| |
| |||||||
Log-Analyse und Auswertung: WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.08.2014, 13:23
| #1 |
 |  WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) Guten Tag ein routinemässiger Scan mit Malwarbytes hat > 160 Founds ergeben. Zudem kann ich Avira nicht mehr starten und auch nicht deinstallieren, da es anscheinend durch eine Gruppenrichtlinie gesperrt ist. Bitte um Hilfe und Analyse meiner Log-Files Grüsse xvolt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Angie at 2014-08-13 14:12:05
Running from C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VGN50HB
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7 Wonders II (HKLM\...\exent_586350) (Version: - )
7Go Games (HKLM\...\7Go Games) (Version: 1.0.0.0 - 7go.com)
7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
AVIConverter 5.1.6 (HKLM\...\AVIConverter) (Version: 5.1.6 - )
Avira AntiVir Personal - Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 10.0.0.567 - Avira GmbH)
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
Cradle of Rome (HKLM\...\exent_554750) (Version: - )
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fantastigames (HKLM\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version: - Exent Technologies Ltd) <==== ATTENTION
FileConverter 1.3 B2 Toolbar (HKLM\...\FileConverter_1.3_B2 Toolbar) (Version: 6.11.2.6 - FileConverter 1.3 B2)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
Heartwild Solitaire - Book Two (HKLM\...\exent_676150) (Version: - )
Heroes of Hellas (HKLM\...\exent_532150) (Version: - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}) (Version: 2.0.9.0 - Hewlett-Packard)
HP Quick Launch Buttons 6.40 F1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 F1 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{340F521E-3576-4E1A-B75C-EB0ACF751379}) (Version: 3.00 J1 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
iLivid (HKLM\...\iLivid) (Version: 4.0.0.2208 - Bandoo Media Inc) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LayoutsExpress (HKLM\...\LayoutsExpress) (Version: - )
LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
PC Connectivity Solution (HKLM\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PC Performer (HKLM\...\PC Performer_is1) (Version: 11.10 - PerformerSoft LLC) <==== ATTENTION
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Speed Analysis 3 (HKLM\...\Speed Analysis 3) (Version: 1.0.0.4 - SpeedAnalysis.com) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Time Riddles: The Mansion (HKLM\...\exent_683150) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Wajam (HKLM\...\Wajam) (Version: 1.76 - Wajam) <==== ATTENTION
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent)
Winamp (HKLM\...\Winamp) (Version: 5.541 - Nullsoft, Inc)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1784021E-7CED-4A79-810D-7A4254C9C17F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2A5875CA-564A-48D5-BD59-A2DFA80B2C9C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Angie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {2A7FA053-C6C6-4CCA-87C6-7F165D78C11C} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CD53A98-87AB-44CE-8AB9-F47A4C68897E} - System32\Tasks\PC Performer => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {83A2220F-031D-4E6B-93F6-63028120B476} - System32\Tasks\PC Performer_UPDATES => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {99D546B7-304D-4321-A600-1C9DB414F713} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {C807222A-3809-41A1-B5EB-CE621F9BE417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F1A96772-4E0E-4102-A6E2-CFB46CB9A2E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {F6C63592-1E4C-4A23-8723-312FF58342D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-07-25 14:53 - 2011-10-25 17:56 - 00049152 _____ () C:\Windows\system32\CSRSRV.dll
2014-08-13 12:41 - 2010-01-28 13:57 - 00355688 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-07-08 06:01 - 2008-06-11 22:18 - 00120216 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2008-07-08 06:01 - 2008-06-11 22:18 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-07-08 06:01 - 2008-06-11 22:18 - 00345384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2008-08-04 01:02 - 2008-08-04 01:02 - 00036352 _____ () C:\Program Files\Winamp\winampa.exe
2011-06-18 20:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-07-08 06:55 - 2008-04-26 01:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe
2008-07-08 06:55 - 2007-11-15 01:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-07-08 06:48 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-07-08 06:07 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2014-08-13 14:08 - 2014-08-13 14:08 - 00050477 _____ () C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6S53WUC\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft Tun-Miniportadapter #2
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2014 02:12:07 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{aa6c1ff3-e938-11dd-908f-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.
Vorgang:
Automatisch freigegebene Schattenkopien werden entfernt
Anbieter wird geladen
Kontext:
Ausführungskontext: System Provider
Error: (08/13/2014 02:12:07 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{aa6c1ff3-e938-11dd-908f-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.
