|
Log-Analyse und Auswertung: Avira lässt sich nicht installierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.04.2015, 14:32 | #1 |
| Avira lässt sich nicht installieren Ich hab avira 2015 free direkt von deren seite runtergeladen, doch immer wenn ich es installieren will kommt eine fehlermeldung mit dem log: Code:
ATTFilter Anhang 73815 Code:
ATTFilter Anhang 73818 Code:
ATTFilter Anhang 73819 Code:
ATTFilter Anhang 73821 Geändert von rooks (22.04.2015 um 14:59 Uhr) |
22.04.2015, 14:49 | #2 |
/// the machine /// TB-Ausbilder | Avira lässt sich nicht installieren Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
22.04.2015, 15:00 | #3 |
| Avira lässt sich nicht installieren avira log file:
__________________Code:
ATTFilter [02F4:07EC][2015-04-22T14:34:58]i001: Burn v3.8.1128.0, Windows v6.1 (Build 7601: Service Pack 1), path: C:\Users\Lula\Downloads\avira_de_av_55368b2dd5808__ws.exe, cmdline: '-burn.unelevated BurnPipe.{B3C50F09-9369-4898-88C7-B4063A501F29} {1E276726-3588-4371-858A-A0F8FA73E211} 288' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'PARTNER_ID' to value 'avira' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'SkipSuccessPageAfterInstall' to value 'yes' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'ShowProgressInTaskBar' to value 'no' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'RebootImmediatly' to value 'yes' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'ShowSendErrorReport' to value 'yes' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'LogFileUploadUrl' to value 'https://wl-win.oes.avira.com/sendreport' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'SERVER_URL' to value '' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'LEGACY_SERVER_URL' to value '' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'SHORT_MSG_FORMAT' to value '' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'TRACKING_TOKEN' to value '1e273c264b066a9848ad28f4b44e3d26' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing numeric variable 'TESTING_MODE' to value '0' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'CUSTOM_KIT_TOKEN' to value '' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'DOWNLOAD_SOURCE' to value '' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'SOFT_AUTH_ID' to value '' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing string variable 'BUNDLE_ID' to value '' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing numeric variable 'NOAFTERINSTALLPAGE' to value '0' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing numeric variable 'SILENT_INSTALLATION_FROM_BOOTSTRAPPER' to value '0' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing numeric variable 'IS_MAYOR_UPGRADE' to value '0' [02F4:07EC][2015-04-22T14:34:58]i000: Initializing numeric variable 'IS_STARTED_BY_MAYOR_UPGRADE' to value '0' [02F4:07EC][2015-04-22T14:34:58]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\Lula\AppData\Local\Temp\Avira_20150422143458.log' [02F4:07EC][2015-04-22T14:34:58]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\Lula\Downloads\avira_de_av_55368b2dd5808__ws.exe' [02F4:07EC][2015-04-22T14:34:58]i000: Setting string variable 'WixBundleName' to value 'Avira' [02F4:0758][2015-04-22T14:34:58]i000: Setting string variable 'CUSTOM_KIT_TOKEN' to value '' [02F4:0758][2015-04-22T14:34:58]i000: Setting string variable 'DOWNLOAD_SOURCE' to value 'ws' [02F4:0758][2015-04-22T14:34:58]i000: Setting string variable 'BUNDLE_ID' to value 'av' [02F4:0758][2015-04-22T14:34:58]i000: Setting string variable 'SOFT_AUTH_ID' to value '55368b2dd5808' [02F4:0758][2015-04-22T14:34:58]i000: Setting string variable 'SILENT_INSTALLATION_FROM_BOOTSTRAPPER' to value '0' [02F4:0758][2015-04-22T14:34:58]i000: Setting string variable 'IS_STARTED_BY_MAYOR_UPGRADE' to value '0' [02F4:0758][2015-04-22T14:34:58]i000: Setting string variable 'LANGUAGE' to value 'de' [02F4:07EC][2015-04-22T14:34:58]i100: Detect begin, 4 packages [02F4:07EC][2015-04-22T14:34:58]i000: Registry key not found. Key = 'Software\X-AVCSD\Launcher' [02F4:07EC][2015-04-22T14:34:58]i000: Registry value not found. Key = '', Value = 'PartnerId' [02F4:07EC][2015-04-22T14:34:58]i000: Registry value not found. Key = '', Value = 'ProductName' [02F4:07EC][2015-04-22T14:34:58]i000: Setting string variable 'NETFRAMEWORK35' to value '1' [02F4:07EC][2015-04-22T14:34:58]i000: Setting string variable 'NETFRAMEWORK35SP1' to value '1' [02F4:07EC][2015-04-22T14:34:58]i000: Setting string variable 'NETFRAMEWORK40CLIENT' to value '1' [02F4:07EC][2015-04-22T14:34:58]i000: Registry key not found. Key = 'SOFTWARE\Avira\AntiVir Server' [02F4:07EC][2015-04-22T14:34:58]i000: Setting numeric variable 'AviraServerSecurityIsInstalled' to value 0 [02F4:07EC][2015-04-22T14:34:58]i052: Condition '(InstalledLauncherPartnerId = PARTNER_ID) AND (IS_STARTED_BY_MAYOR_UPGRADE = 0)' evaluates to false. [02F4:07EC][2015-04-22T14:34:58]i052: Condition '(NETFRAMEWORK40CLIENT = 1)' evaluates to true. [02F4:07EC][2015-04-22T14:34:58]i101: Detected package: ExecutePrequisites, state: Absent, cached: None [02F4:07EC][2015-04-22T14:34:58]i101: Detected package: OECrossDetectionKey, state: Absent, cached: None [02F4:07EC][2015-04-22T14:34:58]i101: Detected package: NetFx40ClientWeb, state: Present, cached: None [02F4:07EC][2015-04-22T14:34:58]i101: Detected package: Id.Avira.OE.Setup.Msi, state: Absent, cached: None [02F4:07EC][2015-04-22T14:34:58]i052: Condition 'NTProductType = 1 AND ( ((VersionNT = v5.1) AND (ServicePackLevel >= 3)) OR ((VersionNT64 = v5.2) AND (ServicePackLevel >= 2)) OR ((VersionNT = v6.0)) OR ((VersionNT = v6.1)) OR (VersionNT >= v6.2) )' evaluates to true. [02F4:07EC][2015-04-22T14:34:58]i052: Condition 'NOT AviraServerSecurityIsInstalled' evaluates to true. [02F4:07EC][2015-04-22T14:34:58]i052: Condition '(NOT InstalledLauncherPartnerId) OR (InstalledLauncherPartnerId = PARTNER_ID)' evaluates to true. [02F4:07EC][2015-04-22T14:34:58]i199: Detect complete, result: 0x0 [02F4:07EC][2015-04-22T14:34:59]i200: Plan begin, 4 packages, action: Install [02F4:07EC][2015-04-22T14:34:59]w321: Skipping dependency registration on package with no dependency providers: ExecutePrequisites [02F4:07EC][2015-04-22T14:34:59]i000: Setting string variable 'WixBundleLog_ExecutePrequisites' to value 'C:\Users\Lula\AppData\Local\Temp\Avira_20150422143458_0_ExecutePrequisites.log' [02F4:07EC][2015-04-22T14:34:59]i000: Setting string variable 'WixBundleRollbackLog_ExecutePrequisites' to value 'C:\Users\Lula\AppData\Local\Temp\Avira_20150422143458_0_ExecutePrequisites_rollback.log' [02F4:07EC][2015-04-22T14:34:59]w321: Skipping dependency registration on package with no dependency providers: OECrossDetectionKey [02F4:07EC][2015-04-22T14:34:59]i000: Setting string variable 'WixBundleLog_OECrossDetectionKey' to value 'C:\Users\Lula\AppData\Local\Temp\Avira_20150422143458_1_OECrossDetectionKey.log' [02F4:07EC][2015-04-22T14:34:59]i000: Setting string variable 'WixBundleRollbackLog_OECrossDetectionKey' to value 'C:\Users\Lula\AppData\Local\Temp\Avira_20150422143458_1_OECrossDetectionKey_rollback.log' [02F4:07EC][2015-04-22T14:34:59]i052: Condition '(NOT(NETFRAMEWORK35 = 1 AND NETFRAMEWORK35SP1 = 1)) AND (NOT (NETFRAMEWORK40CLIENT = 1))' evaluates to false. [02F4:07EC][2015-04-22T14:34:59]w321: Skipping dependency registration on package with no dependency providers: NetFx40ClientWeb [02F4:07EC][2015-04-22T14:34:59]i000: Setting string variable 'WixBundleRollbackLog_Id.Avira.OE.Setup.Msi' to value 'C:\Users\Lula\AppData\Local\Temp\Avira_20150422143458_2_Id.Avira.OE.Setup.Msi_rollback.log' [02F4:07EC][2015-04-22T14:34:59]i000: Setting string variable 'WixBundleLog_Id.Avira.OE.Setup.Msi' to value 'C:\Users\Lula\AppData\Local\Temp\Avira_20150422143458_2_Id.Avira.OE.Setup.Msi.log' [02F4:07EC][2015-04-22T14:34:59]i201: Planned package: ExecutePrequisites, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: None [02F4:07EC][2015-04-22T14:34:59]i201: Planned package: OECrossDetectionKey, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: None [02F4:07EC][2015-04-22T14:34:59]i201: Planned package: NetFx40ClientWeb, state: Present, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None [02F4:07EC][2015-04-22T14:34:59]i201: Planned package: Id.Avira.OE.Setup.Msi, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: Register [02F4:07EC][2015-04-22T14:34:59]i299: Plan complete, result: 0x0 [02F4:07EC][2015-04-22T14:35:00]i300: Apply begin [0120:0158][2015-04-22T14:35:06]w308: Automatic updates could not be paused due to error: 0x8007043c. Continuing... [0120:0158][2015-04-22T14:35:06]i000: Caching bundle from: 'C:\Users\Lula\AppData\Local\Temp\{d8490d5d-0f24-4000-b2e4-4b500a9a704d}\.be\Avira.OE.Setup.Bundle.exe' to: 'C:\ProgramData\Package Cache\{d8490d5d-0f24-4000-b2e4-4b500a9a704d}\Avira.OE.Setup.Bundle.exe' [0120:0158][2015-04-22T14:35:06]i320: Registering bundle dependency provider: {d8490d5d-0f24-4000-b2e4-4b500a9a704d}, version: 1.1.35.25717 [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: ExecutePrequisites at path: C:\ProgramData\Package Cache\.unverified\ExecutePrequisites, moving to: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe. [0120:00F4][2015-04-22T14:35:06]i304: Verified existing payload: OECrossDetectionKey at path: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: Id.Avira.OE.Setup.Msi at path: C:\ProgramData\Package Cache\.unverified\Id.Avira.OE.Setup.Msi, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\Avira.OE.Setup.Msi.msi. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: BundlePayload at path: C:\ProgramData\Package Cache\.unverified\BundlePayload, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\BundledProducts.xml. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiDE at path: C:\ProgramData\Package Cache\.unverified\MsiDE, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.de.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiEN at path: C:\ProgramData\Package Cache\.unverified\MsiEN, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.en.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiEs at path: C:\ProgramData\Package Cache\.unverified\MsiEs, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.es.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiFr at path: C:\ProgramData\Package Cache\.unverified\MsiFr, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.fr.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiIt at path: C:\ProgramData\Package Cache\.unverified\MsiIt, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.it.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiJa at path: C:\ProgramData\Package Cache\.unverified\MsiJa, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.ja.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiNl at path: C:\ProgramData\Package Cache\.unverified\MsiNl, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.nl.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiPtBr at path: C:\ProgramData\Package Cache\.unverified\MsiPtBr, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.ptbr.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiRu at path: C:\ProgramData\Package Cache\.unverified\MsiRu, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.ru.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiTr at path: C:\ProgramData\Package Cache\.unverified\MsiTr, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.tr.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiZhCn at path: C:\ProgramData\Package Cache\.unverified\MsiZhCn, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.zhcn.mst. [0120:00F4][2015-04-22T14:35:06]i305: Verified acquired payload: MsiZhTw at path: C:\ProgramData\Package Cache\.unverified\MsiZhTw, moving to: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\loc.zhtw.mst. [0120:0158][2015-04-22T14:35:06]i301: Applying execute package: ExecutePrequisites, action: Install, path: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe, arguments: '"C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe" /enableMsiService /checkRebootRequired' [02F4:07EC][2015-04-22T14:35:06]i319: Applied execute package: ExecutePrequisites, result: 0x0, restart: None [0120:0158][2015-04-22T14:35:06]i301: Applying execute package: OECrossDetectionKey, action: Install, path: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe, arguments: '"C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe" /writeCrossDetectionKey' [02F4:07EC][2015-04-22T14:35:06]i319: Applied execute package: OECrossDetectionKey, result: 0x0, restart: None [0120:0158][2015-04-22T14:35:06]i323: Registering package dependency provider: {E1355B2B-5093-4917-8F44-F253B0A6F0F2}, version: 1.1.35.25717, package: Id.Avira.OE.Setup.Msi [0120:0158][2015-04-22T14:35:06]i301: Applying execute package: Id.Avira.OE.Setup.Msi, action: Install, path: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\Avira.OE.Setup.Msi.msi, arguments: ' ARPSYSTEMCOMPONENT="1" TRANSFORMS="loc.de.mst" SERVER_URL="" LEGACY_SERVER_URL="" SHORT_MSG_FORMAT="" TRACKING_TOKEN="1e273c264b066a9848ad28f4b44e3d26" CUSTOM_KIT_TOKEN="" DOWNLOAD_SOURCE="ws" BUNDLE_ID="av" SOFT_AUTH_ID="55368b2dd5808" WCF_AUTH_VERIFY_SIGNATURE="TRUE" NOAFTERINSTALLPAGE="0" SILENT_INSTALLATION_FROM_BOOTSTRAPPER="0" TRIGGERED_FROM_BOOTSTRAPPER="1"' [0120:0158][2015-04-22T14:35:06]e000: Error 0x80070641: Failed to install MSI package. [0120:0158][2015-04-22T14:35:06]e000: Error 0x80070641: Failed to execute MSI package. [02F4:07EC][2015-04-22T14:35:06]e000: Error 0x80070641: Failed to configure per-machine MSI package. [02F4:07EC][2015-04-22T14:35:06]w348: Application requested retry of package: Id.Avira.OE.Setup.Msi, encountered error: 0x80070641. Retrying... [0120:0158][2015-04-22T14:35:09]i301: Applying execute package: Id.Avira.OE.Setup.Msi, action: Install, path: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\Avira.OE.Setup.Msi.msi, arguments: ' ARPSYSTEMCOMPONENT="1" TRANSFORMS="loc.de.mst" SERVER_URL="" LEGACY_SERVER_URL="" SHORT_MSG_FORMAT="" TRACKING_TOKEN="1e273c264b066a9848ad28f4b44e3d26" CUSTOM_KIT_TOKEN="" DOWNLOAD_SOURCE="ws" BUNDLE_ID="av" SOFT_AUTH_ID="55368b2dd5808" WCF_AUTH_VERIFY_SIGNATURE="TRUE" NOAFTERINSTALLPAGE="0" SILENT_INSTALLATION_FROM_BOOTSTRAPPER="0" TRIGGERED_FROM_BOOTSTRAPPER="1"' [0120:0158][2015-04-22T14:35:09]e000: Error 0x80070641: Failed to install MSI package. [0120:0158][2015-04-22T14:35:09]e000: Error 0x80070641: Failed to execute MSI package. [02F4:07EC][2015-04-22T14:35:09]e000: Error 0x80070641: Failed to configure per-machine MSI package. [02F4:07EC][2015-04-22T14:35:09]w348: Application requested retry of package: Id.Avira.OE.Setup.Msi, encountered error: 0x80070641. Retrying... [0120:0158][2015-04-22T14:35:12]i301: Applying execute package: Id.Avira.OE.Setup.Msi, action: Install, path: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\Avira.OE.Setup.Msi.msi, arguments: ' ARPSYSTEMCOMPONENT="1" TRANSFORMS="loc.de.mst" SERVER_URL="" LEGACY_SERVER_URL="" SHORT_MSG_FORMAT="" TRACKING_TOKEN="1e273c264b066a9848ad28f4b44e3d26" CUSTOM_KIT_TOKEN="" DOWNLOAD_SOURCE="ws" BUNDLE_ID="av" SOFT_AUTH_ID="55368b2dd5808" WCF_AUTH_VERIFY_SIGNATURE="TRUE" NOAFTERINSTALLPAGE="0" SILENT_INSTALLATION_FROM_BOOTSTRAPPER="0" TRIGGERED_FROM_BOOTSTRAPPER="1"' [0120:0158][2015-04-22T14:35:12]e000: Error 0x80070641: Failed to install MSI package. [0120:0158][2015-04-22T14:35:12]e000: Error 0x80070641: Failed to execute MSI package. [02F4:07EC][2015-04-22T14:35:12]e000: Error 0x80070641: Failed to configure per-machine MSI package. [02F4:07EC][2015-04-22T14:35:12]w348: Application requested retry of package: Id.Avira.OE.Setup.Msi, encountered error: 0x80070641. Retrying... [0120:0158][2015-04-22T14:35:15]i301: Applying execute package: Id.Avira.OE.Setup.Msi, action: Install, path: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\Avira.OE.Setup.Msi.msi, arguments: ' ARPSYSTEMCOMPONENT="1" TRANSFORMS="loc.de.mst" SERVER_URL="" LEGACY_SERVER_URL="" SHORT_MSG_FORMAT="" TRACKING_TOKEN="1e273c264b066a9848ad28f4b44e3d26" CUSTOM_KIT_TOKEN="" DOWNLOAD_SOURCE="ws" BUNDLE_ID="av" SOFT_AUTH_ID="55368b2dd5808" WCF_AUTH_VERIFY_SIGNATURE="TRUE" NOAFTERINSTALLPAGE="0" SILENT_INSTALLATION_FROM_BOOTSTRAPPER="0" TRIGGERED_FROM_BOOTSTRAPPER="1"' [0120:0158][2015-04-22T14:35:15]e000: Error 0x80070641: Failed to install MSI package. [0120:0158][2015-04-22T14:35:15]e000: Error 0x80070641: Failed to execute MSI package. [02F4:07EC][2015-04-22T14:35:15]e000: Error 0x80070641: Failed to configure per-machine MSI package. [02F4:07EC][2015-04-22T14:35:15]i319: Applied execute package: Id.Avira.OE.Setup.Msi, result: 0x80070641, restart: None [02F4:07EC][2015-04-22T14:35:15]e000: Error 0x80070641: Failed to execute MSI package. [0120:0158][2015-04-22T14:35:15]i318: Skipped rollback of package: Id.Avira.OE.Setup.Msi, action: Uninstall, already: Absent [02F4:07EC][2015-04-22T14:35:15]i319: Applied rollback package: Id.Avira.OE.Setup.Msi, result: 0x0, restart: None [0120:0158][2015-04-22T14:35:15]i329: Removed package dependency provider: {E1355B2B-5093-4917-8F44-F253B0A6F0F2}, package: Id.Avira.OE.Setup.Msi [0120:0158][2015-04-22T14:35:15]i351: Removing cached package: Id.Avira.OE.Setup.Msi, from path: C:\ProgramData\Package Cache\{E1355B2B-5093-4917-8F44-F253B0A6F0F2}v1.1.35.25717\ [0120:0158][2015-04-22T14:35:15]i301: Applying rollback package: OECrossDetectionKey, action: Uninstall, path: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe, arguments: '"C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe" /removeCrossDetectionKey' [02F4:07EC][2015-04-22T14:35:15]i319: Applied rollback package: OECrossDetectionKey, result: 0x0, restart: None [0120:0158][2015-04-22T14:35:15]i351: Removing cached package: OECrossDetectionKey, from path: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\ [0120:0158][2015-04-22T14:35:15]i301: Applying rollback package: ExecutePrequisites, action: Uninstall, path: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe, arguments: '"C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe" /enableMsiService' [0120:0158][2015-04-22T14:35:15]e000: Error 0x80070003: Failed to CreateProcess on path: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\Avira.OE.Setup.Prerequisites.exe [0120:0158][2015-04-22T14:35:15]e000: Error 0x80070003: Failed to execute EXE package. [02F4:07EC][2015-04-22T14:35:15]e000: Error 0x80070003: Failed to configure per-machine EXE package. [02F4:07EC][2015-04-22T14:35:15]i319: Applied rollback package: ExecutePrequisites, result: 0x80070003, restart: None [0120:0158][2015-04-22T14:35:15]i351: Removing cached package: ExecutePrequisites, from path: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\ [0120:0158][2015-04-22T14:35:15]w353: Unable to remove cached package: ExecutePrequisites, from path: C:\ProgramData\Package Cache\5A184DAEADFE7352F1B837404BC7DC34AD73D611\, reason: 0x80070003. Continuing... [0120:0158][2015-04-22T14:35:15]i330: Removed bundle dependency provider: {d8490d5d-0f24-4000-b2e4-4b500a9a704d} [0120:0158][2015-04-22T14:35:15]i352: Removing cached bundle: {d8490d5d-0f24-4000-b2e4-4b500a9a704d}, from path: C:\ProgramData\Package Cache\{d8490d5d-0f24-4000-b2e4-4b500a9a704d}\ [02F4:07EC][2015-04-22T14:35:15]i399: Apply complete, result: 0x80070641, restart: None, ba requested restart: No FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015 Ran by Lula (administrator) on MAKA-PC on 22-04-2015 15:43:00 Running from C:\Users\Lula\Downloads Loaded Profiles: Lula (Available profiles: Lula & Papa) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Trend Micro Inc.) C:\Users\Lula\Downloads\hijackthis.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1222768 2015-04-10] () HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49997;https=127.0.0.1:49997; HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.giga.de/androidnews/?utm_source=SDA&utm_medium=plugin&utm_campaign=april2015 HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM-x32 - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=928&systemid=2&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1001 -> DefaultScope {4E00BF0C-61B4-44B7-AE56-4DB66E480E09} URL = SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1001 -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1001 -> 006ee092-9658-4fd6-bd8e-a21a348e59f5 URL = SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397308101&from=tugs&uid=SAMSUNGXHM500JI_S20CJ9FZ911527&q={searchTerms} SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1001 -> {4E00BF0C-61B4-44B7-AE56-4DB66E480E09} URL = BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-09-19] (DVDVideoSoft Ltd.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File BHO-x32: PriceSparrow -> {3F2DC1E7-A56F-49D8-B0CF-DB2300594497} -> No File BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: No Name -> {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-01-13] (DVDVideoSoft Ltd.) Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKU\S-1-5-21-522234228-4192544273-3428825822-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-522234228-4192544273-3428825822-1001 -> No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File Toolbar: HKU\S-1-5-21-522234228-4192544273-3428825822-1001 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll [2013-11-02] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Profiles\1d6j9xx8.default-1427563634334 FF Homepage: hxxp://www.giga.de/androidnews/?utm_source=SDA&utm_medium=plugin&utm_campaign=april2015 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Profiles\1d6j9xx8.default-1427563634334\user.js [2015-04-07] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.) FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Profiles\1d6j9xx8.default-1427563634334\Extensions\sparpilot@sparpilot.com [2015-04-21] FF Extension: GMX MailCheck - C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Profiles\1d6j9xx8.default-1427563634334\Extensions\toolbar@gmx.net [2015-04-09] FF Extension: YouTube Unblocker - C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Profiles\1d6j9xx8.default-1427563634334\Extensions\youtubeunblocker@unblocker.yt [2015-03-28] FF Extension: MEGA - C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Profiles\1d6j9xx8.default-1427563634334\Extensions\firefox@mega.co.nz.xpi [2015-04-21] FF Extension: Pin It Button - C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Profiles\1d6j9xx8.default-1427563634334\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-04-05] FF Extension: {b0fe9fb9-9a6d-4689-aecc-e55f5d076dd5} - C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Profiles\1d6j9xx8.default-1427563634334\Extensions\{b0fe9fb9-9a6d-4689-aecc-e55f5d076dd5}.xpi [2015-04-21] FF Extension: Adblock Plus - C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Profiles\1d6j9xx8.default-1427563634334\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-28] FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-04-21] FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox FF Extension: No Name - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-04-21] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-08] <==== ATTENTION Chrome: ======= CHR Profile: C:\Users\Lula\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Freemake Video Converter) - C:\Users\Lula\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-05-01] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path Or update_url value CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - No Path Or update_url value ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [659456 2006-02-10] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed] S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation) S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [819824 2015-04-10] () S2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed] S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.) S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2015-04-10] (360.cn) S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2015-04-10] (360.cn) S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2015-04-10] (360.cn) S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-04-10] (360.cn) S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [314448 2015-04-10] (Qihu 360 Software Co., Ltd.) S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.) S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2015-04-10] (Qihu 360 Software Co., Ltd.) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-10-21] (Windows (R) 2003 DDK 3790 provider) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S3 TASCAM_US122144; System32\Drivers\tascusb2.sys [X] S3 TASCAM_US122L_MK2_MIDI; system32\drivers\tscusb2m.sys [X] S3 TASCAM_US122L_MK2_WDM; system32\drivers\tscusb2a.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-22 15:16 - 2015-04-22 15:29 - 00011772 _____ () C:\Users\Lula\Downloads\hijackthis.log 2015-04-22 15:16 - 2015-04-22 15:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lula\Downloads\hijackthis.exe 2015-04-22 14:26 - 2015-04-22 15:14 - 00000000 ____D () C:\OETemp 2015-04-22 14:18 - 2015-04-22 14:18 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lula\Downloads\avira_de_av_55368b2dd5808__ws.exe 2015-04-22 14:06 - 2015-04-22 14:06 - 00896048 _____ () C:\Users\Lula\Downloads\Norton_Removal_Tool.exe 2015-04-22 14:01 - 2015-04-22 14:01 - 00000000 ____D () C:\ProgramData\360safe 2015-04-22 14:00 - 2015-04-22 14:00 - 00000000 _RSHD () C:\360SANDBOX 2015-04-22 13:23 - 2015-04-22 13:23 - 00154496 _____ () C:\Users\Lula\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-22 09:56 - 2015-04-22 09:56 - 00000000 ___HT () C:\windows\wusa.lock 2015-04-22 09:21 - 2015-04-22 23:49 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\GlarySoft 2015-04-22 09:15 - 2015-04-22 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2015-04-22 09:15 - 2015-04-22 23:48 - 00000000 ____D () C:\Program Files (x86)\Glarysoft 2015-04-22 09:15 - 2015-04-22 09:15 - 00001255 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk 2015-04-22 09:14 - 2015-04-22 09:14 - 04759376 _____ () C:\Users\Lula\Downloads\rrsetup.exe 2015-04-22 09:14 - 2014-07-16 10:24 - 00040760 _____ (TuneUp Software) C:\windows\system32\TURegOpt.exe 2015-04-22 09:13 - 2015-04-22 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014 2015-04-22 09:13 - 2015-04-22 23:52 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014 2015-04-22 09:13 - 2015-04-22 09:13 - 00002201 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk 2015-04-22 09:13 - 2015-04-22 09:13 - 00000000 ____D () C:\Users\Lula\AppData\Local\TuneUp Software 2015-04-22 09:13 - 2014-07-16 10:24 - 00029496 _____ (TuneUp Software) C:\windows\system32\authuitu.dll 2015-04-22 09:13 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\windows\SysWOW64\authuitu.dll 2015-04-22 09:11 - 2015-04-22 09:11 - 00429712 _____ () C:\Users\Lula\Downloads\rrsetup_CB-DL-Manager.exe 2015-04-22 09:03 - 2014-10-30 04:04 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-04-22 09:03 - 2014-10-30 04:04 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\vbscript(39).dll 2015-04-22 09:03 - 2014-10-30 03:46 - 00428544 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-04-22 08:50 - 2015-04-22 08:54 - 05076376 _____ () C:\windows\system32\FNTCACHE.DAT 2015-04-21 23:22 - 2015-04-21 23:22 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\dlg 2015-04-21 23:16 - 2015-04-21 23:22 - 00000000 ____D () C:\Program Files (x86)\Free Window Registry Repair 2015-04-21 23:16 - 2015-04-21 23:16 - 00001031 _____ () C:\Users\Lula\Desktop\Free Window Registry Repair.lnk 2015-04-21 23:16 - 2015-04-21 23:16 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2015-04-21 23:15 - 2015-04-22 23:52 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-04-21 23:15 - 2015-04-21 23:16 - 00804985 _____ () C:\Users\Lula\Downloads\RegpairSetup.exe 2015-04-21 23:06 - 2015-04-22 09:11 - 00000000 __SHD () C:\ProgramData\360Quarant 2015-04-21 23:06 - 2015-04-22 09:11 - 00000000 __SHD () C:\$360Section 2015-04-21 23:02 - 2015-04-22 14:02 - 00000000 ____D () C:\ProgramData\360TotalSecurity 2015-04-21 23:02 - 2015-04-21 23:02 - 00000000 ____D () C:\windows\Tasks\360Disabled 2015-04-21 23:01 - 2015-04-22 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2015-04-21 23:01 - 2015-04-22 23:48 - 00000000 ____D () C:\Program Files (x86)\360 2015-04-21 23:01 - 2015-04-21 23:01 - 00429712 _____ () C:\Users\Lula\Downloads\RegpairSetup_CB-DL-Manager.exe 2015-04-21 23:01 - 2015-04-21 23:01 - 00001149 _____ () C:\Users\Public\Desktop\360 Total Security.lnk 2015-04-21 23:01 - 2015-04-10 09:16 - 00314448 _____ (Qihu 360 Software Co., Ltd.) C:\windows\system32\Drivers\360fsflt.sys 2015-04-21 23:01 - 2015-04-10 09:16 - 00305736 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys 2015-04-21 23:01 - 2015-04-10 09:16 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\windows\system32\Drivers\BAPIDRV64.SYS 2015-04-21 23:01 - 2015-04-10 09:16 - 00100424 _____ (360.cn) C:\windows\system32\Drivers\360AntiHacker64.sys 2015-04-21 23:01 - 2015-04-10 09:16 - 00077896 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys 2015-04-21 23:01 - 2015-04-10 09:16 - 00040520 _____ (360.cn) C:\windows\system32\Drivers\360Camera64.sys 2015-04-21 22:59 - 2015-04-21 22:59 - 01203488 _____ () C:\Users\Lula\Downloads\360 Total Security - CHIP-Installer.exe 2015-04-21 22:44 - 2015-04-21 22:46 - 165283560 _____ () C:\Users\Lula\Downloads\avira_free_antivirus_de_15.0.9.504(1).exe 2015-04-21 22:42 - 2015-04-22 14:08 - 00000000 ____D () C:\Users\Lula\Downloads\Avira-RegistryCleaner 2015-04-21 22:42 - 2015-04-21 22:42 - 00000000 ____D () C:\Users\Lula\AppData\Local\Tempb125cf933150265a5d7947182781d435 2015-04-21 22:42 - 2015-04-21 22:42 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck 2015-04-21 22:41 - 2015-04-21 22:41 - 01047704 _____ () C:\Users\Lula\Downloads\Avira-RegistryCleaner-lnstall.exe 2015-04-21 22:39 - 2015-04-21 22:39 - 01097176 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lula\Downloads\avira_registry_cleaner_de.exe 2015-04-21 22:29 - 2015-04-21 22:29 - 00003124 _____ () C:\windows\System32\Tasks\{C59C6278-4DE4-4FFB-9987-8DB4B055C53E} 2015-04-21 21:44 - 2015-04-21 21:44 - 24535040 _____ () C:\windows\system32\config\SYSTEM.sav.LOG 2015-04-21 21:40 - 2015-04-21 21:44 - 93351936 _____ () C:\windows\system32\config\SOFTWARE.sav.LOG 2015-04-21 21:37 - 2015-04-21 21:45 - 00002282 _____ () C:\windows\system32\ASOROSet.bin 2015-04-21 21:37 - 2015-04-21 21:37 - 00000000 ____D () C:\windows\system32\config\RCCBakup 2015-04-21 21:36 - 2015-04-21 21:38 - 00476896 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Lula\Downloads\ashampoo_winoptimizer_2015_18590.exe.part 2015-04-21 21:32 - 2015-04-21 21:51 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\Solvusoft 2015-04-21 21:32 - 2015-04-21 21:32 - 03894696 _____ (solvusoft Corporation ) C:\Users\Lula\Downloads\Setup_WinThruster_2015.exe 2015-04-21 21:32 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\windows\system32\roboot64.exe 2015-04-21 21:27 - 2015-04-21 21:29 - 165283560 _____ () C:\Users\Lula\Downloads\avira_free_antivirus_de_15.0.9.504.exe 2015-04-21 15:35 - 2015-04-22 14:09 - 00488426 _____ () C:\windows\PFRO.log 2015-04-21 15:14 - 2015-04-21 15:14 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-21 15:13 - 2015-04-21 15:13 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-21 15:13 - 2015-04-21 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-21 15:13 - 2015-04-21 15:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-21 15:13 - 2015-04-21 15:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-21 15:13 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-04-21 15:13 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-04-21 15:13 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-04-21 15:12 - 2015-04-21 15:12 - 01203488 _____ () C:\Users\Lula\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2015-04-20 22:04 - 2015-04-20 22:05 - 00048982 _____ () C:\Users\Lula\Downloads\Addition.txt 2015-04-20 22:03 - 2015-04-22 15:43 - 00017688 _____ () C:\Users\Lula\Downloads\FRST.txt 2015-04-20 22:03 - 2015-04-22 15:43 - 00000000 ____D () C:\FRST 2015-04-20 22:02 - 2015-04-20 22:02 - 02099712 _____ (Farbar) C:\Users\Lula\Downloads\FRST64.exe 2015-04-20 21:32 - 2015-04-22 23:52 - 00000000 ____D () C:\windows\Minidump 2015-04-20 21:32 - 2015-04-20 21:32 - 00271152 _____ () C:\windows\Minidump\042015-30950-01.dmp 2015-04-20 21:08 - 2015-04-20 21:08 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Lula\Downloads\SpyHunter-Installer.exe 2015-04-20 12:54 - 2015-04-20 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixelan 2015-04-20 12:54 - 2015-04-20 12:54 - 00000000 ____D () C:\Program Files (x86)\Pixelan 2015-04-19 19:53 - 2015-04-19 20:08 - 67956995 _____ () C:\Users\Lula\Desktop\babe.mp4 2015-04-18 20:52 - 2015-04-18 20:53 - 00000000 ____D () C:\Users\Lula\Downloads\osts 2015-04-18 15:31 - 2015-04-18 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenArts Sapphire OFX 2015-04-18 15:30 - 2015-04-18 15:30 - 00000000 ____D () C:\ProgramData\GenArts 2015-04-18 15:06 - 2015-04-18 15:31 - 00000000 ____D () C:\Program Files (x86)\GenArts 2015-04-18 12:49 - 2015-04-22 14:01 - 00003304 _____ () C:\windows\setupact.log 2015-04-18 12:49 - 2015-04-18 12:49 - 00000000 _____ () C:\windows\setuperr.log 2015-04-16 15:36 - 2015-04-16 15:36 - 00000000 ____D () C:\ProgramData\Reprise 2015-04-16 08:35 - 2015-04-22 14:03 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat 2015-04-15 21:05 - 2015-04-15 21:05 - 00000000 ____D () C:\Program Files\Adobe 2015-04-15 20:37 - 2015-04-15 20:37 - 00000103 _____ () C:\windows\MSUTIL.INI 2015-04-15 14:38 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-04-15 14:38 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-04-15 14:38 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2015-04-15 14:38 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2015-04-15 14:38 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2015-04-15 14:38 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll 2015-04-15 14:38 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2015-04-15 14:38 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2015-04-15 14:38 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-04-15 14:38 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2015-04-15 14:38 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll 2015-04-15 14:38 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2015-04-15 14:38 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2015-04-15 14:38 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2015-04-15 14:38 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2015-04-15 14:38 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll 2015-04-15 14:38 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2015-04-15 14:38 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2015-04-15 14:38 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2015-04-15 14:38 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2015-04-15 14:38 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2015-04-15 14:38 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2015-04-15 14:38 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2015-04-15 14:38 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2015-04-15 14:38 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2015-04-15 14:38 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2015-04-15 14:38 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2015-04-15 14:38 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2015-04-15 14:38 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2015-04-15 14:38 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2015-04-15 14:37 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-04-15 14:37 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-04-15 14:37 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-04-15 14:37 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2015-04-15 14:37 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2015-04-15 14:37 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2015-04-15 14:37 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-04-15 14:37 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2015-04-15 14:37 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-04-15 14:37 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2015-04-15 14:37 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2015-04-15 14:37 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-04-15 14:37 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-04-15 14:37 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-04-15 14:37 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-04-15 14:37 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-04-15 14:37 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2015-04-15 14:37 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2015-04-15 14:37 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2015-04-15 14:37 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2015-04-15 14:37 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2015-04-15 14:37 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2015-04-15 14:37 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2015-04-15 14:37 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-04-15 14:37 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2015-04-15 14:37 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2015-04-15 14:37 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2015-04-15 14:37 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2015-04-15 14:37 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2015-04-15 14:37 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2015-04-15 14:37 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2015-04-15 14:37 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2015-04-15 14:37 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2015-04-15 14:37 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2015-04-15 14:37 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2015-04-15 14:37 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2015-04-15 14:37 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 14:37 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-15 14:37 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys 2015-04-15 14:37 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll 2015-04-15 14:37 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll 2015-04-15 14:37 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys 2015-04-11 21:50 - 2015-04-11 21:50 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-04-11 21:50 - 2015-04-11 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-04-11 21:49 - 2015-04-11 21:50 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-04-11 21:49 - 2015-04-11 21:50 - 00000000 ____D () C:\Program Files\iTunes 2015-04-11 21:49 - 2015-04-11 21:49 - 00000000 ____D () C:\Program Files\iPod 2015-04-08 19:57 - 2015-04-08 19:57 - 00000000 ____D () C:\Analytics 2015-04-08 19:56 - 2015-04-08 19:56 - 00000000 ____D () C:\windows\System32\Tasks\Western Digital 2015-04-08 19:51 - 2015-04-08 19:51 - 00000000 ____D () C:\Users\Lula\AppData\Local\Western_Digital_Technolog 2015-04-08 19:51 - 2015-04-08 19:51 - 00000000 ____D () C:\Users\Lula\AppData\Local\Western Digital 2015-04-08 19:36 - 2015-04-08 19:36 - 00000000 ____D () C:\Program Files\Western Digital 2015-04-08 19:36 - 2015-04-08 19:36 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2015-04-08 19:29 - 2015-04-08 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2015-04-08 19:22 - 2015-04-08 19:36 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2015-04-08 19:21 - 2015-04-08 19:36 - 00000000 ____D () C:\ProgramData\Western Digital 2015-04-08 11:57 - 2015-04-21 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-07 15:46 - 2015-04-07 15:46 - 00000000 ____D () C:\Users\Lula\AppData\Local\BorisFX 2015-04-07 15:33 - 2015-04-07 15:33 - 00000000 ____D () C:\Program