| |
| |||||||
Log-Analyse und Auswertung: Avast Antivirus stellt sich nach Start des PC's abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.08.2016, 02:55
| #1 |
 |  Avast Antivirus stellt sich nach Start des PC's ab Liebes Trojaner Board Team, ich habe seit kurzem ein Problem mit meinem PC. Kurz nach dem Start stellt sich Avast Anti Virus selbststaendig aus und ich kann es nicht wieder aktivieren. Ich habe Malwarebytes laufen lassen und es gab ein paar Funde in der heuristischen Analyse. Leider ist vom Scan kein Scan Log an der angegebenen Stelle zu finden. Koennt ihr mir helfen das Problem zu loesen? Viele Gruesse Kermit FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-08-2016
Ran by Heiko (administrator) on HEIKO-PC (07-08-2016 13:37:14)
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available Profiles: Heiko)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
(Apache Software Foundation) C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
() C:\Windows\System32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Apache Software Foundation) C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Marvell) C:\Program Files\Marvell\61xx\tray\zRaidTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [9071240 2016-08-07] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM\...\Run: [emsisoft anti-malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [5836888 2015-09-18] (Emsisoft Ltd)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2013-12-23] (AMD)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\MountPoints2: {3f51ef99-0181-11de-8b19-806e6f6e6963} - F:\Launcher.exe
HKU\S-1-5-21-486867131-26501815-4098484281-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} => No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2016-08-07] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2009-04-28]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2009-03-20]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ApacheStart.lnk [2014-04-25]
ShortcutTarget: ApacheStart.lnk -> C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MarvellTray.lnk [2014-04-25]
ShortcutTarget: MarvellTray.lnk -> C:\Program Files\Marvell\61xx\tray\zRaidTray.exe (Marvell)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{4E3A8419-EEE8-4EDD-9506-521C71675B26}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A9787E2A-2022-4380-8E02-19CC3527645A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CD77492D-D81D-4621-8C0B-CFE6772DE29B}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-486867131-26501815-4098484281-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2016-08-07] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_160528__yaff
FF DefaultSearchEngine: Yahoo®
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Yahoo®
FF Homepage: www.google.co.nz
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2009-05-21] (BitTorrent, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\Accessories\Burner and Player\TVU Player\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-25] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-486867131-26501815-4098484281-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Heiko\Program Files\DNA\plugins\npbtdna.dll [2009-11-07] (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-486867131-26501815-4098484281-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Heiko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-09-26] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-25] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\searchplugins\yahoo-lavasoft.xml [2016-05-28]
FF Extension: German Dictionary - C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-01-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2016-06-16] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016-08-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-23] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016-08-07]
FF HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Heiko\Program Files\DNA
FF Extension: DNA - C:\Users\Heiko\Program Files\DNA [2012-07-15] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files\Accessories\Burner and Player\TVU Player\TVUPlayer\npTVUAx.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\Accessories\Burner and Player\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Picasa) - C:\Program Files\Accessories\Picasa3\npPicasa3.dll => No File
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll => No File
CHR Profile: C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tampermonkey) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-08-07]