Vorgang:
Automatisch freigegebene Schattenkopien werden entfernt
Anbieter wird geladen
Kontext:
Ausführungskontext: System Provider
Error: (08/13/2014 02:12:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:12:04.683]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:11:30 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:11:30.174]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:10:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:10:55.665]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:10:21 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:10:21.138]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:09:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:09:46.635]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:09:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:09:12.082]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:08:37 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:08:37.579]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
Error: (08/13/2014 02:08:03 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/08/13 14:08:03.074]: [00003104]: GetDeviceIpAddress: GetAddressByName [BRW0022581D7985] Error
System errors:
=============
Error: (08/13/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: avipbb%%31
Error: (08/13/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: avipbb
sptd
ssmdrv
Error: (08/13/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Avira AntiVir Guard
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Update Lizardlink%%3
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: MBAMServiceMBAMProtector%%31
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMProtector%%31
Error: (08/13/2014 01:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: avgntflt%%31
Error: (08/13/2014 01:28:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMSwissArmy%%31
Error: (08/13/2014 01:28:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MBAMSwissArmy%%31
Microsoft Office Sessions:
=========================
Error: (06/06/2013 03:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 531 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-08-13 13:55:08.747
Description: N/A
Date: 2014-08-13 13:55:08.407
Description: N/A
Date: 2014-08-13 13:55:08.057
Description: N/A
Date: 2014-08-13 13:55:07.667
Description: N/A
Date: 2014-08-13 13:55:07.087
Description: N/A
Date: 2014-08-13 13:55:06.647
Description: N/A
Date: 2014-08-13 13:55:06.107
Description: N/A
Date: 2014-08-13 13:55:05.587
Description: N/A
Date: 2014-08-13 13:54:35.489
Description: N/A
Date: 2014-08-13 13:54:35.079
Description: N/A
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 1978.45 MB
Available physical RAM: 883.5 MB
Total Pagefile: 4198.16 MB
Available Pagefile: 2948.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.1 GB) (Free:185.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8.98 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1163E3AD)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 Ran by Angie (administrator) on ANGIE-PC on 13-08-2014 14:11:16 Running from C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VGN50HB Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe () C:\Program Files\Winamp\winampa.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Exent Technologies Ltd.) C:\Program Files\FantastiGames\GPlayer.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe () C:\Windows\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe () C:\Windows\Installer\{6DC9FE55-927B-3523-1E6E-BE9DFE17D1D4}\syshost.exe (ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe (Wajam) C:\Program Files\Wajam\Updater\WajamUpdater.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe () C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6S53WUC\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKU\.DEFAULT\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.) HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.) HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.) HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.) HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\Run: [OletAyuxm] => regsvr32.exe "C:\ProgramData\OletAyuxm.dat" HKU\S-1-5-21-1332518490-556231238-1997960668-1000\...\MountPoints2: {6fe4f026-f5f2-11dd-a7c9-001f1656624b} - H:\Setup.exe Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=112543&tt=120812_bandext_3312_5&babsrc=HP_ss&mntrId=5efdfc0400000000000000234e6026b1 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?affID=121240&tt=gc_170513_18210&babsrc=HP_ss&mntrId=5EFD00234E6026B1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb URLSearchHook: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) URLSearchHook: HKLM - appbarioDE Toolbar - {525ba996-1ce4-4677-91c5-9fc4ead2d245} - C:\Program Files\appbarioDE\prxtbappb.dll No File URLSearchHook: HKCU - FroggyBoss Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>) URLSearchHook: HKCU - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) URLSearchHook: HKCU - appbarioDE Toolbar - {525ba996-1ce4-4677-91c5-9fc4ead2d245} - C:\Program Files\appbarioDE\prxtbappb.dll No File SearchScopes: HKLM - DefaultScope {6CCBCF51-EC11-4D0F-8671-A366CF72FB90} URL = SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=063b05af-86a0-4124-9b53-dcf1e58022fa&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM - {29FA9B66-0816-48BC-9EBD-938CBC2903A4} URL = SearchScopes: HKLM - {2AD9BACB-2264-4A41-A318-6F1BDE25A2A7} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7273501263574128&q={searchTerms} SearchScopes: HKLM - {D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN65847689334022286&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV= SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN65847689334022286&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121240&tt=gc_170513_18210&babsrc=SP_ss_wls&mntrId=5EFD00234E6026B1 SearchScopes: HKCU - {29FA9B66-0816-48BC-9EBD-938CBC2903A4} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN65847689334022286&UM=2 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7273501263574128&q={searchTerms} SearchScopes: HKCU - {DCC31AE4-5661-401A-8268-5B2CB045F10D} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_deDE466 BHO: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File BHO: appbarioDE Toolbar -> {525ba996-1ce4-4677-91c5-9fc4ead2d245} -> C:\Program Files\appbarioDE\prxtbappb.