QuestionGhost
Posts: 72 +0
Scanning...
Solved "Detekt" found "Ghost"_ MWB removed Babylon from Unlocker
- Thread starter QuestionGhost
- Start date
QuestionGhost
Posts: 72 +0
"Congratulations, no cleanup is required"
"Scan finished: No malware found"
"Scan finished: No malware found"
QuestionGhost
Posts: 72 +0
Any more scans necessary?
What about USB-sticks that I used, or SmartPhones / Cameras / WLAN Router that were connected - can they have been infected?
Thank you!
What about USB-sticks that I used, or SmartPhones / Cameras / WLAN Router that were connected - can they have been infected?
Thank you!
Broni
Posts: 56,041 +516
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
QuestionGhost
Posts: 72 +0
ComboFix 15-01-05.01 - Admin 06.01.2015 12:50:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1718 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Admin\Eigene Dateien\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET34.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET40.tmp
G:\autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-06 bis 2015-01-06 ))))))))))))))))))))))))))))))
.
.
2015-01-06 02:01 . 2015-01-06 11:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2014-12-11 00:42 . 2014-12-11 00:42 -------- d-----w- c:\programme\OpenOffice 4
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 02:01 . 2014-11-23 00:04 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-06 02:00 . 2014-11-23 00:03 55000 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-06 00:38 . 2013-11-16 17:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-06 00:38 . 2013-11-16 17:23 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-23 12:54 . 2014-11-23 12:54 75640 ----a-w- c:\windows\system32\drivers\hmpalert.sys
2014-11-23 12:54 . 2014-11-23 12:54 477008 ----a-w- c:\windows\system32\hmpalert.dll
2014-11-21 05:14 . 2014-11-23 00:03 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-23 13:02 . 2014-11-24 17:26 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-23 13:01 . 2014-11-24 17:26 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-23 13:01 . 2014-11-24 17:26 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-31 22:37 . 2013-08-13 12:54 22270576 ----a-w- c:\programme\xul.dll
2014-01-31 22:36 . 2013-08-13 12:54 22640 ----a-w- c:\programme\WSEnable.exe
2014-01-31 22:36 . 2013-08-13 12:54 274032 ----a-w- c:\programme\updater.exe
2014-01-31 22:36 . 2013-08-13 12:54 390256 ----a-w- c:\programme\thunderbird.exe
2014-01-31 22:36 . 2013-08-13 12:54 153200 ----a-w- c:\programme\ssl3.dll
2014-01-31 22:36 . 2013-08-13 12:54 152688 ----a-w- c:\programme\softokn3.dll
2014-01-31 22:36 . 2013-08-13 12:54 93296 ----a-w- c:\programme\smime3.dll
2014-01-31 22:36 . 2013-08-13 12:54 18544 ----a-w- c:\programme\plugin-container.exe
2014-01-31 22:36 . 2013-08-13 12:54 21616 ----a-w- c:\programme\plds4.dll
2014-01-31 22:36 . 2013-08-13 12:54 23152 ----a-w- c:\programme\plc4.dll
2014-01-31 22:36 . 2013-08-13 12:54 105584 ----a-w- c:\programme\nssutil3.dll
2014-01-31 22:36 . 2013-08-13 12:54 92784 ----a-w- c:\programme\nssdbm3.dll
2014-01-31 22:36 . 2013-08-13 12:54 398960 ----a-w- c:\programme\nssckbi.dll
2014-01-31 22:36 . 2013-08-13 12:54 650352 ----a-w- c:\programme\nss3.dll
2014-01-31 22:36 . 2013-08-13 12:54 166512 ----a-w- c:\programme\nspr4.dll
2014-01-31 22:36 . 2013-08-13 12:54 18544 ----a-w- c:\programme\nsldif32v60.dll
2014-01-31 22:36 . 2013-08-13 12:54 23152 ----a-w- c:\programme\nsldappr32v60.dll
2014-01-31 22:36 . 2013-08-13 12:54 158832 ----a-w- c:\programme\nsldap32v60.dll
2014-01-31 22:36 . 2013-08-13 12:54 597616 ----a-w- c:\programme\mozsqlite3.dll
2014-01-31 22:35 . 2013-08-13 12:54 50288 ----a-w- c:\programme\mozMapi32_InUse.dll
2014-01-31 22:35 . 2013-08-13 12:54 50288 ----a-w- c:\programme\mozMapi32.dll
2014-01-31 22:35 . 2013-08-13 12:54 3019376 ----a-w- c:\programme\mozjs.dll
2014-01-31 22:35 . 2013-08-13 12:54 129648 ----a-w- c:\programme\mozglue.dll
2014-01-31 22:35 . 2013-08-13 12:54 17008 ----a-w- c:\programme\mozalloc.dll
2014-01-31 22:35 . 2013-08-13 12:54 19056 ----a-w- c:\programme\MapiProxy_InUse.dll
2014-01-31 22:35 . 2013-08-13 12:54 19056 ----a-w- c:\programme\MapiProxy.dll
2014-01-31 22:35 . 2013-08-13 12:54 194176 ----a-w- c:\programme\maintenanceservice_installer.exe
2014-01-31 22:35 . 2013-08-13 12:54 119408 ----a-w- c:\programme\maintenanceservice.exe
2014-01-31 22:35 . 2013-08-13 12:54 549488 ----a-w- c:\programme\libGLESv2.dll
2014-01-31 22:35 . 2013-08-13 12:54 64112 ----a-w- c:\programme\libEGL.dll
2014-01-31 22:35 . 2013-08-13 12:54 3275888 ----a-w- c:\programme\gkmedias.dll
2014-01-31 22:35 . 2013-08-13 12:54 307824 ----a-w- c:\programme\freebl3.dll
2014-01-31 22:35 . 2013-08-13 12:54 117360 ----a-w- c:\programme\crashreporter.exe
2014-01-31 22:35 . 2014-02-22 01:41 75376 ----a-w- c:\programme\breakpadinjector.dll
2014-01-31 22:35 . 2013-08-13 12:54 20080 ----a-w- c:\programme\AccessibleMarshal.dll
2010-05-26 19:41 . 2013-08-13 12:54 2106216 ----a-w- c:\programme\D3DCompiler_43.dll
2010-03-18 16:15 . 2013-08-13 12:54 770384 ----a-w- c:\programme\msvcr100.dll
2010-03-18 16:15 . 2013-08-13 12:54 421200 ----a-w- c:\programme\msvcp100.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\programme\CCleaner\CCleaner.exe" [2014-10-29 4826904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^Dropbox.lnk]
path=c:\dokumente und einstellungen\Admin\Startmenü\Programme\Autostart\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^OpenOffice.org 3.4.1.lnk]
path=c:\dokumente und einstellungen\Admin\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WISO Mein Sparbuch heute.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04 959904 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-22 06:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-10-02 19:28 1090912 ----a-w- c:\programme\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\programme\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Dokumente und Einstellungen\\Admin\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24.11.2014 18:26 37352]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [24.11.2014 18:26 431920]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\programme\Freemake\CaptureLib\CaptureLibService.exe [16.06.2013 15:15 9216]
R2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [23.11.2014 13:54 75640]
R2 hmpalertsvc;HitmanPro.Alert Service;c:\programme\HitmanPro.Alert\hmpalert.exe [23.11.2014 13:54 1876816]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes Anti-Malware\mbamscheduler.exe [23.11.2014 01:03 1871160]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11.02.2011 22:23 35088]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23.11.2014 01:03 55000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.11.2014 01:03 23256]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [08.07.2010 14:09 606056]
S2 Freemake Improver;Freemake Improver;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [16.06.2013 15:15 101888]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes Anti-Malware\mbamservice.exe [23.11.2014 01:03 969016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.06.2013 06:05 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.06.2013 06:05 8576]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMCHAMELEON
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-16 17:48 1077576 ----a-w- c:\programme\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16 00:38]
.
2015-01-06 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
- c:\windows\system32\xp_eos.exe [2014-03-17 23:28]
.
2015-01-06 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
- c:\windows\system32\xp_eos.exe [2014-03-17 23:28]
.
2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2013-05-30 20:02]
.
2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2013-05-30 20:02]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/|about:addons|about:healthreport
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Cmaudio - cmicnfg.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-06 12:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-06 13:02:25
ComboFix-quarantined-files.txt 2015-01-06 12:02
.
Vor Suchlauf: 10 Verzeichnis(se), 13.820.391.424 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 13.838.368.768 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 58CB84889A63395770AE25B8B754C97A
72B8CE41AF0DE751C946802B3ED844B4
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1718 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Admin\Eigene Dateien\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET34.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET40.tmp
G:\autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-06 bis 2015-01-06 ))))))))))))))))))))))))))))))
.