CHR Extension: (Avast SafePrice) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-05-05]
CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2016-08-07]
CHR Extension: (Agar.io Powerups Guide) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfiiapoopclmhaikgpbgddfpmmddmeo [2016-06-14]
CHR Extension: (Diep.io mods cheat) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkeplpciajafhianhmclmkkkofpobnkf [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-09]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [7084784 2015-09-18] (Emsisoft Ltd)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [197640 2016-08-07] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)
R2 Marvell RAID; C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [61440 2007-04-21] () [File not signed]
R2 MRUWebService; C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [20539 2007-01-10] (Apache Software Foundation) [File not signed]
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2009-05-21] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-20] (Protect Software GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-07] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-07] () [File not signed]
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-08-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [734840 2016-08-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434144 2016-08-07] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-08-07] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-08-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-07] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-24] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-06-08] ()
S3 cpuz132; C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R1 epp32; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp32.sys [114200 2015-08-28] (Emsisoft GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-08] ()
R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-17] (Logitech Inc.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-08-07] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-19] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.) [File not signed]
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [735232 2009-08-03] (Ralink Technology Corp.)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2009-03-11] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-23] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Heiko\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-07 13:37 - 2016-08-07 13:39 - 00024584 _____ C:\Users\Heiko\Desktop\FRST.txt
2016-08-07 13:37 - 2016-08-07 13:37 - 00000000 ____D C:\FRST
2016-08-07 13:35 - 2016-08-07 13:36 - 01743872 _____ (Farbar) C:\Users\Heiko\Desktop\FRST.exe
2016-08-07 13:30 - 2016-08-07 13:33 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-08-07 13:30 - 2016-08-07 13:30 - 00000848 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-08-07 13:30 - 2016-08-07 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-08-07 13:07 - 2016-08-07 13:16 - 215062448 _____ (Emsisoft Ltd. ) C:\Users\Heiko\Desktop\EmsisoftAntiMalwareXPSetup.exe
2016-08-07 12:14 - 2016-08-07 12:14 - 00001931 _____ C:\Users\Heiko\Desktop\Google Chrome.lnk
2016-08-07 12:03 - 2016-04-10 07:07 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-08-07 12:03 - 2016-04-10 06:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-07 11:58 - 2016-08-07 11:58 - 00000000 ____D C:\Users\Heiko\AppData\Local\CEF
2016-08-07 11:50 - 2016-08-07 11:47 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-08-07 11:50 - 2016-08-07 11:47 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-07 11:47 - 2016-08-07 11:47 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-07 11:33 - 2016-08-07 11:33 - 07065600 _____ C:\Program Files\GUT4C0D.tmp
2016-08-07 11:33 - 2016-08-07 11:33 - 00000000 ____D C:\Program Files\GUM4C0C.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-07 13:28 - 2014-04-02 13:49 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4e15c388b5b0.job
2016-08-07 13:28 - 2009-02-22 23:43 - 00376256 _____ C:\Windows\za_mv_raid.ev
2016-08-07 13:28 - 2009-02-22 23:43 - 00000160 _____ C:\Windows\system32\61xx.xml
2016-08-07 13:27 - 2014-04-25 20:04 - 00000009 _____ C:\Windows\mvraidver.dat
2016-08-07 13:27 - 2006-11-03 01:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-07 13:27 - 2006-11-03 00:47 - 00004448 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-07 13:27 - 2006-11-03 00:47 - 00004448 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-07 13:25 - 2006-11-03 01:01 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-07 13:18 - 2006-11-02 23:18 - 00000000 ____D C:\Windows\rescache