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} -> No File BHO: MrFroggy Class -> {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} -> C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>) BHO: FileConverter 1.3 B2 Toolbar -> {99a9c3ba-07f6-4699-bc81-65cab16e204b} -> C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) BHO: Speed Analysis 3 -> {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} -> C:\Program Files\Speed Analysis 3\ScriptHost.dll No File BHO: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files\Wajam\IE\priam_bho.dll (Wajam) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files\Minibar\Kango.dll (KangoExtensions) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: Lizardlink -> {eb9e4cdf-b007-450c-b0af-b66467c3d6e0} -> C:\Program Files\Lizardlink\Lizardlinkbho.dll No File BHO: 7Go Games -> {FF103732-4528-4322-AA8B-F7849AB7776B} -> C:\Program Files\7Go Games\ScriptHost.dll No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) Toolbar: HKLM - appbarioDE Toolbar - {525ba996-1ce4-4677-91c5-9fc4ead2d245} - C:\Program Files\appbarioDE\prxtbappb.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - appbarioDE Toolbar - {525BA996-1CE4-4677-91C5-9FC4EAD2D245} - C:\Program Files\appbarioDE\prxtbappb.dll No File DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\FantastiGames\NPGameTreatPlugin.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-25] FF HKLM\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\7go@7go.com FF Extension: 7Go Games - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013-09-16] FF HKLM\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com FF Extension: Speed Analysis 3 - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013-09-16] FF HKCU\...\Firefox\Extensions: [7go@7go.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\7go@7go.com FF HKCU\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\Angie\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com Chrome: ======= CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3312331&SearchSource=48&CUI=UN25533360282111013&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV= CHR StartupUrls: "http:\/\/search.conduit.com\/?ctid=CT3312331&SearchSource=48&CUI=UN25533360282111013&UM=2&UP=SP905ABC07-691D-4E0E-AD06-BFD71A03291E&SSPV=" CHR NewTab: "chrome-extension://kdneagjiboclldmglpjofpeipkbollcf/Search/NewTabPages/html/new_tab.html" CHR Extension: (Google Search) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-21] CHR Extension: (Avira Browser Safety) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-13] CHR Extension: (7Go Games) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi [2013-09-16] CHR Extension: (appbarioDE) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdneagjiboclldmglpjofpeipkbollcf [2013-09-16] CHR Extension: (No Name) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbmpjbkgemhgalmeiigcdljkccfcafoj [2013-09-16] CHR Extension: (Google Wallet) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17] CHR Extension: (Gmail) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-21] CHR Extension: (Extutil) - C:\Users\Angie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-08-13] CHR Extension: (Managera) - C:\Users\Angie\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-08-13] CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Angie\AppData\Roaming\7go\7go.crx [2013-07-30] CHR HKLM\...\Chrome\Extension: [jainjonnknhmbbkibcbmhihbopigapdm] - C:\Program Files\Lizardlink\jainjonnknhmbbkibcbmhihbopigapdm.crx [2013-07-30] CHR HKLM\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28] CHR HKLM\...\Chrome\Extension: [mbmpjbkgemhgalmeiigcdljkccfcafoj] - C:\Users\Angie\AppData\Roaming\SpeedAnalysis3\SpeedAnalysis.crx [2013-08-28] CHR HKCU\...\Chrome\Extension: [kdneagjiboclldmglpjofpeipkbollcf] - C:\Users\Angie\AppData\Local\CRE\kdneagjiboclldmglpjofpeipkbollcf.crx [2013-08-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "5be5bf43b64694ac" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [135336 2010-02-24] (Avira GmbH) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267432 2010-04-01] (Avira GmbH) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] () R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] () S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed] R2 syshost32; C:\Windows\Installer\{6DC9FE55-927B-3523-1E6E-BE9DFE17D1D4}\syshost.exe [75776 2014-04-16] () [File not signed] R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.) S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) R2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2013-04-04] (Wajam) [File not signed] S2 Update Lizardlink; "C:\Program Files\Lizardlink\updateLizardlink.