.
2015-01-06 02:01 . 2015-01-06 11:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2014-12-11 00:42 . 2014-12-11 00:42 -------- d-----w- c:\programme\OpenOffice 4
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 02:01 . 2014-11-23 00:04 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-06 02:00 . 2014-11-23 00:03 55000 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-06 00:38 . 2013-11-16 17:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-06 00:38 . 2013-11-16 17:23 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-23 12:54 . 2014-11-23 12:54 75640 ----a-w- c:\windows\system32\drivers\hmpalert.sys
2014-11-23 12:54 . 2014-11-23 12:54 477008 ----a-w- c:\windows\system32\hmpalert.dll
2014-11-21 05:14 . 2014-11-23 00:03 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-23 13:02 . 2014-11-24 17:26 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-23 13:01 . 2014-11-24 17:26 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-23 13:01 . 2014-11-24 17:26 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-31 22:37 . 2013-08-13 12:54 22270576 ----a-w- c:\programme\xul.dll
2014-01-31 22:36 . 2013-08-13 12:54 22640 ----a-w- c:\programme\WSEnable.exe
2014-01-31 22:36 . 2013-08-13 12:54 274032 ----a-w- c:\programme\updater.exe
2014-01-31 22:36 . 2013-08-13 12:54 390256 ----a-w- c:\programme\thunderbird.exe
2014-01-31 22:36 . 2013-08-13 12:54 153200 ----a-w- c:\programme\ssl3.dll
2014-01-31 22:36 . 2013-08-13 12:54 152688 ----a-w- c:\programme\softokn3.dll
2014-01-31 22:36 . 2013-08-13 12:54 93296 ----a-w- c:\programme\smime3.dll
2014-01-31 22:36 . 2013-08-13 12:54 18544 ----a-w- c:\programme\plugin-container.exe
2014-01-31 22:36 . 2013-08-13 12:54 21616 ----a-w- c:\programme\plds4.dll
2014-01-31 22:36 . 2013-08-13 12:54 23152 ----a-w- c:\programme\plc4.dll
2014-01-31 22:36 . 2013-08-13 12:54 105584 ----a-w- c:\programme\nssutil3.dll
2014-01-31 22:36 . 2013-08-13 12:54 92784 ----a-w- c:\programme\nssdbm3.dll
2014-01-31 22:36 . 2013-08-13 12:54 398960 ----a-w- c:\programme\nssckbi.dll
2014-01-31 22:36 . 2013-08-13 12:54 650352 ----a-w- c:\programme\nss3.dll
2014-01-31 22:36 . 2013-08-13 12:54 166512 ----a-w- c:\programme\nspr4.dll
2014-01-31 22:36 . 2013-08-13 12:54 18544 ----a-w- c:\programme\nsldif32v60.dll
2014-01-31 22:36 . 2013-08-13 12:54 23152 ----a-w- c:\programme\nsldappr32v60.dll
2014-01-31 22:36 . 2013-08-13 12:54 158832 ----a-w- c:\programme\nsldap32v60.dll
2014-01-31 22:36 . 2013-08-13 12:54 597616 ----a-w- c:\programme\mozsqlite3.dll
2014-01-31 22:35 . 2013-08-13 12:54 50288 ----a-w- c:\programme\mozMapi32_InUse.dll
2014-01-31 22:35 . 2013-08-13 12:54 50288 ----a-w- c:\programme\mozMapi32.dll
2014-01-31 22:35 . 2013-08-13 12:54 3019376 ----a-w- c:\programme\mozjs.dll
2014-01-31 22:35 . 2013-08-13 12:54 129648 ----a-w- c:\programme\mozglue.dll
2014-01-31 22:35 . 2013-08-13 12:54 17008 ----a-w- c:\programme\mozalloc.dll
2014-01-31 22:35 . 2013-08-13 12:54 19056 ----a-w- c:\programme\MapiProxy_InUse.dll
2014-01-31 22:35 . 2013-08-13 12:54 19056 ----a-w- c:\programme\MapiProxy.dll
2014-01-31 22:35 . 2013-08-13 12:54 194176 ----a-w- c:\programme\maintenanceservice_installer.exe
2014-01-31 22:35 . 2013-08-13 12:54 119408 ----a-w- c:\programme\maintenanceservice.exe
2014-01-31 22:35 . 2013-08-13 12:54 549488 ----a-w- c:\programme\libGLESv2.dll
2014-01-31 22:35 . 2013-08-13 12:54 64112 ----a-w- c:\programme\libEGL.dll
2014-01-31 22:35 . 2013-08-13 12:54 3275888 ----a-w- c:\programme\gkmedias.dll
2014-01-31 22:35 . 2013-08-13 12:54 307824 ----a-w- c:\programme\freebl3.dll
2014-01-31 22:35 . 2013-08-13 12:54 117360 ----a-w- c:\programme\crashreporter.exe
2014-01-31 22:35 . 2014-02-22 01:41 75376 ----a-w- c:\programme\breakpadinjector.dll
2014-01-31 22:35 . 2013-08-13 12:54 20080 ----a-w- c:\programme\AccessibleMarshal.dll
2010-05-26 19:41 . 2013-08-13 12:54 2106216 ----a-w- c:\programme\D3DCompiler_43.dll
2010-03-18 16:15 . 2013-08-13 12:54 770384 ----a-w- c:\programme\msvcr100.dll
2010-03-18 16:15 . 2013-08-13 12:54 421200 ----a-w- c:\programme\msvcp100.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\programme\CCleaner\CCleaner.exe" [2014-10-29 4826904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^Dropbox.lnk]
path=c:\dokumente und einstellungen\Admin\Startmenü\Programme\Autostart\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^OpenOffice.org 3.4.1.lnk]
path=c:\dokumente und einstellungen\Admin\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WISO Mein Sparbuch heute.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04 959904 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-22 06:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-10-02 19:28 1090912 ----a-w- c:\programme\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\programme\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Dokumente und Einstellungen\\Admin\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24.11.2014 18:26 37352]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [24.11.2014 18:26 431920]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\programme\Freemake\CaptureLib\CaptureLibService.exe [16.06.2013 15:15 9216]
R2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [23.11.2014 13:54 75640]
R2 hmpalertsvc;HitmanPro.Alert Service;c:\programme\HitmanPro.Alert\hmpalert.exe [23.11.2014 13:54 1876816]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes Anti-Malware\mbamscheduler.exe [23.11.2014 01:03 1871160]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11.02.2011 22:23 35088]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23.11.2014 01:03 55000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.11.2014 01:03 23256]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [08.07.2010 14:09 606056]
S2 Freemake Improver;Freemake Improver;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [16.06.2013 15:15 101888]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes Anti-Malware\mbamservice.exe [23.11.2014 01:03 969016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.06.2013 06:05 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.06.2013 06:05 8576]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMCHAMELEON
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-16 17:48 1077576 ----a-w- c:\programme\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16 00:38]
.
2015-01-06 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
- c:\windows\system32\xp_eos.exe [2014-03-17 23:28]
.
2015-01-06 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
- c:\windows\system32\xp_eos.exe [2014-03-17 23:28]
.
2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2013-05-30 20:02]
.
2015-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2013-05-30 20:02]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/|about:addons|about:healthreport
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Cmaudio - cmicnfg.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-06 12:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-06 13:02:25
ComboFix-quarantined-files.txt 2015-01-06 12:02
.
Vor Suchlauf: 10 Verzeichnis(se), 13.820.391.424 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 13.838.368.768 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 58CB84889A63395770AE25B8B754C97A
72B8CE41AF0DE751C946802B3ED844B4
QuestionGhost
Posts: 72 +0
This above is the content of "log - Editor" that opened after running Combofix.
By the way -
One more thing I forgot to mention: My Computer showed unnormal activity when it was presumably infected with "Ghost": it started running out of its sleep mode while there were no tasks programmed for that time (at least not by me / not visible). I'm using sleep mode and wakeup tasks to run some bidding tool.
Excuse my language, I'm not a (digital) native speaker!
By the way -
One more thing I forgot to mention: My Computer showed unnormal activity when it was presumably infected with "Ghost": it started running out of its sleep mode while there were no tasks programmed for that time (at least not by me / not visible). I'm using sleep mode and wakeup tasks to run some bidding tool.
Excuse my language, I'm not a (digital) native speaker!
Broni
Posts: 56,041 +516
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
QuestionGhost
Posts: 72 +0
ADW cleaner showed "Warte" (translates "Wait. De-select items that you do not want to delete) and under that there were no items listed. Was it still searching? It didn#t look like it. Sorry but I must have closed the program accidentally before I could select "delete" or get a log file or anything. I'll try running it again, and then the other two programs. Thanks again!