2016-08-07 13:17 - 2015-06-14 17:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-08-07 13:11 - 2015-01-02 12:51 - 00000000 ____D C:\Users\Heiko\AppData\Roaming\vlc
2016-08-07 13:03 - 2016-06-10 16:03 - 00000000 _RSHD C:\Users\Heiko\AppData\Roaming\nvxasync
2016-08-07 13:03 - 2006-11-02 23:18 - 00000000 ____D C:\Windows\inf
2016-08-07 13:03 - 2006-11-02 22:33 - 00763586 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-07 13:02 - 2009-05-21 17:00 - 00000000 ____D C:\Users\Heiko\AppData\Roaming\BitTorrent
2016-08-07 12:48 - 2012-11-12 21:08 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-07 12:26 - 2014-04-02 22:46 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-07 12:20 - 2014-04-02 22:46 - 00000859 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-07 12:20 - 2014-04-02 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-08-07 12:20 - 2014-04-02 22:46 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2016-08-07 11:49 - 2015-07-22 11:01 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-08-07 11:49 - 2014-05-04 13:07 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-07 11:49 - 2013-03-21 11:09 - 00224616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-07 11:49 - 2013-03-21 11:09 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-07 11:49 - 2009-02-23 01:04 - 00434144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-07 11:49 - 2009-02-23 01:04 - 00092256 _____ C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-07 11:49 - 2009-02-23 01:04 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-08-07 11:49 - 2009-02-23 01:04 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-08-07 11:44 - 2016-06-15 16:07 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-07 11:44 - 2011-05-07 05:46 - 00734840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-07 11:43 - 2009-02-23 12:09 - 00000000 ____D C:\Users\Heiko\AppData\Roaming\Skype
2016-08-07 11:40 - 2016-06-15 15:44 - 00000000 ___RD C:\Program Files\Skype
2016-08-07 11:40 - 2009-02-23 12:08 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2013-06-28 06:33 - 2013-06-28 06:28 - 0007583 _____ () C:\Program Files\awvIdentifiers.map.bak
2013-06-28 06:33 - 2013-06-28 06:28 - 0192528 _____ () C:\Program Files\bankcodes.map.bak
2013-06-28 06:33 - 2013-04-03 12:00 - 7384209 _____ () C:\Program Files\bic.map.bak
2013-06-28 06:33 - 2013-06-28 06:28 - 0008900 _____ () C:\Program Files\countries.map.bak
2013-06-28 06:27 - 2013-01-03 12:00 - 0039034 _____ () C:\Program Files\efix.exe.manifest
2016-08-07 11:33 - 2016-08-07 11:33 - 7065600 _____ () C:\Program Files\GUT4C0D.tmp
2014-05-10 11:55 - 2014-05-10 11:55 - 6103040 _____ () C:\Program Files\GUTE012.tmp
2013-06-28 06:27 - 2011-10-05 12:00 - 0001346 _____ () C:\Program Files\Migrate.exe.manifest
2013-06-28 06:27 - 2012-09-07 12:00 - 0001602 _____ () C:\Program Files\sepaCategoryPurpose.map
2013-06-28 06:27 - 2009-10-27 12:00 - 0007853 _____ () C:\Program Files\sepaPurposeKeys.map
2013-06-28 06:26 - 2013-06-28 06:27 - 0000234 _____ () C:\Program Files\Update.ini
2013-06-28 06:27 - 2011-08-22 12:00 - 0015176 _____ () C:\Program Files\update_help.html
2013-06-28 06:25 - 2000-12-05 21:31 - 0026614 _____ () C:\Program Files\_update.hlp
2013-06-28 06:25 - 2000-08-25 03:49 - 0102400 _____ (XLAB) C:\Program Files\_updutils.dll
2016-06-10 16:03 - 2016-06-10 16:03 - 53205728 _____ () C:\Users\Heiko\AppData\Roaming\chport.exe
2009-09-28 15:25 - 2012-09-19 04:54 - 0087608 _____ () C:\Users\Heiko\AppData\Roaming\inst.exe
2016-06-10 16:01 - 2016-06-10 16:02 - 243361280 _____ () C:\Users\Heiko\AppData\Roaming\Launcher.rb4
2009-02-24 15:51 - 2012-09-19 04:54 - 0007887 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.cat
2009-02-24 15:51 - 2012-09-19 04:54 - 0001144 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.inf
2009-02-24 15:52 - 2012-09-19 04:55 - 0000034 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.log
2009-02-24 15:51 - 2012-09-19 04:54 - 0047360 _____ (VSO Software) C:\Users\Heiko\AppData\Roaming\pcouffin.sys
2013-10-12 22:36 - 2013-10-12 23:17 - 0000028 _____ () C:\Users\Heiko\AppData\Roaming\PhonerLitesettings.ini
2009-05-21 16:01 - 2009-05-21 16:01 - 0022328 _____ () C:\Users\Heiko\AppData\Roaming\PnkBstrK.sys
2009-08-27 10:17 - 2009-08-27 10:17 - 0000760 _____ () C:\Users\Heiko\AppData\Roaming\setup_ldm.iss