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 ACPI; C:\Windows\System32\drivers\acpi.sys [265688 2009-04-10] () [File not signed] R0 adp94xx; C:\Windows\System32\drivers\adp94xx.sys [422968 2008-01-21] () [File not signed] R0 adpahci; C:\Windows\System32\drivers\adpahci.sys [300600 2008-01-21] () [File not signed] R0 adpu160m; C:\Windows\System32\drivers\adpu160m.sys [101432 2008-01-21] () [File not signed] R0 adpu320; C:\Windows\System32\drivers\adpu320.sys [149560 2008-01-21] () [File not signed] R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2011-04-21] () [File not signed] S3 agp440; C:\Windows\system32\drivers\agp440.sys [56376 2008-01-21] () [File not signed] R0 aic78xx; C:\Windows\System32\drivers\djsvs.sys [71272 2006-11-02] () [File not signed] R0 aliide; C:\Windows\System32\drivers\aliide.sys [17464 2008-01-21] () [File not signed] S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [57400 2008-01-21] () [File not signed] R0 amdide; C:\Windows\System32\drivers\amdide.sys [17976 2008-01-21] () [File not signed] S3 AmdK7; C:\Windows\system32\drivers\amdk7.sys [41472 2008-01-21] () [File not signed] S3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [44032 2008-01-21] () [File not signed] R0 arc; C:\Windows\System32\drivers\arc.sys [79416 2008-01-21] () [File not signed] R0 arcsas; C:\Windows\System32\drivers\arcsas.sys [79928 2008-01-21] () [File not signed] S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17408 2008-01-21] () [File not signed] R0 atapi; C:\Windows\System32\drivers\atapi.sys [19944 2009-04-10] () [File not signed] R3 athr; C:\Windows\System32\DRIVERS\athr.sys [1183744 2009-09-05] () [File not signed] S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [60936 2010-02-16] (Avira GmbH) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [124784 2010-03-01] (Avira GmbH) S3 BCM43XV; C:\Windows\System32\DRIVERS\bcmwl6.sys [464384 2006-11-02] () [File not signed] R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2008-01-21] () [File not signed] S3 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45568 2008-01-21] () [File not signed] R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] () [File not signed] S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [13568 2006-11-02] () [File not signed] S3 BrFiltUp; C:\Windows\system32\drivers\brfiltup.sys [5248 2006-11-02] () [File not signed] S3 Brserid; C:\Windows\system32\drivers\brserid.sys [71808 2006-11-02] () [File not signed] S3 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [62336 2006-11-02] () [File not signed] S3 BrUsbMdm; C:\Windows\system32\drivers\brusbmdm.sys [12160 2006-11-02] () [File not signed] S3 BrUsbSer; C:\Windows\system32\drivers\brusbser.sys [11904 2006-11-02] () [File not signed] S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [39936 2006-11-02] () [File not signed] R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70144 2008-01-21] () [File not signed] R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [67072 2009-04-10] () [File not signed] S3 circlass; C:\Windows\system32\drivers\circlass.sys [35328 2008-01-21] () [File not signed] R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] () [File not signed] R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14208 2008-01-21] () [File not signed] R0 cmdide; C:\Windows\System32\drivers\cmdide.sys [19000 2008-01-21] () [File not signed] R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT32.sys [222208 2008-10-03] () [File not signed] R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [20792 2008-01-21] () [File not signed] R0 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [24632 2008-01-21] () [File not signed] S3 Crusoe; C:\Windows\system32\drivers\crusoe.sys [40960 2008-01-21] () [File not signed] R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [75264 2011-04-14] () [File not signed] R0 disk; C:\Windows\System32\drivers\disk.sys [53736 2009-04-10] () [File not signed] S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2008-01-21] () [File not signed] R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [638336 2012-07-25] () [File not signed] S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] () [File not signed] R0 Ecache; C:\Windows\System32\drivers\ecache.sys [141288 2009-04-10] () [File not signed] R0 elxstor; C:\Windows\System32\drivers\elxstor.sys [342584 2008-01-21] () [File not signed] S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [6656 2008-01-21] () [File not signed] S3 exfat; C:\Windows\system32\Drivers\exfat.sys [136704 2009-04-10] () [File not signed] S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [142848 2009-04-10] () [File not signed] S3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2008-01-21] () [File not signed] R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58936 2008-01-21] () [File not signed] S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [27648 2008-01-21] () [File not signed] S3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2008-01-21] () [File not signed] R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] () [File not signed] S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] U1 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [12800 2012-02-29] () [File not signed] S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [61496 2008-01-21] () [File not signed] S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [235520 2006-11-02] () [File not signed] R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [561152 2009-04-10] () [File not signed] S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [29184 2006-11-02] () [File not signed] S3 HidIr; C:\Windows\system32\drivers\hidir.sys [21504 2006-11-02] () [File not signed] S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [12800 2009-04-10] () [File not signed] R0 HpCISSs; C:\Windows\System32\drivers\hpcisss.sys [40504 2008-01-21] () [File not signed] R3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [16768 2007-06-18] () [File not signed] S3 HSFHWAZL; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [200704 2008-01-21] () [File not signed] R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [985600 2007-11-01] () [File not signed] R3 HSXHWAZL; C:\Windows\System32\DRIVERS\HSXHWAZL.sys [208896 2007-11-01] () [File not signed] R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [411648 2010-02-20] () [File not signed] R0 i2omp; C:\Windows\System32\drivers\i2omp.sys [30264 2008-01-21] () [File not signed] R1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2008-01-21] () [File not signed] R0 iaStorV; C:\Windows\System32\drivers\iastorv.sys [235064 2008-01-21] () [File not signed] R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9036800 2011-02-11] () [File not signed] R0 iirsp; C:\Windows\System32\drivers\iirsp.sys [41576 2006-11-02] () [File not signed] R3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [113664 