QuestionGhost
Posts: 72 +0
# AdwCleaner v4.106 - Bericht erstellt am 07/01/2015 um 09:07:33
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Admin - COMPUTER-P
# Gestartet von : C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\adwcleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v34.0.5 (x86 de)
-\\ Google Chrome v34.0.1847.137
*************************
AdwCleaner[R0].txt - [1271 octets] - [07/01/2015 00:13:38]
AdwCleaner[R1].txt - [1331 octets] - [07/01/2015 08:57:17]
AdwCleaner[R2].txt - [1391 octets] - [07/01/2015 09:03:15]
AdwCleaner[S0].txt - [1312 octets] - [07/01/2015 09:07:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1372 octets] ##########
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Admin - COMPUTER-P
# Gestartet von : C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\adwcleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v34.0.5 (x86 de)
-\\ Google Chrome v34.0.1847.137
*************************
AdwCleaner[R0].txt - [1271 octets] - [07/01/2015 00:13:38]
AdwCleaner[R1].txt - [1331 octets] - [07/01/2015 08:57:17]
AdwCleaner[R2].txt - [1391 octets] - [07/01/2015 09:03:15]
AdwCleaner[S0].txt - [1312 octets] - [07/01/2015 09:07:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1372 octets] ##########
QuestionGhost
Posts: 72 +0
I'll let the other programs run later and let you know. Thanks!
QuestionGhost
Posts: 72 +0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by Admin on 07.01.2015 at 17:15:56,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.01.2015 at 17:22:11,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by Admin on 07.01.2015 at 17:15:56,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.01.2015 at 17:22:11,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
QuestionGhost
Posts: 72 +0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by Admin on 07.01.2015 at 17:42:01,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.01.2015 at 17:49:30,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by Admin on 07.01.2015 at 17:42:01,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.01.2015 at 17:49:30,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
QuestionGhost
Posts: 72 +0
I ran the program "JRT" twice and posted both results, because the first time the external harddisc drive was connected only after the program started running. I don't know if this might have had any effect. - Now Il' run the third suggested program.
QuestionGhost
Posts: 72 +0
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-01-2015
Ran by Admin (administrator) on COMPUTER-P on 07-01-2015 18:16:33
Running from C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Loaded Profile: Admin (Available profiles: Admin & P & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Programme\HitmanPro.Alert\hmpalert.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Freemake) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Programme\Freemake\CaptureLib\CaptureLibService.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-682003330-764733703-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Programme\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-682003330-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-682003330-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-682003330-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1369942188984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369942325312
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default
FF Homepage: https://startpage.com/|about:addons|about:healthreport
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\searchplugins\startpagecom.xml
FF Extension: NoScript - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-14]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2013-05-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-06]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-16]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-16]
Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Programme\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-06-13] (Ellora Assets Corp.) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-30] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-30] (Google Inc.)
R2 hmpalertsvc; C:\Programme\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-23] (SurfRight B.V.)
S2 MBAMScheduler; C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114800 2014-12-09] (Mozilla Foundation)
S3 ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [737616 2013-04-18] (Nokia)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [16877 2013-07-14] (Adaptec) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1373120 2006-06-09] (C-Media Inc)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R2 hmpalert; C:\WINDOWS\System32\drivers\hmpalert.sys [75640 2014-11-23] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [55000 2015-01-06] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-05-30] (Duplex Secure Ltd.)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-10-23] (Avira GmbH)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] () [File not signed]
S3 catchme; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 18:16 - 2015-01-07 18:16 - 00000000 ____D () C:\FRST
2015-01-07 18:08 - 2015-01-07 18:08 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT_b.txt
2015-01-07 17:49 - 2015-01-07 17:49 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT.txt
2015-01-07 17:41 - 2015-01-07 17:41 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT_a.txt
2015-01-07 17:15 - 2015-01-07 17:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-07 09:18 - 2015-01-07 09:18 - 00001452 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\AdwCleaner[S0].txt
2015-01-07 00:13 - 2015-01-07 09:07 - 00000000 ____D () C:\AdwCleaner
2015-01-07 00:11 - 2015-01-07 00:11 - 00003760 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\ADW Cleaner ua.txt
2015-01-06 13:02 - 2015-01-07 18:17 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00013537 _____ () C:\ComboFix.txt
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp
2015-01-06 12:48 - 2013-09-09 23:26 - 00000211 _____ () C:\Boot.bak
2015-01-06 12:48 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2015-01-06 12:47 - 2015-01-06 12:48 - 00000000 _RSHD () C:\cmdcons
2015-01-06 12:45 - 2015-01-06 13:02 - 00000000 ____D () C:\Qoobox
2015-01-06 12:45 - 2015-01-06 13:00 - 00000000 ____D () C:\WINDOWS\erdnt
2015-01-06 12:45 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-06 12:45 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-06 12:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-06 12:36 - 2015-01-06 12:36 - 00006238 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Combofix .txt
2015-01-06 03:01 - 2015-01-06 12:38 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-01-06 03:00 - 2015-01-06 12:38 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Desktop\mbar
2015-01-06 02:26 - 2015-01-06 02:26 - 00001812 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Download RogueKiller from one of the following links and save it.txt
2015-01-06 02:25 - 2015-01-06 02:25 - 00001812 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\ Download RogueKiller from one of the following links and save it .txt
2015-01-06 01:54 - 2015-01-06 01:54 - 00003290 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.zip
2015-01-06 01:43 - 2015-01-06 01:43 - 00002950 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.7z
2015-01-06 01:16 - 2015-01-06 01:16 - 00000106 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\link_techspot.txt
2015-01-06 01:16 - 2015-01-06 01:16 - 00000103 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\link.txt
2015-01-06 01:14 - 2015-01-06 01:14 - 00014005 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.txt
2015-01-06 01:14 - 2015-01-06 01:14 - 00006850 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\dds_editor.txt
2015-01-06 00:52 - 2015-01-06 00:52 - 00014005 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach.txt
2015-01-06 00:52 - 2015-01-06 00:52 - 00006850 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\dds.txt
2015-01-06 00:02 - 2015-01-06 00:02 - 00001088 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Babylon.Unlocker_ScanMWBytes_b.txt
2015-01-05 23:56 - 2015-01-05 23:56 - 00001082 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Babylon.Unlocker_ScanMWB.txt
2014-12-11 01:43 - 2014-12-11 01:44 - 00000000 ___SD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice 4.1.1
2014-12-11 01:43 - 2014-12-11 01:43 - 00000853 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice 4.1.1.lnk
2014-12-11 01:42 - 2014-12-11 01:42 - 00000000 ____D () C:\Programme\OpenOffice 4
2014-12-11 01:26 - 2014-12-11 01:27 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-12-09 23:35 - 2014-12-09 23:36 - 00000000 ____D () C:\Programme\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 18:05 - 2013-05-30 21:02 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 17:41 - 2014-11-24 17:31 - 00007202 _____ () C:\WINDOWS\setupapi.log
2015-01-07 17:31 - 2013-11-16 18:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-07 17:13 - 2013-05-30 18:44 - 01833053 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-07 16:59 - 2014-11-23 13:54 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-07 09:19 - 2013-12-05 20:03 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-07 09:18 - 2014-11-23 01:04 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 09:11 - 2014-04-30 00:31 - 00000222 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2015-01-07 09:11 - 2013-06-10 15:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-07 09:11 - 2013-06-10 15:02 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-07 09:11 - 2013-05-30 21:02 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 09:11 - 2013-05-30 18:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-07 09:11 - 2003-04-02 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-07 09:08 - 2013-06-16 19:31 - 00341462 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-18-0.dat
2015-01-07 09:08 - 2013-06-16 19:31 - 00132910 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-01-07 09:08 - 2013-06-16 15:36 - 00065536 _____ () C:\WINDOWS\system32\config\CaptureL.evt
2015-01-07 09:08 - 2013-05-30 19:06 - 00000190 ___SH () C:\Dokumente und Einstellungen\Admin\ntuser.ini
2015-01-07 09:08 - 2013-05-30 19:06 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin
2015-01-07 09:08 - 2013-05-30 18:49 - 00032478 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-07 00:52 - 2013-05-30 19:05 - 00000000 ____D () C:\Dokumente und Einstellungen\P
2015-01-06 16:37 - 2013-05-31 19:03 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-06 13:02 - 2013-05-30 18:49 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2015-01-06 12:58 - 2003-04-02 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-06 12:56 - 2013-05-30 18:41 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-06 12:48 - 2013-05-30 20:26 - 00000327 __RSH () C:\boot.ini
2015-01-06 03:00 - 2014-11-23 01:03 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-06 02:40 - 2013-05-31 17:06 - 00000190 __SHC () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2015-01-06 02:40 - 2013-05-31 17:06 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2015-01-06 02:27 - 2013-05-30 19:18 - 00019112 ____C () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2015-01-06 01:38 - 2014-10-14 09:52 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Adobe
2015-01-06 01:38 - 2013-11-16 18:23 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-06 01:38 - 2013-11-16 18:23 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-06 01:24 - 2014-04-30 00:31 - 00000216 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2015-01-06 01:20 - 2013-05-31 01:51 - 00000000 ____D () C:\Programme\Biet-O-Matic
2015-01-06 00:58 - 2013-05-30 19:31 - 00000000 ____D () C:\Programme
2015-01-05 21:01 - 2014-11-23 01:03 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 21:01 - 2014-11-23 01:03 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2015-01-05 21:01 - 2014-11-23 01:03 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-12-16 18:35 - 2013-05-30 18:49 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-12-15 01:46 - 2013-05-30 21:34 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-12-15 01:46 - 2013-05-30 19:27 - 00122136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-11 01:43 - 2013-05-30 19:30 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-12-11 01:41 - 2013-05-31 01:09 - 00000000 ____D () C:\Programme\OpenOffice.org 3
2014-12-11 01:37 - 2013-07-16 17:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 01:34 - 2013-05-30 19:31 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Microsoft Shared
2014-12-11 01:16 - 2013-05-31 01:47 - 109818608 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\avgnt.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Ran by Admin (administrator) on COMPUTER-P on 07-01-2015 18:16:33
Running from C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Loaded Profile: Admin (Available profiles: Admin & P & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Programme\HitmanPro.Alert\hmpalert.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Freemake) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Programme\Freemake\CaptureLib\CaptureLibService.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-682003330-764733703-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Programme\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-682003330-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-682003330-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-682003330-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1369942188984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369942325312
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default
FF Homepage: https://startpage.com/|about:addons|about:healthreport
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\searchplugins\startpagecom.xml
FF Extension: NoScript - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-14]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2013-05-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-06]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-16]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-16]
Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Programme\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-06-13] (Ellora Assets Corp.) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-30] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-30] (Google Inc.)