2016-06-04 17:42 - 2016-06-15 17:48 - 0000001 _____ () C:\Users\Heiko\AppData\Roaming\update.dat
2014-09-29 12:17 - 2015-01-18 17:42 - 0001356 _____ () C:\Users\Heiko\AppData\Local\d3d9caps.dat
2014-10-05 15:35 - 2016-05-05 17:18 - 0095744 _____ () C:\Users\Heiko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-02 20:39 - 2014-04-02 20:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-02-23 12:11 - 2009-02-23 12:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
C:\Users\Heiko\AppData\Local\temp\Quarantine.exe
C:\Users\Heiko\AppData\Local\temp\sqlite3.dll
C:\Users\Heiko\AppData\Local\temp\uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-07 13:37
==================== End of FRST.txt ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-08-2016
Ran by Heiko (2016-08-07 13:40:03)
Running from C:\Users\Heiko\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-02-23 08:13:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-486867131-26501815-4098484281-500 - Administrator - Disabled)
Guest (S-1-5-21-486867131-26501815-4098484281-501 - Limited - Disabled)
Heiko (S-1-5-21-486867131-26501815-4098484281-1000 - Administrator - Enabled) => C:\Users\Heiko
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Help Center 2.1 (HKLM\...\{25569723-DC5A-4467-A639-79535BF01B71}) (Version: 2.1 - Adobe Systems)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{CD93C96E-22D5-896A-4FA3-B07F5DBEB5A0}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Attansic Ethernet Utility (HKLM\...\{1F698102-5739-441E-96F0-74F4EA540F06}) (Version: 2.0.60.5 - Attansic)
Attansic L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: - )
Avast Free Antivirus (HKLM\...\avast) (Version: 11.2.2262 - AVAST Software)
BitTorrent (HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\BitTorrent) (Version: 7.9.5.41713 - BitTorrent Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 6.0.0.766 (HKLM\...\Bullzip PDF Printer_is1) (Version: - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
ContentMod2.6.3 (HKLM\...\ContentMod_2.6.3) (Version: - )
CPUID CPU-Z 1.51 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DNA (HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
DVDFab 7.0.3.0 (26/03/2010) (HKLM\...\DVDFab 7_is1) (Version: - Fengtao Software Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.1.1102 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Gothic 3 Interactive Map (G3iMap) (HKLM\...\Gothic 3 Interactive Map (G3iMap)_is1) (Version: 1.0.1 - AHO)
Gothic III (HKLM\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
Gothic_Patch (HKLM\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version: - )
Governor of Poker 2 Premium Edition v1.0 Multi (HKLM\...\{8BF806C4-2D77-4F67-8435-D4BDCEB665A8}_is1) (Version: - My Company, Inc.)
GPL Ghostscript Lite 8.63 (HKLM\...\GPL Ghostscript Lite_is1) (Version: - )
Hama Black Force Pad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HydraVision (Version: 4.2.242.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.2.0 - LIGHTNING UK!)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
LEGO® Harry Potter™: Years 1-4 (HKLM\...\{C5A8DF48-580B-44D3-B2B2-E965A9368F28}) (Version: 1.0.0.0 - WB Games)
LEGO® Star Wars™ III: The Clone Wars™ (HKLM\...\{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}) (Version: 1.0.0.0 - LucasArts)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvell MRU (HKLM\...\mv61xxMRU) (Version: 1.2.0.15 - Marvell)
MicroMachines V4 (HKLM\...\{E4511CEC-2E60-4076-95B6-0E193269EB86}) (Version: 2.00.0000 - Codemasters)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM\...\Office14.OUTLOOK) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Need for Speed: Hot Pursuit (HKLM\...\Steam App 47870) (Version: - Electronic Arts)
NVIDIA PhysX (HKLM\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Systems Client (HKLM\...\Open Systems Client) (Version: - )
OpenAL (HKLM\...\OpenAL) (Version: - )
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5391 - Realtek Semiconductor Corp.)
Scratch 2 Offline Editor (HKLM\...\edu.media.mit.Scratch2Editor) (Version: 404 - MIT Media Lab)
Scratch 2 Offline Editor (Version: 255 - MIT Media Lab) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version: - Microsoft)
Skype™ 7.26 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SolSuite 2010 v10.6 (HKLM\...\SolSuite_is1) (Version: - TreeCardGames.com)
SpywareBlaster 5.2 (HKLM\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB game controller (HKLM\...\InstallShield_{350161D2-0582-11D8-B095-009027EC0701}) (Version: 1.14.0000 - Logic 3 International Ltd.)