2008-06-04] () [File not signed] R0 intelide; C:\Windows\System32\drivers\intelide.sys [17976 2008-01-21] () [File not signed] R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [41472 2008-01-21] () [File not signed] S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [47616 2008-01-21] () [File not signed] S3 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [64512 2008-01-21] () [File not signed] S3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [100864 2008-01-21] () [File not signed] S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13312 2008-01-21] () [File not signed] R0 isapnp; C:\Windows\System32\drivers\isapnp.sys [49720 2008-01-21] () [File not signed] R3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [180712 2009-04-10] () [File not signed] R0 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [35944 2006-11-02] () [File not signed] R0 iteraid; C:\Windows\System32\drivers\iteraid.sys [35944 2006-11-02] () [File not signed] R1 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [35384 2008-01-21] () [File not signed] S1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [17408 2009-04-10] () [File not signed] S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] () [File not signed] R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [440704 2012-06-04] () [File not signed] R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [47104 2008-01-21] () [File not signed] R0 LSI_FC; C:\Windows\System32\drivers\lsi_fc.sys [96312 2008-01-21] () [File not signed] R0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [89656 2008-01-21] () [File not signed] R0 LSI_SCSI; C:\Windows\System32\drivers\lsi_scsi.sys [96312 2008-01-21] () [File not signed] R2 luafv; C:\Windows\system32\drivers\luafv.sys [84480 2008-01-21] () [File not signed] S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-13] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] () [File not signed] R0 megasas; C:\Windows\System32\drivers\megasas.sys [31288 2008-01-21] () [File not signed] R0 MegaSR; C:\Windows\System32\drivers\megasr.sys [386616 2008-01-21] () [File not signed] R3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2008-01-21] () [File not signed] R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [41984 2008-01-21] () [File not signed] R1 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [34360 2008-01-21] () [File not signed] S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [15872 2008-01-21] () [File not signed] R0 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [57400 2008-01-21] () [File not signed] R0 mpio; C:\Windows\System32\drivers\mpio.sys [105016 2008-01-21] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [64000 2008-01-21] () [File not signed] R0 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] () [File not signed] R3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [114688 2009-04-10] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [106496 2011-04-29] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [214016 2011-07-06] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [79872 2011-04-29] () [File not signed] R0 msahci; C:\Windows\System32\drivers\msahci.sys [27112 2009-04-10] () [File not signed] R0 msdsm; C:\Windows\System32\drivers\msdsm.sys [94776 2008-01-21] () [File not signed] R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2008-01-21] () [File not signed] R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [16440 2008-01-21] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8192 2008-01-21] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2008-01-21] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2008-01-21] () [File not signed] S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [161752 2009-04-10] () [File not signed] R3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [31288 2008-01-21] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6016 2008-01-21] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [48104 2009-04-10] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [148480 2009-04-10] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [527848 2009-04-10] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2008-01-21] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [16896 2008-01-21] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [121344 2009-04-10] () [File not signed] R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [49664 2008-01-21] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [35840 2008-01-21] () [File not signed] R1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] () [File not signed] R0 nfrd960; C:\Windows\System32\drivers\nfrd960.sys [45160 2006-11-02] () [File not signed] R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-04-10] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16384 2008-01-21] () [File not signed] R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-10] () [File not signed] S3 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] () [File not signed] R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2008-01-21] () [File not signed] S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x32.sys [429056 2006-11-02] () [File not signed] R0 nvraid; C:\Windows\System32\drivers\nvraid.sys [102968 2008-01-21] () [File not signed] R0 nvstor; C:\Windows\System32\drivers\nvstor.sys [45112 2008-01-21] () [File not signed] S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [109112 2008-01-21] () [File not signed] S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62080 2006-11-02] () [File not signed] S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2006-11-02] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [53120 2012-03-21] () [File not signed] S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2006-11-02] () [File not signed] S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] () [File not signed] R0 pci; C:\Windows\System32\drivers\pci.sys [149480 2009-04-10] () [File not signed] R0 