10.2012 (6)
  14. Der eingegebene Product Key für Windows Vista Home Premium ist nicht für die Aktivierung gültig
    Alles rund um Windows - 27.09.2011 (24)
  15. Vista Home Premium stürzt ab, lässt Maus und Tastatur hängen und tauscht Symbole
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (1)
  16. VIRUSS! Windows Vista Home Premium
    Alles rund um Windows - 10.04.2010 (3)
  17. Vista home premium hängt sich auf Bitte dringend um hilfe
    Alles rund um Windows - 02.08.2008 (2)

Zum Thema WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) - Guten Tag ein routinemässiger Scan mit Malwarbytes hat > 160 Founds ergeben. Zudem kann ich Avira nicht mehr starten und auch nicht deinstallieren, da es anscheinend durch eine Gruppenrichtlinie gesperrt - WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)...
Archiv
Du betrachtest: WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.