USB game controller (Version: 1.14.0000 - Logic 3 International Ltd.) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Ralink (netr28u) Net (10/29/2008 2.02.04.0000) (HKLM\...\AF4226E8D5EAFCFCFD3F2586FA56375A4B504CDE) (Version: 10/29/2008 2.02.04.0000 - Ralink)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinUAE 1.5.0 (HKLM\...\WinUAE) (Version: 1.5.0 - Arabuusimiehet)
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{a3c6dafc-e193-42fc-adca-5316b5d6d653}\InprocServer32 -> C:\Users\Heiko\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {154293BD-6069-461B-AD27-65DAB5B7D825} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {16DBFEE0-0214-46E0-A1C9-2B30C32AB1B5} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4e15c388b5b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5FCEA3D7-871A-4CCA-B9C1-E4FCF75AFEA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-08-07] (AVAST Software)
Task: {6F6E9D70-312C-4025-B9DC-5E198757556C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {792372A3-EE78-4904-A5B2-C192452F3C19} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {921CB712-6E33-4B2E-843C-22C14C1726AF} - System32\Tasks\{B0F6A49D-A91D-4D19-A031-13FCC944AB56} => pcalua.exe -a C:\PROGRA~1\sina\SINAWE~1\304~1.2\UNWISE.EXE -c C:\PROGRA~1\sina\SINAWE~1\304~1.2\Install.LOG
Task: {A1D52E07-6D68-4C4F-AD4E-D2674ACEBFB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A4EFC974-C25D-4058-9AD0-C5935E5D7E1E} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {AA15C801-16B1-4B2F-BF48-C18B54F4C902} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {BDDF23BB-B853-4630-9600-DAC5E8ADE25A} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D4642AB7-2EA3-479B-A755-5112D88EED41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-12] (Piriform Ltd)
Task: {E8230F08-FF57-476F-A020-DC736F30D667} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F708DBDE-831D-490E-BD92-6A753F372544} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4e15c388b5b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Heiko\AppData\Local\Microsoft\Windows\GameExplorer\{C74DBB62-4D17-4E66-B23F-E2D39F18A8A4}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/
Shortcut: C:\Users\Heiko\AppData\Local\Microsoft\Windows\GameExplorer\{C74DBB62-4D17-4E66-B23F-E2D39F18A8A4}\SupportTasks\0\Home Page.lnk -> hxxp://www.monkey4.lucasarts.com/
Shortcut: C:\Users\Heiko\AppData\Local\Microsoft\Windows\GameExplorer\{963C078B-F07F-453E-AA46-683ABF8E7250}\PlayTasks\3\LEGO® Harry Potter™ Website.lnk -> hxxp://www.magicisbuilding.com/
Shortcut: C:\Users\Heiko\AppData\Local\Microsoft\Windows\GameExplorer\{525AE3B5-4CA3-45BC-ABE6-317178113D62}\PlayTasks\3\LEGO® Star Wars™ III Website.lnk -> hxxp://www.legostarwars.com/
Shortcut: C:\Users\Heiko\AppData\Local\Microsoft\Windows\GameExplorer\{401C4348-4F2C-45EF-8E4A-E7676C87AC3D}\SupportTasks\0\Support.lnk -> hxxp://support.aspyr.com/
==================== Loaded Modules (Whitelisted) ==============
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-21 10:40 - 2007-04-21 10:40 - 00061440 _____ () C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
2009-03-03 19:04 - 2009-05-21 16:01 - 00107832 ____N () C:\Windows\system32\PnkBstrB.exe
2009-05-18 17:17 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\Accessories\Packer\Winrar\rarext.dll
2012-06-12 04:24 - 2012-06-12 04:24 - 00037376 ____N () C:\Windows\system32\atitmpxx.dll
2015-03-14 07:35 - 2016-08-07 11:49 - 48936448 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2015-03-19 17:01 - 2016-08-07 11:46 - 00169064 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2016-04-15 15:37 - 2016-08-07 11:46 - 00482928 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\agentware.net -> hxxps://agentware.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\rundumsorglos.net -> hxxps://mail.rundumsorglos.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\sabre.com -> hxxps://sabre.com
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\virtual-apps.net -> hxxps://mail.virtual-apps.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\1-2005-search.com -> www.1-2005-search.com
There are 12684 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 22:23 - 2015-01-20 20:31 - 00450856 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15464 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heiko\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heiko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dora the Explorer_ Dance to the Rescue Registration.lnk => C:\Windows\pss\Dora the Explorer_ Dance to the Rescue Registration.lnk.Startup
MSCONFIG\startupreg: BitTorrent DNA => "C:\Users\Heiko\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: OpScheduler => "C:\Program Files\Accessories\Omnipage\OpScheduler.exe"
MSCONFIG\startupreg: Opware15 => "C:\Program Files\Accessories\Omnipage\Opware15.exe"