pciide; C:\Windows\System32\drivers\pciide.sys [16440 2008-01-21] () [File not signed] S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [167528 2006-11-02] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [878080 2006-11-02] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [62976 2008-01-21] () [File not signed] S3 Processor; C:\Windows\system32\drivers\processr.sys [40960 2008-01-21] () [File not signed] R1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [72192 2009-04-10] () [File not signed] R0 ql2300; C:\Windows\System32\drivers\ql2300.sys [1122360 2008-01-21] () [File not signed] R0 ql40xx; C:\Windows\System32\drivers\ql40xx.sys [106088 2006-11-02] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2008-01-21] () [File not signed] R1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2008-01-21] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [76288 2008-01-21] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2009-04-10] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [69120 2009-04-10] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [225280 2009-04-10] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2008-01-21] () [File not signed] S3 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [248832 2008-01-21] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2008-01-21] () [File not signed] S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [180736 2012-05-01] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2008-01-21] () [File not signed] R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [123904 2008-06-10] () [File not signed] R3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [62464 2008-06-05] () [File not signed] R0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [76392 2006-11-02] () [File not signed] R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2006-11-02] () [File not signed] S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2006-11-02] () [File not signed] S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2006-11-02] () [File not signed] S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2008-01-21] () [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [13312 2008-01-21] () [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2008-01-21] () [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [11776 2008-01-21] () [File not signed] S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13312 2006-11-02] () [File not signed] S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [55864 2008-01-21] () [File not signed] R0 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [41016 2008-01-21] () [File not signed] R0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [74808 2008-01-21] () [File not signed] R1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66560 2009-04-10] () [File not signed] R0 spldr; C:\Windows\system32\Drivers\spldr.sys [21048 2008-01-21] () [File not signed] S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-02-08] (Duplex Secure Ltd.) R3 srv; C:\Windows\System32\DRIVERS\srv.sys [305152 2011-02-18] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [102400 2011-04-29] () [File not signed] S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH) R3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [9216 2008-01-21] () [File not signed] R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [15288 2008-01-21] () [File not signed] R0 Symc8xx; C:\Windows\System32\drivers\symc8xx.sys [35944 2006-11-02] () [File not signed] R0 Sym_hi; C:\Windows\System32\drivers\sym_hi.sys [31848 2006-11-02] () [File not signed] R0 Sym_u3; C:\Windows\System32\drivers\sym_u3.sys [34920 2006-11-02] () [File not signed] R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [199344 2008-04-17] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [905600 2012-03-30] () [File not signed] S3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [905600 2012-03-30] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [30720 2009-12-08] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2008-01-21] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29184 2008-01-21] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [72192 2009-04-10] () [File not signed] R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [53224 2009-04-10] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [23552 2008-01-21] () [File not signed] R3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [15360 2008-01-21] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [25088 2010-02-18] () [File not signed] S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [59448 2008-01-21] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [226816 2009-04-10] () [File not signed] S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [60984 2008-01-21] () [File not signed] R0 uliahci; C:\Windows\System32\drivers\uliahci.sys [238648 2008-01-21] () [File not signed] R0 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] () [File not signed] R0 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2008-01-21] () [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2008-01-21] () [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2008-01-21] () [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] () [File not signed] R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2009-04-10] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [196096 2009-04-10] () [File not signed] S3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [19456 2008-01-21] () [File not signed] S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [18944 2008-01-21] () [File not signed] S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2008-01-21] () [File not signed] S3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [28160 2008-01-21] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [65536 2009-04-10] () [File not signed] R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [23552 2008-01-21] () [File not signed] R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [134016 