R2 hmpalertsvc; C:\Programme\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-23] (SurfRight B.V.)
S2 MBAMScheduler; C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114800 2014-12-09] (Mozilla Foundation)
S3 ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [737616 2013-04-18] (Nokia)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [16877 2013-07-14] (Adaptec) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1373120 2006-06-09] (C-Media Inc)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R2 hmpalert; C:\WINDOWS\System32\drivers\hmpalert.sys [75640 2014-11-23] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [55000 2015-01-06] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-05-30] (Duplex Secure Ltd.)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-10-23] (Avira GmbH)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] () [File not signed]
S3 catchme; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 18:16 - 2015-01-07 18:16 - 00000000 ____D () C:\FRST
2015-01-07 18:08 - 2015-01-07 18:08 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT_b.txt
2015-01-07 17:49 - 2015-01-07 17:49 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT.txt
2015-01-07 17:41 - 2015-01-07 17:41 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT_a.txt
2015-01-07 17:15 - 2015-01-07 17:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-07 09:18 - 2015-01-07 09:18 - 00001452 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\AdwCleaner[S0].txt
2015-01-07 00:13 - 2015-01-07 09:07 - 00000000 ____D () C:\AdwCleaner
2015-01-07 00:11 - 2015-01-07 00:11 - 00003760 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\ADW Cleaner ua.txt
2015-01-06 13:02 - 2015-01-07 18:17 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00013537 _____ () C:\ComboFix.txt
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp
2015-01-06 12:48 - 2013-09-09 23:26 - 00000211 _____ () C:\Boot.bak
2015-01-06 12:48 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2015-01-06 12:47 - 2015-01-06 12:48 - 00000000 _RSHD () C:\cmdcons
2015-01-06 12:45 - 2015-01-06 13:02 - 00000000 ____D () C:\Qoobox
2015-01-06 12:45 - 2015-01-06 13:00 - 00000000 ____D () C:\WINDOWS\erdnt
2015-01-06 12:45 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-06 12:45 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-06 12:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-06 12:36 - 2015-01-06 12:36 - 00006238 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Combofix .txt
2015-01-06 03:01 - 2015-01-06 12:38 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-01-06 03:00 - 2015-01-06 12:38 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Desktop\mbar
2015-01-06 02:26 - 2015-01-06 02:26 - 00001812 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Download RogueKiller from one of the following links and save it.txt
2015-01-06 02:25 - 2015-01-06 02:25 - 00001812 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\ Download RogueKiller from one of the following links and save it .txt
2015-01-06 01:54 - 2015-01-06 01:54 - 00003290 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.zip
2015-01-06 01:43 - 2015-01-06 01:43 - 00002950 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.7z
2015-01-06 01:16 - 2015-01-06 01:16 - 00000106 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\link_techspot.txt
2015-01-06 01:16 - 2015-01-06 01:16 - 00000103 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\link.txt
2015-01-06 01:14 - 2015-01-06 01:14 - 00014005 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.txt
2015-01-06 01:14 - 2015-01-06 01:14 - 00006850 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\dds_editor.txt
2015-01-06 00:52 - 2015-01-06 00:52 - 00014005 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach.txt
2015-01-06 00:52 - 2015-01-06 00:52 - 00006850 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\dds.txt
2015-01-06 00:02 - 2015-01-06 00:02 - 00001088 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Babylon.Unlocker_ScanMWBytes_b.txt
2015-01-05 23:56 - 2015-01-05 23:56 - 00001082 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Babylon.Unlocker_ScanMWB.txt
2014-12-11 01:43 - 2014-12-11 01:44 - 00000000 ___SD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice 4.1.1
2014-12-11 01:43 - 2014-12-11 01:43 - 00000853 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice 4.1.1.lnk
2014-12-11 01:42 - 2014-12-11 01:42 - 00000000 ____D () C:\Programme\OpenOffice 4
2014-12-11 01:26 - 2014-12-11 01:27 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-12-09 23:35 - 2014-12-09 23:36 - 00000000 ____D () C:\Programme\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 18:05 - 2013-05-30 21:02 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 17:41 - 2014-11-24 17:31 - 00007202 _____ () C:\WINDOWS\setupapi.log
2015-01-07 17:31 - 2013-11-16 18:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-07 17:13 - 2013-05-30 18:44 - 01833053 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-07 16:59 - 2014-11-23 13:54 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-07 09:19 - 2013-12-05 20:03 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-07 09:18 - 2014-11-23 01:04 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 09:11 - 2014-04-30 00:31 - 00000222 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2015-01-07 09:11 - 2013-06-10 15:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-07 09:11 - 2013-06-10 15:02 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-07 09:11 - 2013-05-30 21:02 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 09:11 - 2013-05-30 18:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-07 09:11 - 2003-04-02 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-07 09:08 - 2013-06-16 19:31 - 00341462 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-18-0.dat
2015-01-07 09:08 - 2013-06-16 19:31 - 00132910 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-01-07 09:08 - 2013-06-16 15:36 - 00065536 _____ () C:\WINDOWS\system32\config\CaptureL.evt
2015-01-07 09:08 - 2013-05-30 19:06 - 00000190 ___SH () C:\Dokumente und Einstellungen\Admin\ntuser.ini
2015-01-07 09:08 - 2013-05-30 19:06 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin
2015-01-07 09:08 - 2013-05-30 18:49 - 00032478 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-07 00:52 - 2013-05-30 19:05 - 00000000 ____D () C:\Dokumente und Einstellungen\P
2015-01-06 16:37 - 2013-05-31 19:03 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-06 13:02 - 2013-05-30 18:49 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2015-01-06 12:58 - 2003-04-02 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-06 12:56 - 2013-05-30 18:41 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-06 12:48 - 2013-05-30 20:26 - 00000327 __RSH () C:\boot.ini
2015-01-06 03:00 - 2014-11-23 01:03 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-06 02:40 - 2013-05-31 17:06 - 00000190 __SHC () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2015-01-06 02:40 - 2013-05-31 17:06 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2015-01-06 02:27 - 2013-05-30 19:18 - 00019112 ____C () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2015-01-06 01:38 - 2014-10-14 09:52 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Adobe
2015-01-06 01:38 - 2013-11-16 18:23 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-06 01:38 - 2013-11-16 18:23 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-06 01:24 - 2014-04-30 00:31 - 00000216 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2015-01-06 01:20 - 2013-05-31 01:51 - 00000000 ____D () C:\Programme\Biet-O-Matic
2015-01-06 00:58 - 2013-05-30 19:31 - 00000000 ____D () C:\Programme
2015-01-05 21:01 - 2014-11-23 01:03 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 21:01 - 2014-11-23 01:03 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2015-01-05 21:01 - 2014-11-23 01:03 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-12-16 18:35 - 2013-05-30 18:49 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-12-15 01:46 - 2013-05-30 21:34 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-12-15 01:46 - 2013-05-30 19:27 - 00122136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-11 01:43 - 2013-05-30 19:30 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-12-11 01:41 - 2013-05-31 01:09 - 00000000 ____D () C:\Programme\OpenOffice.org 3