MSCONFIG\startupreg: PDF3 Registry Controller => "C:\Program Files\Accessories\Omnipage\PDFConverter3\\RegistryController.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [TCP Query User{DF076614-FEFD-4679-B6EE-0D21C1931F45}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [UDP Query User{FA6F7BD6-2527-4DF7-86AB-3707CCBFD912}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [TCP Query User{64F75C53-2404-4680-98E7-6B739E87E7AA}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [UDP Query User{C4A3893F-A070-417B-860A-60C1D3F89CAE}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [{FB440B30-1399-44AF-9B14-225EDE74D467}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{01844AD2-EE49-40DE-8F97-9F759DA91D3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7E558A91-420B-4F54-AC63-0DD1A350B51D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2C3C9619-AA96-40FD-9A13-0293032EA2AF}] => (Allow) LPort=6346
FirewallRules: [{8EE4C063-700C-42CD-B189-64C0109CD8A9}] => (Allow) LPort=6346
FirewallRules: [TCP Query User{0D8D36D9-8B5C-470E-89E1-5AC7251E4DB9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{79EAAEBD-0A31-4B30-AE43-685D321FEB11}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{E645B6B3-0D5B-4F8C-80CC-0CBAAEDB30FE}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{2D24E018-5323-440E-9147-00C79A78DFA8}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{F780ECDF-54F6-48FA-80E4-696EAE9E9EAA}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{F6C50470-FBB4-4A16-B0FE-C53D98ABC6AD}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{EB01A9A6-1867-482D-BDCB-CDC4C223FED8}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [{1B306820-0F9D-4195-9645-9D79F0CB62A8}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [TCP Query User{6C38CE9E-AACD-40C2-A4A4-D3BBB1750492}C:\users\heiko\program files\dna\btdna.exe] => (Allow) C:\users\heiko\program files\dna\btdna.exe
FirewallRules: [UDP Query User{817F600F-C9AD-40D5-9BA7-3A182526D4BA}C:\users\heiko\program files\dna\btdna.exe] => (Allow) C:\users\heiko\program files\dna\btdna.exe
FirewallRules: [{660543A3-D7FC-4641-B2F9-2E80C151EB96}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{DA548872-785B-433F-BAF8-D429670AC33C}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [TCP Query User{71D68BCA-C7F2-46E8-A9FC-D896ADA21C1D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5AD8C1E0-F1E5-4811-9B2F-43A5D3AD894F}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{F8DF42B2-F4ED-429D-8CFD-2B639E2EEA4E}C:\users\heiko\program files\dna\btdna.exe] => (Allow) C:\users\heiko\program files\dna\btdna.exe
FirewallRules: [UDP Query User{F8569B43-2318-44D0-B9BB-69DBA9CB34B0}C:\users\heiko\program files\dna\btdna.exe] => (Allow) C:\users\heiko\program files\dna\btdna.exe
FirewallRules: [TCP Query User{52E104D8-E2E1-4B09-990A-8F3879708134}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [UDP Query User{139429A6-A651-4B8A-9035-0724BE8A6968}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [{50B3760F-F947-4013-92E8-687EEB3FFEC6}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{D5E903EC-5BA6-48C0-996C-3ABD05642A79}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [TCP Query User{1FA1AED8-3F27-4023-9EDC-0217896FB03E}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{70E77C00-B2C6-4422-9CCE-01881F959FAB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{B7E6A63A-3AA9-4D55-B32B-9575C8A301A0}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [UDP Query User{F40C07C3-92A7-4E63-958F-A9EE7D7ADD93}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [TCP Query User{630209DF-00C3-4772-A5AF-69A19672F6E8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2D27C6A1-887F-49DC-B379-A48171081BBC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{0ADB6039-E471-4BBC-97C8-05DC0EB4B501}] => (Allow) LPort=80
FirewallRules: [{35D61CF1-CA94-427A-83B7-F9CF01643AEC}] => (Allow) LPort=80
FirewallRules: [{AA5FBD2E-80F8-4465-B126-58911A5A7A1D}] => (Allow) LPort=80
FirewallRules: [{400CDEE1-7B38-49D4-949E-1B16648DD53E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB1D0DDB-3167-423D-844C-FF180F613936}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0CABE169-A2A1-46E1-9E95-218BE1C954C1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{A14C1B0F-E6FF-497B-B97C-74A2DCA3733F}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{0072D084-A77E-4467-9CBC-DAB3D7A8A449}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{186712E8-2267-4D2D-BCCD-3DC76315C710}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{0B5CE1C0-69F8-42DC-9417-474C6AC9980B}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{8EFE99B3-CC25-48AD-9571-9A06532B6410}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{86D27042-BCCD-45DF-A707-B1C47A186E40}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{113DED41-366B-4A17-8E71-7404DB16FA70}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{5F6C2DB1-8D73-461F-8552-CF03FFB4BBE8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [TCP Query User{922597D0-04D8-4BD2-A87A-4A6A70C1E7DB}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{7196EBE2-471E-41A0-A923-A04395CE2377}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{1599F591-2990-4CEF-8D8E-4C4B75274911}C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{906EF68F-A767-4FFC-B1B8-EE439A7C51EF}C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{032D9D24-CB50-4C30-91A8-72BB7CF55172}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F9E11C52-496C-445B-91B0-F24B6CEA983F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8027FEF7-E141-45A4-88E5-F6C61CDDED9C}] => (Allow) C:\Users\Heiko\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F62ED245-89D8-4995-9701-5DCECCD1971D}] => (Allow) C:\Users\Heiko\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{0A3BD513-6913-4C2C-A354-19AACD96DD91}C:\program files\games\micro machines\mmv4.exe] => (Block) C:\program files\games\micro machines\mmv4.exe