2008-01-21] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2008-01-21] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2008-01-21] () [File not signed] S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [56888 2008-01-21] () [File not signed] S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [41472 2008-01-21] () [File not signed] R0 viaide; C:\Windows\System32\drivers\viaide.sys [20024 2008-01-21] () [File not signed] R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [52792 2008-01-21] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [292840 2009-04-10] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [226280 2009-04-10] () [File not signed] R0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [130616 2008-01-21] () [File not signed] S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] () [File not signed] S3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] () [File not signed] R0 Wd; C:\Windows\System32\drivers\wd.sys [22072 2008-01-21] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] () [File not signed] R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [661504 2007-11-01] () [File not signed] R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2008-01-21] () [File not signed] S3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [40448 2009-10-01] () [File not signed] S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2008-01-21] () [File not signed] R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2009-07-14] () [File not signed] R2 X6XSEx_Pr143; C:\Program Files\FantastiGames\X6XSEx_Pr143.Sys [47432 2012-08-02] () [File not signed] R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8704 2007-10-18] () [File not signed] U5 5be5bf43b64694ac; C:\Windows\System32\Drivers\5be5bf43b64694ac.sys [57856 2014-04-16] () <===== ATTENTION Necurs Rootkit? U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28216 2008-01-21] () [File not signed] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 nmwcd; system32\drivers\ccdcmb.sys [X] S3 nmwcdc; system32\drivers\ccdcmbo.sys [X] S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X] S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 14:08 - 2014-08-13 14:09 - 00004704 _____ () C:\Users\Angie\Desktop\defogger_disable.log 2014-08-13 14:08 - 2014-08-13 14:09 - 00000020 _____ () C:\Users\Angie\defogger_reenable 2014-08-13 13:54 - 2014-08-13 14:11 - 00000000 ____D () C:\FRST 2014-08-13 13:28 - 2014-08-13 13:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 13:28 - 2014-08-13 13:28 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-13 13:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-13 13:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-13 13:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-13 13:01 - 2014-08-13 13:01 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Angie\Downloads\avira_de_av___ws.exe 2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira 2014-08-13 12:42 - 2014-08-13 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-13 12:41 - 2014-08-13 13:19 - 00000000 ____D () C:\ProgramData\Avira 2014-08-13 12:41 - 2014-08-13 13:18 - 00000000 ____D () C:\Program Files\Avira 2014-08-13 12:41 - 2010-03-01 10:05 - 00124784 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys 2014-08-13 12:41 - 2010-02-16 14:24 - 00060936 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-13 12:41 - 2009-05-11 12:49 - 00051992 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntdd.sys 2014-08-13 12:41 - 2009-05-11 12:49 - 00017016 _____ (AVIRA GmbH) C:\Windows\system32\Drivers\avgntmgr.sys 2014-08-13 12:41 - 2009-05-11 10:12 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-02 09:56 - 2014-08-13 12:55 - 00000000 ____D () C:\ProgramData\UstuWogu 2014-08-02 09:55 - 2014-08-13 12:55 - 00000000 ____D () C:\ProgramData\UskiTqop ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 14:11 - 2014-08-13 13:54 - 00000000 ____D () C:\FRST 2014-08-13 14:09 - 2014-08-13 14:08 - 00004704 _____ () C:\Users\Angie\Desktop\defogger_disable.log 2014-08-13 14:09 - 2014-08-13 14:08 - 00000020 _____ () C:\Users\Angie\defogger_reenable 2014-08-13 14:08 - 2009-01-23 13:29 - 00000000 ____D () C:\Users\Angie 2014-08-13 13:51 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-13 13:51 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-13 13:49 - 2008-12-04 01:32 - 00000286 _____ () C:\Users\Public\Documents\hpqp.ini 2014-08-13 13:46 - 2010-02-12 22:42 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-13 13:46 - 2008-01-21 04:47 - 00212242 _____ () C:\Windows\PFRO.log 2014-08-13 13:46 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-13 13:45 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-13 13:41 - 2010-02-12 22:42 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-13 13:31 - 2013-04-14 10:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-13 13:28 - 2014-08-13 13:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 13:28 - 2014-08-13 13:28 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 13:28 - 2014-08-13 13:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-13 13:28 - 2012-07-24 20:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-13 13:27 - 2013-10-20 12:08 - 00000000 ____D () C:\SearchProtect 2014-08-13 13:19 - 2014-08-13 12:41 - 00000000 ____D () C:\ProgramData\Avira 2014-08-13 13:18 - 2014-08-13 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-13 13:18 - 2014-08-13 12:41 - 00000000 ____D () C:\Program Files\Avira 2014-08-13 13:18 - 2008-12-04 00:43 - 01058835 _____ () C:\Windows\WindowsUpdate.log 2014-08-13 13:13 - 2014-07-10 20:48 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys 2014-08-13 13:09 - 2009-02-12 21:18 - 00000680 _____ () C:\Users\Angie\AppData\Local\d3d9caps.dat 2014-08-13 13:02 - 2013-09-16 21:20 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Mozilla 2014-08-13 13:01 - 2014-08-13 13:01 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Angie\Downloads\avira_de_av___ws.exe 2014-08-13 12:59 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Avira 