2014-12-11 01:37 - 2013-07-16 17:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 01:34 - 2013-05-30 19:31 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Microsoft Shared
2014-12-11 01:16 - 2013-05-31 01:47 - 109818608 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\avgnt.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
QuestionGhost
Posts: 72 +0
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-01-2015
Ran by Admin at 2015-01-07 18:17:46
Running from C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ABC Amber Audio Converter (HKLM\...\ABC Amber Audio Converter) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Areca (HKLM\...\Areca) (Version: - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Belkin USB Wireless Adaptor (HKLM\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (Version: 1.0.0.10 - Belkin) Hidden
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
C-Media WDM Audio Driver (HKLM\...\C-Media Audio Driver) (Version: - )
Dropbox (HKU\S-1-5-21-682003330-764733703-839522115-1003\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.5.1 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.1 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Hotfix für Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904) (HKLM\...\KB2834904_WM11) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813170) (HKLM\...\KB2813170) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2829361) (HKLM\...\KB2829361) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2884256) (HKLM\...\KB2884256) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB941569) (HKLM\...\KB941569) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WISO Sparbuch 2010 (HKLM\...\{46B70DEB-97B3-4E38-B746-EC16905E6A8F}) (Version: 17.00.6531 - Buhl Data Service GmbH)
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
24-11-2014 00:40:52 Systemprüfpunkt
24-11-2014 18:13:23 avast! antivirus system restore point
24-11-2014 22:46:05 Systemprüfpunkt
25-11-2014 23:28:11 Systemprüfpunkt
27-11-2014 08:56:34 Systemprüfpunkt
28-11-2014 18:28:44 Systemprüfpunkt
29-11-2014 23:49:06 Systemprüfpunkt
01-12-2014 01:59:54 Systemprüfpunkt
03-12-2014 18:48:22 Systemprüfpunkt
05-12-2014 21:30:36 Systemprüfpunkt
07-12-2014 19:49:59 Systemprüfpunkt
08-12-2014 20:34:31 Systemprüfpunkt
10-12-2014 16:26:55 Systemprüfpunkt
11-12-2014 01:15:59 Software Distribution Service 3.0
11-12-2014 01:39:55 OpenOffice.org 3.4.1 wird entfernt
11-12-2014 01:42:00 OpenOffice 4.1.1 wird installiert
12-12-2014 20:55:23 Systemprüfpunkt
13-12-2014 21:53:07 Systemprüfpunkt
14-12-2014 22:08:38 Systemprüfpunkt
15-12-2014 22:35:35 Systemprüfpunkt
17-12-2014 03:18:41 Systemprüfpunkt
18-12-2014 16:54:21 Systemprüfpunkt
19-12-2014 16:56:28 Systemprüfpunkt
20-12-2014 17:24:35 Systemprüfpunkt
21-12-2014 21:01:21 Systemprüfpunkt
22-12-2014 21:24:18 Systemprüfpunkt
24-12-2014 00:12:30 Systemprüfpunkt
25-12-2014 00:52:34 Systemprüfpunkt
26-12-2014 01:15:39 Systemprüfpunkt
27-12-2014 01:19:36 Systemprüfpunkt
28-12-2014 16:48:38 Systemprüfpunkt
05-01-2015 15:44:38 Systemprüfpunkt
06-01-2015 02:59:56 vor MBAR Anti Rootkit
07-01-2015 17:37:51 Systemprüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2003-04-02 13:00 - 2015-01-06 12:58 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-12-09 23:35 - 2014-12-09 23:36 - 03758192 _____ () C:\Programme\Mozilla Firefox\mozjs.dll
2015-01-06 01:38 - 2015-01-06 01:38 - 16843952 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^OpenOffice.org 3.4.1.lnk => C:\WINDOWS\pss\OpenOffice.org 3.4.1.lnkStartup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WISO Mein Sparbuch heute.lnk => C:\WINDOWS\pss\WISO Mein Sparbuch heute.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: NokiaSuite.exe => C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: UnlockerAssistant => "C:\Programme\Unlocker\UnlockerAssistant.exe"
========================= Accounts: ==========================
Admin (S-1-5-21-682003330-764733703-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Admin
Administrator (S-1-5-21-682003330-764733703-839522115-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
Gast (S-1-5-21-682003330-764733703-839522115-501 - Limited - Disabled)
Hilfeassistent (S-1-5-21-682003330-764733703-839522115-1000 - Limited - Disabled)
P (S-1-5-21-682003330-764733703-839522115-1004 - Limited - Enabled) => %SystemDrive%\Dokumente und Einstellungen\P
SUPPORT_388945a0 (S-1-5-21-682003330-764733703-839522115-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: C-Media AC97 Audio Device
Description: C-Media AC97 Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: C-Media
Service: cmuda
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: N8-00
Description: N8-00
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2015 06:16:42 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (01/07/2015 06:16:42 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (01/07/2015 09:11:24 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: Fehlgeschlagene Anwendung avira_de____fm.exe, Version 1.1.25.25607, fehlgeschlagenes Modul avira_de____fm.exe, Version 1.1.25.25607, Fehleradresse 0x00007290.
Fehler beim Erstellen des resultierenden PEAP-TLV als Antwort auf das empfangene PEAP-TLV (avira_de____fm.exe!ld!)
Error: (01/07/2015 01:00:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung avira_de____fm.exe, Version 1.1.25.25607, fehlgeschlagenes Modul avira_de____fm.exe, Version 1.1.25.25607, Fehleradresse 0x00007290.
Das medienspezifische Ereignis für [avira_de____fm.exe!ws!] wird verarbeitet.
Error: (01/06/2015 00:28:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: FreemakeUtilsService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei System.Security.Principal.SecurityIdentifier..ctor(System.String)
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
bei FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
bei FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
bei FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/06/2015 00:27:16 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 freemakeutilsservice.exe, P2 1.0.0.0, P3 51b98e13, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 6141, P8 39, P9 clr20r30, P10 clr20r31.
Error: (01/06/2015 02:45:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung winlogon.com.exe, Version 10.1.1.0, fehlgeschlagenes Modul winlogon.com.exe, Version 10.1.1.0, Fehleradresse 0x001a62a0.
Das medienspezifische Ereignis für [winlogon.com.exe!ws!] wird verarbeitet.
Error: (01/06/2015 02:40:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung winlogon.com.exe, Version 10.1.1.0, fehlgeschlagenes Modul winlogon.com.exe, Version 10.1.1.0, Fehleradresse 0x001a62a0.
Das medienspezifische Ereignis für [winlogon.com.exe!ws!] wird verarbeitet.
Error: (01/06/2015 02:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung winlogon.com.exe, Version 10.1.1.0, fehlgeschlagenes Modul winlogon.com.exe, Version 10.1.1.0, Fehleradresse 0x001a62a0.
Das medienspezifische Ereignis für [winlogon.com.exe!ws!] wird verarbeitet.
Error: (01/06/2015 02:39:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung winlogon.com.exe, Version 10.1.1.0, fehlgeschlagenes Modul winlogon.com.exe, Version 10.1.1.0, Fehleradresse 0x001a62a0.
Das medienspezifische Ereignis für [winlogon.com.exe!ws!] wird verarbeitet.
System errors:
=============
Error: (01/07/2015 04:59:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst WZCSVC.
Error: (01/07/2015 09:12:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Freemake Improver" wurde nicht ordnungsgemäß gestartet.
Error: (01/06/2015 11:09:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService.
Error: (01/06/2015 00:58:23 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: Das Gerät "Root\LEGACY_UNLOCKERDRIVER5\0000" wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error: (01/06/2015 00:28:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/06/2015 00:27:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler.
Error: (01/06/2015 02:43:59 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Freemake Improver" wurde nicht ordnungsgemäß gestartet.
Error: (01/06/2015 01:55:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Freemake Improver" wurde nicht ordnungsgemäß gestartet.
Error: (01/06/2015 01:26:40 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Freemake Improver" wurde nicht ordnungsgemäß gestartet.