FirewallRules: [UDP Query User{7477B0F9-36B3-408E-A92C-43201071D33B}C:\program files\games\micro machines\mmv4.exe] => (Block) C:\program files\games\micro machines\mmv4.exe
FirewallRules: [{B695CC82-0DF8-4405-AB03-877A99FC027E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2398535C-0B73-4C8D-893C-9C74C62AFA37}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1F723225-4E9A-4F9E-815E-30D4D87F3F71}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B236CF6E-3797-4DF2-AA0F-5426B4363C3C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Accessories\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: PS/2 Keyboard
Description: PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/07/2016 01:21:23 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (08/07/2016 12:04:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\servicing\TrustedInstaller.exe; Descripton = Windows Modules Installer; Hr = 0x8000ffff).
Error: (08/07/2016 12:04:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (08/07/2016 12:04:00 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (08/07/2016 12:03:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\servicing\TrustedInstaller.exe; Descripton = Windows Modules Installer; Hr = 0x8000ffff).
Error: (08/07/2016 12:03:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (08/07/2016 12:03:23 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (08/07/2016 12:03:13 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\servicing\TrustedInstaller.exe; Descripton = Windows Modules Installer; Hr = 0x8000ffff).
Error: (08/07/2016 12:03:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (08/07/2016 12:03:13 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
System errors:
=============
Error: (08/07/2016 01:30:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Avast AntivirusaswMonFlt%%193
Error: (08/07/2016 01:30:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193
Error: (08/07/2016 01:28:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd
Error: (08/07/2016 01:28:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Avast AntivirusaswMonFlt%%193
Error: (08/07/2016 01:28:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193
Error: (08/07/2016 01:27:14 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402
Error: (08/07/2016 01:22:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Avast AntivirusaswMonFlt%%193
Error: (08/07/2016 01:22:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: aswMonFlt%%193
Error: (08/07/2016 01:21:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Marvell RAID Event Agent1
Error: (08/07/2016 01:21:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd
CodeIntegrity:
===================================
Date: 2016-08-07 12:54:28.468
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-07 12:54:27.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-07 12:54:27.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-07 12:54:26.939
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-07 12:54:26.424
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-07 12:54:25.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-07 12:54:23.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-07 12:54:22.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-07 12:54:22.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-07 12:54:21.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 67%
Total physical RAM: 3070.38 MB
Available physical RAM: 993.59 MB
Total Virtual: 6375.71 MB
Available Virtual: 3719.04 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.19 GB) (Free:20.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:156.25 GB) (Free:91.43 GB) NTFS
Drive e: () (Fixed) (Total:192.32 GB) (Free:119.15 GB) NTFS
Drive f: (CDROOT) (CDROM) (Total:5.85 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20C53A3A)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=192.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
|
|
08.08.2016, 12:22
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avast Antivirus stellt sich nach Start des PC's abZitat:
Sinnvoller wäre es, ein aktuelles System zu installieren statt das im Sterbebett liegende Vista zu retten.
__________________ |
|
| Themen zu Avast Antivirus stellt sich nach Start des PC's ab |
| ad-aware, adware, antivirus, bonjour, browser, cpu-z, error, failed, firefox, flash player, google, home, homepage, iexplore.exe, mozilla, pdfconverter, problem, registry, scan, security, software, svchost.exe, system, trojaner, trojaner board, virus, windows |
Linear-Darstellung