Files\Common Files\OFX 2015-04-07 15:30 - 2015-04-07 15:33 - 00000000 ____D () C:\Program Files\Boris FX, Inc 2015-04-07 15:07 - 2015-04-07 15:07 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\SimpleFiles 2015-04-06 20:05 - 2015-04-06 20:05 - 00000000 ____D () C:\Program Files (x86)\Boris FX, Inc 2015-04-05 22:59 - 2015-04-05 22:59 - 00000000 ___SD () C:\windows\SysWOW64\GWX 2015-04-05 22:59 - 2015-04-05 22:59 - 00000000 ___SD () C:\windows\system32\GWX 2015-04-03 19:28 - 2014-09-10 14:31 - 00008843 _____ () C:\Users\Lula\AppData\Local\recently-used.xbel 2015-04-01 13:46 - 2015-04-01 14:30 - 00000000 ____D () C:\Users\Lula\Desktop\math 2015-03-30 21:14 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys 2015-03-30 21:14 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll 2015-03-30 16:50 - 2015-03-30 16:54 - 00285192 _____ () C:\Users\Lula\Downloads\Conor_Maynard-R_U_Crazy_Are_you_crazy_.mp3.sfk 2015-03-30 14:57 - 2015-03-30 14:58 - 15310043 _____ () C:\Users\Lula\Desktop\EXO (엑소) - Overdose (중독) [Dance cover].mp4 2015-03-29 20:35 - 2015-03-29 20:35 - 00309720 _____ () C:\Users\Lula\Downloads\Little_Mix-About_The_Boy.mp3.sfk 2015-03-25 20:14 - 2015-03-26 11:23 - 00000868 _____ () C:\Users\Lula\Desktop\Handbrake.lnk 2015-03-25 20:14 - 2015-03-25 20:14 - 00000824 _____ () C:\Users\Papa\Desktop\Handbrake.lnk 2015-03-25 20:14 - 2015-03-25 20:14 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2015-03-25 20:14 - 2015-03-25 20:14 - 00000000 ____D () C:\Program Files\Handbrake 2015-03-25 20:10 - 2015-03-25 20:10 - 01203488 _____ () C:\Users\Lula\Downloads\Handbrake 64 Bit - CHIP-Installer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-22 23:52 - 2010-12-25 19:46 - 00000000 ____D () C:\Users\Papa 2015-04-22 23:52 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2015-04-22 23:52 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media 2015-04-22 23:52 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration 2015-04-22 23:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-04-22 23:49 - 2012-09-16 13:27 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-04-22 15:14 - 2014-07-30 13:11 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-22 15:14 - 2010-08-04 04:27 - 01349709 _____ () C:\windows\WindowsUpdate.log 2015-04-22 14:09 - 2009-07-14 06:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-22 14:09 - 2009-07-14 06:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-22 14:02 - 2010-12-25 14:43 - 00000000 ____D () C:\Users\Lula 2015-04-22 14:01 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-22 12:05 - 2012-11-27 17:41 - 00000000 ____D () C:\windows\uninstall 2015-04-22 09:13 - 2012-09-16 13:28 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\TuneUp Software 2015-04-21 23:07 - 2015-03-03 19:42 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\MPC-HC 2015-04-21 23:07 - 2014-11-08 16:54 - 00000000 ____D () C:\Users\Lula\.gimp-2.8 2015-04-21 23:07 - 2014-11-02 17:33 - 00000000 ____D () C:\Program Files (x86)\Audacity 2015-04-21 23:07 - 2014-06-16 14:39 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\uTorrent 2015-04-21 23:07 - 2013-01-10 20:29 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\PhotoFiltre 7 2015-04-21 23:07 - 2012-01-07 20:34 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\Babylon 2015-04-21 23:07 - 2010-08-04 04:31 - 00000000 ____D () C:\ProgramData\Temp 2015-04-21 23:06 - 2011-04-08 15:48 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\Sony 2015-04-21 22:31 - 2012-04-04 19:39 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-04-21 21:49 - 2011-09-17 13:34 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\Skype 2015-04-21 21:45 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak 2015-04-21 21:39 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak 2015-04-21 15:35 - 2011-04-24 11:43 - 00000000 ____D () C:\windows\Downloaded Installations 2015-04-21 15:34 - 2014-05-10 20:35 - 00000000 ____D () C:\Users\Lula\AppData\Local\com 2015-04-21 15:34 - 2012-07-22 15:38 - 00000000 ____D () C:\Program Files (x86)\vGrabber-software 2015-04-21 15:34 - 2011-05-06 12:57 - 00000000 ____D () C:\ProgramData\ICQ 2015-04-20 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat 2015-04-19 16:52 - 2015-03-13 19:03 - 00000000 ____D () C:\Users\Lula\Desktop\Neuer Ordner 2015-04-19 12:57 - 2014-10-10 16:47 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\vlc 2015-04-17 15:12 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2015-04-15 22:48 - 2014-12-11 22:45 - 00000000 ____D () C:\windows\system32\appraiser 2015-04-15 22:48 - 2014-05-06 22:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2015-04-15 22:48 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2015-04-15 22:13 - 2013-10-11 13:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 22:11 - 2012-07-29 14:44 - 01595092 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2015-04-15 22:11 - 2010-08-04 20:46 - 00699712 _____ () C:\windows\system32\perfh007.dat 2015-04-15 22:11 - 2010-08-04 20:46 - 00149820 _____ () C:\windows\system32\perfc007.dat 2015-04-15 22:11 - 2009-07-14 07:13 - 01595092 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-15 22:07 - 2013-08-14 22:27 - 00000000 ____D () C:\windows\system32\MRT 2015-04-15 22:00 - 2011-05-10 20:35 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-04-15 21:05 - 2011-11-21 18:03 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-04-14 21:34 - 2014-10-17 18:08 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-04-14 21:34 - 2012-04-04 19:39 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-04-14 21:34 - 2011-05-16 20:26 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-11 21:49 - 2012-05-11 15:35 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-04-11 21:49 - 2012-05-11 15:34 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-04-09 10:21 - 2014-09-30 20:47 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-04-09 10:21 - 2010-08-04 04:29 - 00000000 ____D () C:\ProgramData\Skype 2015-04-08 19:40 - 2012-04-26 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-07 15:25 - 2011-04-08 14:31 - 00000000 ____D () C:\Users\Lula\AppData\Local\Downloaded Installations 2015-04-03 19:29 - 2014-03-17 16:34 - 00000000 ____D () C:\Users\Lula\AppData\Local\gtk-2.0 2015-04-03 17:20 - 2015-02-26 15:48 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\HandBrake 2015-03-30 21:14 - 2013-12-15 20:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-28 05:44 - 2014-07-30 13:01 - 01316000 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll 2015-03-28 05:44 - 2014-02-18 19:51 - 01316000 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll 2015-03-28 05:43 - 2014-07-30 13:01 - 01756424 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll 2015-03-28 05:43 - 2014-02-18 19:51 - 01570672 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll 2015-03-23 16:29 - 2013-08-04 16:34 - 00000000 ____D () C:\Users\Lula\AppData\Roaming\Avira ==================== Files in the root of some directories ======= 2013-10-14 04:44 - 2013-10-14 04:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll 2011-08-28 14:37 - 2011-12-24 11:33 - 0000065 _____ () C:\Users\Lula\AppData\Roaming\AcroIEHelpe.txt 2014-10-05 18:55 - 2014-11-05 00:02 - 0002298 _____ () C:\Users\Lula\AppData\Roaming\ASSDraw3.cfg 2011-10-14 14:58 - 2011-12-24 16:19 - 0000068 _____ () C:\Users\Lula\AppData\Roaming\blckdom.res 2014-10-17 17:50 - 2014-10-17 17:57 - 0099384 _____ () C:\Users\Lula\AppData\Roaming\inst.exe 2014-10-17 17:50 - 2014-10-17 17:57 - 0007859 _____ () C:\Users\Lula\AppData\Roaming\pcouffin.cat 2014-10-17 17:50 - 2014-10-17 17:57 - 0001167 _____ () C:\Users\Lula\AppData\Roaming\pcouffin.inf 2014-10-17 17:50 - 2014-10-17 17:57 - 0000055 _____ () C:\Users\Lula\AppData\Roaming\pcouffin.log 2014-10-17 17:50 - 2014-10-17 17:57 - 0082816 _____ (VSO Software) C:\Users\Lula\AppData\Roaming\pcouffin.sys 2011-08-28 14:37 - 2011-09-10 11:30 - 0000136 _____ () C:\Users\Lula\AppData\Roaming\srvblck2.tmp 2011-09-03 11:31 - 2011-09-03 11:31 - 0000011 _____ () C:\Users\Lula\AppData\Roaming\urhtps.dat 2013-12-18 21:01 - 2014-09-27 10:10 - 0000168 _____ () C:\Users\Lula\AppData\Roaming\WB.CFG 2015-04-03 19:28 - 2014-09-10 14:31 - 0008843 _____ () C:\Users\Lula\AppData\Local\recently-used.xbel 2012-09-06 16:04 - 2012-09-06 16:04 - 0384835 _____ () C:\Users\Lula\AppData\Local\speeddial.crx 2011-09-17 13:36 - 2011-09-17 13:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2010-12-25 14:44 - 2010-01-16 08:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2010-08-04 04:37 - 2010-08-04 04:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-08-04 04:35 - 2010-08-04 04:36 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log 2010-08-04 04:32 - 2010-08-04 04:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-08-04 04:36 - 2010-08-04 04:37 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2010-08-04 04:31 - 2010-08-04 04:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-08-04 04:33 - 2010-08-04 04:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Some content of TEMP: ==================== C:\Users\Lula\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Lula\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Lula\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Lula\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Papa\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-16 16:12 ==================== End Of Log ============================ |
22.04.2015, 17:41 | #4 |
| Avira lässt sich nicht installieren Addition file:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015 Ran by Lula at 2015-04-22 15:43:35 Running from C:\Users\Lula\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D} AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.) 360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 6.2.0.1030 - 360 Security Center) Abenteuer Bauernhof (HKLM-x32\...\Farm) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Aegisub 3.2.1 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.1 - Aegisub Team) Akamai NetSession Interface (HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Boris Continuum Complete 9 OFX for Sony (64-Bit) (HKLM\...\{3DF67BF0-17E8-4537-951C-758102AB87F7}) (Version: 9.0.2005 - Boris FX, Inc.) Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}) (Version: 2.1.0.0 - ) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) CX4300_5500_DX4400 Handbuch (HKLM-x32\...\CX4300_5500_DX4400 Handbuch) (Version: - ) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.) CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.) CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.) DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung) eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH) EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG) Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.0.1 - MAGIX AG) Free Studio version 6.5.0.301 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.301 - DVDVideoSoft Ltd.) Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - ) Free YouTube Download version 3.2.46.923 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.44.908 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.908 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation) GenArts Sapphire Plug-ins 7.07 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - ) HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - ) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden K-Lite Codec Pack 11.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.0 - ) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Macallan Convert Srt To Ssa (HKLM-x32\...\{C828DC76-B630-42F7-B440-E63C8ECBBFA4}) (Version: 1.0.05001 - Macallan) MAGIX Speed burnR (MSI) (HKLM-x32\...\{6A56B2F6-5F4F-4FC5-8508-3EDA1D048744}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Video deluxe MX Plus (HKLM-x32\...\MAGIX_MSI_Videodeluxe18_plus) (Version: 11.0.2.2 - MAGIX AG) MAGIX Video deluxe MX Plus (x32 Version: 11.0.2.2 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) NewBlue 3D Explosions for Windows (HKLM-x32\...\NewBlue 3D Explosions for Windows) (Version: - ) NewBlue 3D Transformations for Windows (HKLM-x32\...\NewBlue 3D Transformations for Windows) (Version: - ) NewBlue Art Blends for Windows (HKLM-x32\...\NewBlue Art Blends for Windows) (Version: - ) NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: - ) NewBlue Light Blends for Windows (HKLM-x32\...\NewBlue Light Blends for Windows) (Version: 1.4 - NewBlue) NewBlue Light Effects for Windows (HKLM-x32\...\NewBlue Light Effects for Windows) (Version: 1.4 - NewBlue) NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: - ) NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: - ) NewBlue Paint Blends for Windows (HKLM-x32\...\NewBlue Paint Blends for Windows) (Version: 1.4 - NewBlue) NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 1.4 - NewBlue) NewBlue Video Essentials II for Windows (HKLM-x32\...\NewBlue Video Essentials II for Windows) (Version: - ) NewBlue Video Essentials III for Windows (HKLM-x32\...\NewBlue Video Essentials III for Windows) (Version: 1.4 - NewBlue) NewBlue Video Essentials IV for Windows (HKLM-x32\...\NewBlue Video Essentials IV for Windows) (Version: 1.4 - NewBlue) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) PDF Reader (HKU\S-1-5-21-522234228-4192544273-3428825822-1001\...\PDF Reader) (Version: - ) PriceSparrow (HKLM-x32\...\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497}) (Version: 1.4.9 - Ciuvo GmbH) <==== ATTENTION QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.) Registry Repair 5.0.1.67 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.67 - Glarysoft Ltd) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden Samsung New PC Studio USB Driver Installer (HKLM-x32\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung) Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung) Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) SpiceMASTER 2.5 PRO for Vegas (HKLM-x32\...\SpiceMASTER 2.5 PRO for Vegas) (Version: 2.5 - Pixelan Software) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VSFilter 2.41.322 (0c3a1ea) Nightly (HKLM-x32\...\vsfilter_is1) (Version: 2.41.322 - MPC-HC Team) WD Drive Utilities (HKLM-x32\...\{59E0381C-1047-45A3-B68A-57F586EAF3C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.) WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{D338102B-BA1C-4CCA-B870-8690FA0F0433}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - ) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 22-04-2015 09:21:38 TuneUp Utilities 2014 wird entfernt 22-04-2015 09:56:41 Windows Update 22-04-2015 10:01:54 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00B34E4F-7D66-4BD5-B54A-C9C053ECFB90} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {05FACB47-A91F-420D-BCEC-FF600F302C99} - \SUPBackground No Task File <==== ATTENTION Task: {0867F108-CE05-4F7C-A5C0-73C28E2154B4} - \{F6C7F9E6-6F96-41B3-9C19-7C35CA8EC048} No Task File <==== ATTENTION Task: {09BCA8E0-08AB-4057-AA0C-E9BD059BD7B3} - \6f4fbe62-8c8b-4036-a9fe-561497b1f445-2 No Task File <==== ATTENTION Task: {0B7DFB6C-E4D1-48B8-898B-4C7912F97612} - \EasyBatteryManager No Task File <==== ATTENTION Task: {0BE393F4-0955-497D-92C6-4BE015F2EEDA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {0FD71176-33F7-4B5A-B80F-C692D74D5F1E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated) Task: {1EDC3EE6-5D2C-4AA5-AE30-C08576134BFC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {226CBEF3-C14B-4D3E-9085-AAEF8FF18D69} - \BatteryLifeExtender No Task File <==== ATTENTION Task: {2613FF88-33DE-4031-9499-3E45F9559898} - System32\Tasks\{04FE779D-BEF1-471C-BD21-2302F2FBE903} => pcalua.exe -a C:\Users\Lula\Documents\VirtualDub-1.10.4\auxsetup.exe -d C:\Users\Lula\Documents\VirtualDub-1.10.4 Task: {2C8CDEBA-2BDB-414E-8975-4EC5CF92C228} - System32\Tasks\{C59C6278-4DE4-4FFB-9987-8DB4B055C53E} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE Task: {34DD8588-038E-484E-88CA-1CD7BF815C54} - \DealPly