Error: (01/05/2015 11:39:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/07/2015 06:16:42 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (01/07/2015 06:16:42 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (01/07/2015 09:11:24 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: avira_de____fm.exe1.1.25.25607avira_de____fm.exe1.1.25.2560700007290
Error: (01/07/2015 01:00:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avira_de____fm.exe1.1.25.25607avira_de____fm.exe1.1.25.2560700007290
Error: (01/06/2015 00:28:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: FreemakeUtilsService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei System.Security.Principal.SecurityIdentifier..ctor(System.String)
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
bei FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
bei FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
bei FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/06/2015 00:27:16 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3freemakeutilsservice.exe1.0.0.051b98e13mscorlib4.0.0.052ccf750614139system.argumentexceptionNIL
Error: (01/06/2015 02:45:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: winlogon.com.exe10.1.1.0winlogon.com.exe10.1.1.0001a62a0
Error: (01/06/2015 02:40:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: winlogon.com.exe10.1.1.0winlogon.com.exe10.1.1.0001a62a0
Error: (01/06/2015 02:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: winlogon.com.exe10.1.1.0winlogon.com.exe10.1.1.0001a62a0
Error: (01/06/2015 02:39:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: winlogon.com.exe10.1.1.0winlogon.com.exe10.1.1.0001a62a0
==================== Memory info ===========================
Processor: AMD Athlon(tm) XP 2400+
Percentage of memory in use: 48%
Total physical RAM: 2047.48 MB
Available physical RAM: 1055.27 MB
Total Pagefile: 3943.38 MB
Available Pagefile: 2904.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:38.28 GB) (Free:12.97 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (Elements) (Fixed) (Total:1397.26 GB) (Free:1061.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 38.3 GB) (Disk ID: 8EF98EF9)
Partition 1: (Active) - (Size=38.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 000FEF48)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ran by Admin at 2015-01-07 18:17:46
Running from C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ABC Amber Audio Converter (HKLM\...\ABC Amber Audio Converter) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Areca (HKLM\...\Areca) (Version: - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Belkin USB Wireless Adaptor (HKLM\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (Version: 1.0.0.10 - Belkin) Hidden
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
C-Media WDM Audio Driver (HKLM\...\C-Media Audio Driver) (Version: - )
Dropbox (HKU\S-1-5-21-682003330-764733703-839522115-1003\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.5.1 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.1 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Hotfix für Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904) (HKLM\...\KB2834904_WM11) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813170) (HKLM\...\KB2813170) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2829361) (HKLM\...\KB2829361) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2884256) (HKLM\...\KB2884256) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB941569) (HKLM\...\KB941569) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WISO Sparbuch 2010 (HKLM\...\{46B70DEB-97B3-4E38-B746-EC16905E6A8F}) (Version: 17.00.6531 - Buhl Data Service GmbH)
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-764733703-839522115-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
24-11-2014 00:40:52 Systemprüfpunkt
24-11-2014 18:13:23 avast! antivirus system restore point
24-11-2014 22:46:05 Systemprüfpunkt
25-11-2014 23:28:11 Systemprüfpunkt
27-11-2014 08:56:34 Systemprüfpunkt
28-11-2014 18:28:44 Systemprüfpunkt
29-11-2014 23:49:06 Systemprüfpunkt
01-12-2014 01:59:54 Systemprüfpunkt
03-12-2014 18:48:22 Systemprüfpunkt
05-12-2014 21:30:36 Systemprüfpunkt
07-12-2014 19:49:59 Systemprüfpunkt
08-12-2014 20:34:31 Systemprüfpunkt
10-12-2014 16:26:55 Systemprüfpunkt
11-12-2014 01:15:59 Software Distribution Service 3.0
11-12-2014 01:39:55 OpenOffice.org 3.4.1 wird entfernt
11-12-2014 01:42:00 OpenOffice 4.1.1 wird installiert
12-12-2014 20:55:23 Systemprüfpunkt
13-12-2014 21:53:07 Systemprüfpunkt
14-12-2014 22:08:38 Systemprüfpunkt
15-12-2014 22:35:35 Systemprüfpunkt
17-12-2014 03:18:41 Systemprüfpunkt
18-12-2014 16:54:21 Systemprüfpunkt
19-12-2014 16:56:28 Systemprüfpunkt
20-12-2014 17:24:35 Systemprüfpunkt
21-12-2014 21:01:21 Systemprüfpunkt
22-12-2014 21:24:18 Systemprüfpunkt
24-12-2014 00:12:30 Systemprüfpunkt
25-12-2014 00:52:34 Systemprüfpunkt
26-12-2014 01:15:39 Systemprüfpunkt
27-12-2014 01:19:36 Systemprüfpunkt
28-12-2014 16:48:38 Systemprüfpunkt
05-01-2015 15:44:38 Systemprüfpunkt
06-01-2015 02:59:56 vor MBAR Anti Rootkit
07-01-2015 17:37:51 Systemprüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2003-04-02 13:00 - 2015-01-06 12:58 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-12-09 23:35 - 2014-12-09 23:36 - 03758192 _____ () C:\Programme\Mozilla Firefox\mozjs.dll
2015-01-06 01:38 - 2015-01-06 01:38 - 16843952 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^OpenOffice.org 3.4.1.lnk => C:\WINDOWS\pss\OpenOffice.org 3.4.1.lnkStartup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WISO Mein Sparbuch heute.lnk => C:\WINDOWS\pss\WISO Mein Sparbuch heute.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: NokiaSuite.exe => C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: UnlockerAssistant => "C:\Programme\Unlocker\UnlockerAssistant.exe"
========================= Accounts: ==========================
Admin (S-1-5-21-682003330-764733703-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Admin
Administrator (S-1-5-21-682003330-764733703-839522115-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
Gast (S-1-5-21-682003330-764733703-839522115-501 - Limited - Disabled)
Hilfeassistent (S-1-5-21-682003330-764733703-839522115-1000 - Limited - Disabled)
P (S-1-5-21-682003330-764733703-839522115-1004 - Limited - Enabled) => %SystemDrive%\Dokumente und Einstellungen\P
SUPPORT_388945a0 (S-1-5-21-682003330-764733703-839522115-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: C-Media AC97 Audio Device
Description: C-Media AC97 Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: C-Media
Service: cmuda
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: N8-00
Description: N8-00
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2015 06:16:42 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (01/07/2015 06:16:42 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (01/07/2015 09:11:24 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: Fehlgeschlagene Anwendung avira_de____fm.exe, Version 1.1.25.25607, fehlgeschlagenes Modul avira_de____fm.exe, Version 1.1.25.25607, Fehleradresse 0x00007290.
Fehler beim Erstellen des resultierenden PEAP-TLV als Antwort auf das empfangene PEAP-TLV (avira_de____fm.exe!ld!)
Error: (01/07/2015 01:00:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung avira_de____fm.exe, Version 1.1.25.25607, fehlgeschlagenes Modul avira_de____fm.exe, Version 1.1.25.25607, Fehleradresse 0x00007290.
Das medienspezifische Ereignis für [avira_de____fm.exe!ws!] wird verarbeitet.
Error: (01/06/2015 00:28:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: FreemakeUtilsService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei System.Security.Principal.SecurityIdentifier..ctor(System.String)
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
bei FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
bei FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
bei FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/06/2015 00:27:16 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 freemakeutilsservice.exe, P2 1.0.0.0, P3 51b98e13, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 6141, P8 39, P9 clr20r30, P10 clr20r31.
Error: (01/06/2015 02:45:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung winlogon.com.exe, Version 10.1.1.0, fehlgeschlagenes Modul winlogon.com.exe, Version 10.1.1.0, Fehleradresse 0x001a62a0.
Das medienspezifische Ereignis für [winlogon.com.exe!ws!] wird verarbeitet.
Error: (01/06/2015 02:40:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung winlogon.com.exe, Version 10.1.1.0, fehlgeschlagenes Modul winlogon.com.exe, Version 10.1.1.0, Fehleradresse 0x001a62a0.
Das medienspezifische Ereignis für [winlogon.com.exe!ws!] wird verarbeitet.
Error: (01/06/2015 02:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung winlogon.com.exe, Version 10.1.1.0, fehlgeschlagenes Modul winlogon.com.exe, Version 10.1.1.0, Fehleradresse 0x001a62a0.
Das medienspezifische Ereignis für [winlogon.com.exe!ws!] wird verarbeitet.
Error: (01/06/2015 02:39:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung winlogon.com.exe, Version 10.1.1.0, fehlgeschlagenes Modul winlogon.com.exe, Version 10.1.1.0, Fehleradresse 0x001a62a0.
Das medienspezifische Ereignis für [winlogon.com.exe!ws!] wird verarbeitet.
System errors:
=============
Error: (01/07/2015 04:59:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst WZCSVC.