2014-08-13 12:56 - 2014-06-07 08:44 - 00230236 _____ (Microsoft Corporation) C:\ProgramData\OletAyuxm.dat 2014-08-13 12:55 - 2014-08-02 09:56 - 00000000 ____D () C:\ProgramData\UstuWogu 2014-08-13 12:55 - 2014-08-02 09:55 - 00000000 ____D () C:\ProgramData\UskiTqop 2014-08-13 12:39 - 2014-08-13 12:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angie\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-04 21:37 - 2006-11-02 12:33 - 01453910 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-27 15:01 - 2013-09-16 21:21 - 00000264 _____ () C:\Windows\Tasks\PC Performer_DEFAULT.job Files to move or delete: ==================== C:\ProgramData\OletAyuxm.dat Some content of TEMP: ==================== C:\Users\Angie\AppData\Local\Temp\BackupSetup.exe C:\Users\Angie\AppData\Local\Temp\csrss.exe C:\Users\Angie\AppData\Local\Temp\dotNetFx40_Client_setup.exe C:\Users\Angie\AppData\Local\Temp\eTypeSetup.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate02.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate03.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate04.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate05.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate06.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate07.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate08.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate09.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate10.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate11.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate12.exe C:\Users\Angie\AppData\Local\Temp\FlashPlayerUpdate13.exe C:\Users\Angie\AppData\Local\Temp\HPQSi.exe C:\Users\Angie\AppData\Local\Temp\incredibar_installer.exe C:\Users\Angie\AppData\Local\Temp\installhelper.dll C:\Users\Angie\AppData\Local\Temp\jre-6u11-windows-i586-p-iftw_196cf524.exe C:\Users\Angie\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe C:\Users\Angie\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Angie\AppData\Local\Temp\minibar-master-v1.exe C:\Users\Angie\AppData\Local\Temp\MyBabylonTB_google_20120807.exe C:\Users\Angie\AppData\Local\Temp\NEventMessages.dll C:\Users\Angie\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Angie\AppData\Local\Temp\nsd6DE2.exe C:\Users\Angie\AppData\Local\Temp\nso31BD.exe C:\Users\Angie\AppData\Local\Temp\nsy409E.exe C:\Users\Angie\AppData\Local\Temp\nsyDF1E.exe C:\Users\Angie\AppData\Local\Temp\nsz3D71.exe C:\Users\Angie\AppData\Local\Temp\ose00000.exe C:\Users\Angie\AppData\Local\Temp\SecondStepInstaller.exe C:\Users\Angie\AppData\Local\Temp\setup.exe C:\Users\Angie\AppData\Local\Temp\SmartbarExeInstaller.exe C:\Users\Angie\AppData\Local\Temp\SPSetup.exe C:\Users\Angie\AppData\Local\Temp\SPStub.exe C:\Users\Angie\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\Angie\AppData\Local\Temp\ToolbarHelper.exe C:\Users\Angie\AppData\Local\Temp\uninst1.exe C:\Users\Angie\AppData\Local\Temp\vcredist_x86.exe C:\Users\Angie\AppData\Local\Temp\zzhEC53.exe C:\Users\Angie\AppData\Local\Temp\_isCA22.exe C:\Users\Angie\AppData\Local\Temp\?odec Performer803975.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys [2012-07-25 12:24] - [2009-04-10 23:32] - 0226280 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION! LastRegBack: 2014-08-13 13:54 ==================== End Of Log ============================ MBAM-Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.24.07 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Angie :: ANGIE-PC [Administrator] Schutz: Aktiviert 24.07.2012 20:05:40 mbam-log-2012-07-24 (20-05-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 186950 Laufzeit: 6 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:08 on 13/08/2014 (Angie)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read 5be5bf43b64694ac.sys
Unable to read SISAGP.SYS
Unable to read sisraid2.sys
Unable to read sisraid4.sys
Unable to read smb.sys
Unable to read smclib.sys
Unable to read spldr.sys
Unable to read spsys.sys
Unable to read srv.sys
Unable to read srv2.sys
Unable to read srvnet.sys
Unable to read StarOpen.sys
Unable to read Storport.sys
Unable to read swenum.sys
Unable to read symc8xx.sys
Unable to read sym_hi.sys
Unable to read sym_u3.sys
Unable to read SynTP.sys
Unable to read tape.sys
Unable to read tcpip.sys
Unable to read tcpipreg.sys
Unable to read tdi.sys
Unable to read tdpipe.sys
Unable to read tdtcp.sys
Unable to read tdx.sys
Unable to read termdd.sys
Unable to read tssecsrv.sys
Unable to read TUNMP.SYS
Unable to read tunnel.sys
Unable to read UAGP35.SYS
Unable to read udfs.sys
Unable to read ULIAGPKX.SYS
Unable to read uliahci.sys
Unable to read ulsata.sys
Unable to read ulsata2.sys
Unable to read umbus.sys
Unable to read umpass.sys
Unable to read usb8023.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read usbscan.sys
Unable to read usbser.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read usbvideo.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vsmraid.sys
Unable to read VSTAZL3.SYS
Unable to read VSTCNXT3.SYS
Unable to read VSTDPV3.SYS
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read WpdUsb.sys
Unable to read ws2ifsl.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys
Unable to read XAudio.sys
SPTD -> Disabled
-=E.O.F=-
kein Inhalt, da nur Systemfehler beim Start Geändert von xvolt (13.08.2014 um 13:32 Uhr) |
| Themen zu WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie) |
| 4d36e972-e325-11ce-bfc1-08002be10318, conduitsearch, conduitsearch entfernen, device driver, dxgkrnl, gruppenrichtlinie, gruppenrichtlinie gesperrt, launch, newtab, tunnel, usbvideo.sys, vcredist, vista home premium, win32/bundled.toolbar.ask, win32/installmonetizer.aq, win32/pricegong.a, win32/toolbar.conduit.ac, win32/toolbar.conduit.ah, win32/toolbar.conduit.b, win32/toolbar.conduit.p, win32/toolbar.conduit.x, win32/toolbar.conduit.y, win32/toolbar.linkury.g, win32/toolbar.mywebsearch.v, win32/wajam.d, win32/wajam.g, win64/toolbar.conduit.b |
Baum-Darstellung