No Task File <==== ATTENTION Task: {3B1F3547-6E50-4E14-AB7F-228F2181251E} - \6f4fbe62-8c8b-4036-a9fe-561497b1f445-5 No Task File <==== ATTENTION Task: {3EAD0021-36CA-4E03-A3A8-1E06DD6E56D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {42D3908D-63E1-4C4A-B358-AA807A215046} - \{B6348D95-1246-4BD4-9A1E-0FEEC0BE2C8C} No Task File <==== ATTENTION Task: {44F4ADB2-4E90-475A-B75C-FFB3CBB083BF} - \User_Feed_Synchronization-{C9F8ED2C-4646-43B1-8AAC-F75F824832F5} No Task File <==== ATTENTION Task: {4AFBA663-9F35-400E-B4D4-B43DDFE2A1B3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {5292B3D1-A6FA-46E2-B99B-A5CC01889BB2} - \{1439E588-80AC-48C7-8676-24453CFD1744} No Task File <==== ATTENTION Task: {5924E66C-B01E-4E72-8609-00378485B894} - \{58F9CBB2-E401-4C9F-B2F1-FAC899ED1851} No Task File <==== ATTENTION Task: {64A6C599-BEB0-4ADE-81B0-6C1E822E6E0A} - System32\Tasks\pricesparrowSWU => Cscript.exe "C:\Program Files (x86)\PriceSparrow\Internet Explorer\swu.vbs" Task: {653FEC7F-8ED0-41BD-AB56-2AF118229ACE} - \advSRS4 No Task File <==== ATTENTION Task: {6E9D9967-AFCE-4043-A3AC-F4713487DC92} - \{A4A761CD-AA49-4FEB-9DD4-E472CA43F33D} No Task File <==== ATTENTION Task: {8014AEF9-B8A1-4F94-A820-5B0B5CCB4210} - \Funmoods No Task File <==== ATTENTION Task: {886F123B-D25A-4AEB-A115-32CE07A5D0F9} - \EasySpeedUpManager No Task File <==== ATTENTION Task: {93219F49-BCFE-4F5F-BEDD-3C3DA75A3D00} - \{616BDF89-B0BB-45EF-B9DB-457C35DD2910} No Task File <==== ATTENTION Task: {9B2AEE57-B1A3-425C-9794-EFB58CDA35B9} - System32\Tasks\{D53EFA6E-AD33-4364-A96D-8C6BD9C00BE8} => pcalua.exe -a C:\Users\Lula\Downloads\msicuu2.exe -d C:\Users\Lula\Downloads Task: {AE25EEFE-F0EB-484A-8131-F90123DBFC11} - \{37517ED5-8C65-431C-B63F-1C05AFB8CD9C} No Task File <==== ATTENTION Task: {B54B8B25-37A5-46ED-B530-E3B9A6F9747C} - \6f4fbe62-8c8b-4036-a9fe-561497b1f445-1 No Task File <==== ATTENTION Task: {C4E56FC6-7F0B-4186-B7B4-853A1D044AA9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {C5188BD4-C8F6-4D93-A9E7-16A4950D3632} - \6f4fbe62-8c8b-4036-a9fe-561497b1f445-4 No Task File <==== ATTENTION Task: {D48FE2D5-50F6-40B0-A99B-71A13269351C} - \6f4fbe62-8c8b-4036-a9fe-561497b1f445-3 No Task File <==== ATTENTION Task: {D4BB723D-3105-4D3C-A9D0-B0E5FBE56CE9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {D5A24318-E517-4843-9500-C8016A2861DE} - \0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3 No Task File <==== ATTENTION Task: {DD6F6C54-7F53-401E-90C9-A6634EC7E708} - \0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4 No Task File <==== ATTENTION Task: {EA69F0CA-391E-4E4A-9DDD-FFAE291BA002} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-02-18] () Task: {EAEDDB11-B36B-4715-9825-BC960C0E4C4D} - \{2FE7BBFF-8E4D-4756-9428-E3D6E1F7EBE3} No Task File <==== ATTENTION Task: {F61F6EF1-4B7D-4235-A63E-9D1A37BD484D} - \EasyDisplayMgr No Task File <==== ATTENTION Task: {FC8801BB-D0C9-48A7-B692-FE243C37E441} - \SamsungSupportCenter No Task File <==== ATTENTION Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`pgypfh AlternateDataStreams: C:\ProgramData\Temp:2430E4FC AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8 AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lula\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: NPSStartup => MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" ==================== Accounts: ============================= Administrator (S-1-5-21-522234228-4192544273-3428825822-500 - Administrator - Disabled) Gast (S-1-5-21-522234228-4192544273-3428825822-501 - Limited - Disabled) Lula (S-1-5-21-522234228-4192544273-3428825822-1001 - Administrator - Enabled) => C:\Users\Lula Papa (S-1-5-21-522234228-4192544273-3428825822-1003 - Limited - Enabled) => C:\Users\Papa ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (04/22/2015 03:22:12 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (04/22/2015 03:10:39 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (04/22/2015 03:10:39 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (04/22/2015 02:42:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (04/22/2015 02:42:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (04/22/2015 02:28:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: UninstallManager.exe, Version: 14.0.1000.340, Zeitstempel: 0x53c6367a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0008b132 ID des fehlerhaften Prozesses: 0x728 Startzeit der fehlerhaften Anwendung: 0xUninstallManager.exe0 Pfad der fehlerhaften Anwendung: UninstallManager.exe1 Pfad des fehlerhaften Moduls: UninstallManager.exe2 Berichtskennung: UninstallManager.exe3 Error: (04/22/2015 02:13:54 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (04/22/2015 02:13:54 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (04/22/2015 02:11:06 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (04/22/2015 02:11:06 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. System errors: ============= Error: (04/22/2015 03:11:04 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046} Error: (04/22/2015 03:10:57 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084wuauserv{9B1F122C-2982-4E91-AA8B-E071D54F2A4D} Error: (04/22/2015 03:10:51 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068WDBackup{59484148-65C9-4467-A092-3F8380023772} Error: (04/22/2015 03:10:51 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73} Error: (04/22/2015 03:10:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (04/22/2015 03:10:17 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (04/22/2015 03:10:17 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (04/22/2015 03:10:06 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (04/22/2015 03:09:55 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/22/2015 03:09:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 360Camera discache SABI spldr Wanarpv6 Microsoft Office Sessions: ========================= Error: (04/22/2015 03:22:12 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (04/22/2015 03:10:39 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (04/22/2015 03:10:39 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (04/22/2015 02:42:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (04/22/2015 02:42:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (04/22/2015 02:28:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: UninstallManager.exe14.0.1000.34053c6367antdll.dll6.1.7601.187985507b3e0c00000050008b13272801d07cf7c8deceebC:\Program Files (x86)\TuneUp Utilities 2014\UninstallManager.exeC:\windows\SysWOW64\ntdll.dll12a8fad0-e8eb-11e4-bb3f-002454e0eac6 Error: (04/22/2015 02:13:54 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (04/22/2015 02:13:54 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (04/22/2015 02:11:06 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (04/22/2015 02:11:06 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 29% Total physical RAM: 3956.55 MB Available physical RAM: 2775.13 MB Total Pagefile: 7911.29 MB Available Pagefile: 6797.38 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:98 GB) (Free:11.66 GB) NTFS Drive d: () (Fixed) (Total:347.66 GB) (Free:347.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 8C0FBFDC) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=347.7 GB) - (Type=OF Extended) ==================== End Of Log ============================ GMER file: GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - GMER - Rootkit Detector and Remover Rootkit scan 2015-04-22 15:56:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Lula\AppData\Local\Temp\kxldypow.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Oke alles gut! Problem gelöst |
23.04.2015, 11:29 | #5 |
/// the machine /// TB-Ausbilder | Avira lässt sich nicht installieren Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Avira lässt sich nicht installieren |
antivir, appdata, avira, detected, failed, fehlermeldung, format, free, hijack, installation, log, not, registry, scan, seite, server, soft, software, temp, tracking, updates, version, w32, web, windows |