Error: (01/07/2015 09:12:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Freemake Improver" wurde nicht ordnungsgemäß gestartet.
Error: (01/06/2015 11:09:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService.
Error: (01/06/2015 00:58:23 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: Das Gerät "Root\LEGACY_UNLOCKERDRIVER5\0000" wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error: (01/06/2015 00:28:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/06/2015 00:27:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler.
Error: (01/06/2015 02:43:59 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Freemake Improver" wurde nicht ordnungsgemäß gestartet.
Error: (01/06/2015 01:55:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Freemake Improver" wurde nicht ordnungsgemäß gestartet.
Error: (01/06/2015 01:26:40 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Freemake Improver" wurde nicht ordnungsgemäß gestartet.
Error: (01/05/2015 11:39:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/07/2015 06:16:42 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (01/07/2015 06:16:42 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (01/07/2015 09:11:24 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: avira_de____fm.exe1.1.25.25607avira_de____fm.exe1.1.25.2560700007290
Error: (01/07/2015 01:00:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avira_de____fm.exe1.1.25.25607avira_de____fm.exe1.1.25.2560700007290
Error: (01/06/2015 00:28:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: FreemakeUtilsService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei System.Security.Principal.SecurityIdentifier..ctor(System.String)
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
bei FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
bei FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
bei FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/06/2015 00:27:16 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3freemakeutilsservice.exe1.0.0.051b98e13mscorlib4.0.0.052ccf750614139system.argumentexceptionNIL
Error: (01/06/2015 02:45:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: winlogon.com.exe10.1.1.0winlogon.com.exe10.1.1.0001a62a0
Error: (01/06/2015 02:40:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: winlogon.com.exe10.1.1.0winlogon.com.exe10.1.1.0001a62a0
Error: (01/06/2015 02:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: winlogon.com.exe10.1.1.0winlogon.com.exe10.1.1.0001a62a0
Error: (01/06/2015 02:39:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: winlogon.com.exe10.1.1.0winlogon.com.exe10.1.1.0001a62a0
==================== Memory info ===========================
Processor: AMD Athlon(tm) XP 2400+
Percentage of memory in use: 48%
Total physical RAM: 2047.48 MB
Available physical RAM: 1055.27 MB
Total Pagefile: 3943.38 MB
Available Pagefile: 2904.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:38.28 GB) (Free:12.97 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (Elements) (Fixed) (Total:1397.26 GB) (Free:1061.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 38.3 GB) (Disk ID: 8EF98EF9)
Partition 1: (Active) - (Size=38.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 000FEF48)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
QuestionGhost
Posts: 72 +0
Done with the three Programs.
Any more scans necessary?
What about USB-sticks that I used, or SmartPhones / Cameras / WLAN Router that were connected - can they have been infected?
Thank you!
Any more scans necessary?
What about USB-sticks that I used, or SmartPhones / Cameras / WLAN Router that were connected - can they have been infected?
Thank you!
Broni
Posts: 56,041 +516
You can scan those devices with your AV program.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
QuestionGhost
Posts: 72 +0
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Admin (administrator) on COMPUTER-P on 07-01-2015 22:57:40
Running from C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Loaded Profiles: Admin & P (Available profiles: Admin & P & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Programme\HitmanPro.Alert\hmpalert.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Freemake) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Programme\Freemake\CaptureLib\CaptureLibService.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Nokia) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-682003330-764733703-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Programme\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-682003330-764733703-839522115-1004\...\Run: [NokiaSuite.exe] => C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-682003330-764733703-839522115-1004\...\Run: [MSMSGS] => C:\Programme\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-682003330-764733703-839522115-1004\...\Run: [CCleaner Monitoring] => C:\Programme\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-682003330-764733703-839522115-1004\...\MountPoints2: {51c6b2c0-c971-11e2-b820-806d6172696f} - E:\autorun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-682003330-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-682003330-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-682003330-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-682003330-764733703-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/
HKU\S-1-5-21-682003330-764733703-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1369942188984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369942325312
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default
FF Homepage: https://startpage.com/|about:addons|about:healthreport
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\searchplugins\startpagecom.xml
FF Extension: NoScript - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-14]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2013-05-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-06]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-16]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-16]
Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Programme\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-06-13] (Ellora Assets Corp.) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-30] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-30] (Google Inc.)
R2 hmpalertsvc; C:\Programme\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-23] (SurfRight B.V.)
S2 MBAMScheduler; C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114800 2014-12-09] (Mozilla Foundation)
R3 ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [737616 2013-04-18] (Nokia)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [16877 2013-07-14] (Adaptec) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1373120 2006-06-09] (C-Media Inc)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R2 hmpalert; C:\WINDOWS\System32\drivers\hmpalert.sys [75640 2014-11-23] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [55000 2015-01-06] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-05-30] (Duplex Secure Ltd.)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-10-23] (Avira GmbH)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] () [File not signed]
S3 catchme; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 18:41 - 2015-01-07 18:41 - 00043233 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\FRST_Addition.txt
2015-01-07 18:41 - 2015-01-07 18:41 - 00023182 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\FRST.txt
2015-01-07 18:16 - 2015-01-07 22:57 - 00000000 ____D () C:\FRST
2015-01-07 18:08 - 2015-01-07 18:08 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT_b.txt
2015-01-07 17:49 - 2015-01-07 17:49 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT.txt
2015-01-07 17:41 - 2015-01-07 17:41 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT_a.txt
2015-01-07 17:15 - 2015-01-07 17:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-07 09:18 - 2015-01-07 09:18 - 00001452 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\AdwCleaner[S0].txt
2015-01-07 00:13 - 2015-01-07 09:07 - 00000000 ____D () C:\AdwCleaner
2015-01-07 00:11 - 2015-01-07 00:11 - 00003760 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\ADW Cleaner ua.txt
2015-01-06 13:02 - 2015-01-07 22:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00013537 _____ () C:\ComboFix.txt
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp
2015-01-06 12:48 - 2013-09-09 23:26 - 00000211 _____ () C:\Boot.bak
2015-01-06 12:48 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2015-01-06 12:47 - 2015-01-06 12:48 - 00000000 _RSHD () C:\cmdcons
2015-01-06 12:45 - 2015-01-06 13:02 - 00000000 ____D () C:\Qoobox
2015-01-06 12:45 - 2015-01-06 13:00 - 00000000 ____D () C:\WINDOWS\erdnt
2015-01-06 12:45 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-06 12:45 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-06 12:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-06 12:36 - 2015-01-06 12:36 - 00006238 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Combofix .txt
2015-01-06 03:01 - 2015-01-06 12:38 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-01-06 03:00 - 2015-01-06 12:38 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Desktop\mbar
2015-01-06 02:26 - 2015-01-06 02:26 - 00001812 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Download RogueKiller from one of the following links and save it.txt
2015-01-06 02:25 - 2015-01-06 02:25 - 00001812 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\ Download RogueKiller from one of the following links and save it .txt
2015-01-06 01:54 - 2015-01-06 01:54 - 00003290 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.zip
2015-01-06 01:43 - 2015-01-06 01:43 - 00002950 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.7z
2015-01-06 01:16 - 2015-01-06 01:16 - 00000106 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\link_techspot.txt
2015-01-06 01:16 - 2015-01-06 01:16 - 00000103 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\link.txt
2015-01-06 01:14 - 2015-01-06 01:14 - 00014005 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.txt
2015-01-06 01:14 - 2015-01-06 01:14 - 00006850 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\dds_editor.txt
2015-01-06 00:52 - 2015-01-06 00:52 - 00014005 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach.txt
2015-01-06 00:52 - 2015-01-06 00:52 - 00006850 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\dds.txt
2015-01-06 00:02 - 2015-01-06 00:02 - 00001088 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Babylon.Unlocker_ScanMWBytes_b.txt
2015-01-05 23:56 - 2015-01-05 23:56 - 00001082 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Babylon.Unlocker_ScanMWB.txt
2014-12-11 01:43 - 2014-12-11 01:44 - 00000000 ___SD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice 4.1.1
2014-12-11 01:43 - 2014-12-11 01:43 - 00000853 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice 4.1.1.lnk
2014-12-11 01:42 - 2014-12-11 01:42 - 00000000 ____D () C:\Programme\OpenOffice 4
2014-12-11 01:26 - 2014-12-11 01:27 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-12-09 23:35 - 2014-12-09 23:36 - 00000000 ____D () C:\Programme\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 19:31 - 2013-11-16 18:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-07 19:29 - 2014-11-23 13:54 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-07 19:22 - 2014-11-24 17:31 - 00007443 _____ () C:\WINDOWS\setupapi.log
2015-01-07 19:05 - 2013-05-30 21:02 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 17:13 - 2013-05-30 18:44 - 01833053 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-07 09:19 - 2013-12-05 20:03 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-07 09:18 - 2014-11-23 01:04 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 09:11 - 2014-04-30 00:31 - 00000222 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2015-01-07 09:11 - 2013-06-10 15:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-07 09:11 - 2013-06-10 15:02 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-07 09:11 - 2013-05-30 21:02 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 09:11 - 2013-05-30 18:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-07 09:11 - 2003-04-02 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-07 09:08 - 2013-06-16 19:31 - 00341462 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-18-0.dat
2015-01-07 09:08 - 2013-06-16 19:31 - 00132910 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-01-07 09:08 - 2013-06-16 15:36 - 00065536 _____ () C:\WINDOWS\system32\config\CaptureL.evt
2015-01-07 09:08 - 2013-05-30 19:06 - 00000190 ___SH () C:\Dokumente und Einstellungen\Admin\ntuser.ini
2015-01-07 09:08 - 2013-05-30 19:06 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin
2015-01-07 09:08 - 2013-05-30 18:49 - 00032478 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-07 00:52 - 2013-05-30 19:05 - 00000000 ____D () C:\Dokumente und Einstellungen\P
2015-01-06 16:37 - 2013-05-31 19:03 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-06 13:02 - 2013-05-30 18:49 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2015-01-06 12:58 - 2003-04-02 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-06 12:56 - 2013-05-30 18:41 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-06 12:48 - 2013-05-30 20:26 - 00000327 __RSH () C:\boot.ini
2015-01-06 03:00 - 2014-11-23 01:03 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-06 02:40 - 2013-05-31 17:06 - 00000190 __SHC () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2015-01-06 02:40 - 2013-05-31 17:06 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2015-01-06 02:27 - 2013-05-30 19:18 - 00019112 ____C () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2015-01-06 01:38 - 2014-10-14 09:52 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Adobe
2015-01-06 01:38 - 2013-11-16 18:23 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-06 01:38 - 2013-11-16 18:23 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-06 01:24 - 2014-04-30 00:31 - 00000216 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2015-01-06 01:20 - 2013-05-31 01:51 - 00000000 ____D () C:\Programme\Biet-O-Matic
2015-01-06 00:58 - 2013-05-30 19:31 - 00000000 ____D () C:\Programme
2015-01-05 21:01 - 2014-11-23 01:03 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 21:01 - 2014-11-23 01:03 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2015-01-05 21:01 - 2014-11-23 01:03 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-12-16 18:35 - 2013-05-30 18:49 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-12-15 01:46 - 2013-05-30 21:34 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-12-15 01:46 - 2013-05-30 19:27 - 00122136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-11 01:43 - 2013-05-30 19:30 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-12-11 01:41 - 2013-05-31 01:09 - 00000000 ____D () C:\Programme\OpenOffice.org 3
2014-12-11 01:37 - 2013-07-16 17:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 01:34 - 2013-05-30 19:31 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Microsoft Shared
2014-12-11 01:16 - 2013-05-31 01:47 - 109818608 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\avgnt.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Ran by Admin (administrator) on COMPUTER-P on 07-01-2015 22:57:40
Running from C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Loaded Profiles: Admin & P (Available profiles: Admin & P & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Programme\HitmanPro.Alert\hmpalert.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Freemake) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Programme\Freemake\CaptureLib\CaptureLibService.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Nokia) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-682003330-764733703-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Programme\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-682003330-764733703-839522115-1004\...\Run: [NokiaSuite.exe] => C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-682003330-764733703-839522115-1004\...\Run: [MSMSGS] => C:\Programme\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-682003330-764733703-839522115-1004\...\Run: [CCleaner Monitoring] => C:\Programme\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-682003330-764733703-839522115-1004\...\MountPoints2: {51c6b2c0-c971-11e2-b820-806d6172696f} - E:\autorun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-682003330-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-682003330-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-682003330-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-682003330-764733703-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/
HKU\S-1-5-21-682003330-764733703-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1369942188984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369942325312
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default
FF Homepage: https://startpage.com/|about:addons|about:healthreport
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\searchplugins\startpagecom.xml
FF Extension: NoScript - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-14]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\m5mbu6qr.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2013-05-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-06]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-06-16]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Programme\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-06-16]
Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-06-13] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Programme\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-06-13] (Ellora Assets Corp.) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-30] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-05-30] (Google Inc.)
R2 hmpalertsvc; C:\Programme\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-23] (SurfRight B.V.)
S2 MBAMScheduler; C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114800 2014-12-09] (Mozilla Foundation)
R3 ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [737616 2013-04-18] (Nokia)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [16877 2013-07-14] (Adaptec) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1373120 2006-06-09] (C-Media Inc)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R2 hmpalert; C:\WINDOWS\System32\drivers\hmpalert.sys [75640 2014-11-23] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [55000 2015-01-06] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-05-30] (Duplex Secure Ltd.)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-10-23] (Avira GmbH)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] () [File not signed]
S3 catchme; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 18:41 - 2015-01-07 18:41 - 00043233 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\FRST_Addition.txt
2015-01-07 18:41 - 2015-01-07 18:41 - 00023182 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\FRST.txt
2015-01-07 18:16 - 2015-01-07 22:57 - 00000000 ____D () C:\FRST
2015-01-07 18:08 - 2015-01-07 18:08 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT_b.txt
2015-01-07 17:49 - 2015-01-07 17:49 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT.txt
2015-01-07 17:41 - 2015-01-07 17:41 - 00000581 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\JRT_a.txt
2015-01-07 17:15 - 2015-01-07 17:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-07 09:18 - 2015-01-07 09:18 - 00001452 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\AdwCleaner[S0].txt
2015-01-07 00:13 - 2015-01-07 09:07 - 00000000 ____D () C:\AdwCleaner
2015-01-07 00:11 - 2015-01-07 00:11 - 00003760 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\ADW Cleaner ua.txt
2015-01-06 13:02 - 2015-01-07 22:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00013537 _____ () C:\ComboFix.txt
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2015-01-06 13:02 - 2015-01-06 13:02 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp
2015-01-06 12:48 - 2013-09-09 23:26 - 00000211 _____ () C:\Boot.bak
2015-01-06 12:48 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2015-01-06 12:47 - 2015-01-06 12:48 - 00000000 _RSHD () C:\cmdcons
2015-01-06 12:45 - 2015-01-06 13:02 - 00000000 ____D () C:\Qoobox
2015-01-06 12:45 - 2015-01-06 13:00 - 00000000 ____D () C:\WINDOWS\erdnt
2015-01-06 12:45 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-06 12:45 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-06 12:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-06 12:45 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-06 12:36 - 2015-01-06 12:36 - 00006238 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Combofix .txt
2015-01-06 03:01 - 2015-01-06 12:38 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-01-06 03:00 - 2015-01-06 12:38 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Desktop\mbar
2015-01-06 02:26 - 2015-01-06 02:26 - 00001812 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Download RogueKiller from one of the following links and save it.txt
2015-01-06 02:25 - 2015-01-06 02:25 - 00001812 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\ Download RogueKiller from one of the following links and save it .txt
2015-01-06 01:54 - 2015-01-06 01:54 - 00003290 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.zip
2015-01-06 01:43 - 2015-01-06 01:43 - 00002950 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.7z
2015-01-06 01:16 - 2015-01-06 01:16 - 00000106 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\link_techspot.txt
2015-01-06 01:16 - 2015-01-06 01:16 - 00000103 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\link.txt
2015-01-06 01:14 - 2015-01-06 01:14 - 00014005 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach_DDS.txt
2015-01-06 01:14 - 2015-01-06 01:14 - 00006850 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\dds_editor.txt
2015-01-06 00:52 - 2015-01-06 00:52 - 00014005 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\attach.txt
2015-01-06 00:52 - 2015-01-06 00:52 - 00006850 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\dds.txt
2015-01-06 00:02 - 2015-01-06 00:02 - 00001088 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Babylon.Unlocker_ScanMWBytes_b.txt
2015-01-05 23:56 - 2015-01-05 23:56 - 00001082 _____ () C:\Dokumente und Einstellungen\Admin\Desktop\Babylon.Unlocker_ScanMWB.txt
2014-12-11 01:43 - 2014-12-11 01:44 - 00000000 ___SD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice 4.1.1
2014-12-11 01:43 - 2014-12-11 01:43 - 00000853 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice 4.1.1.lnk
2014-12-11 01:42 - 2014-12-11 01:42 - 00000000 ____D () C:\Programme\OpenOffice 4
2014-12-11 01:26 - 2014-12-11 01:27 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-12-09 23:35 - 2014-12-09 23:36 - 00000000 ____D () C:\Programme\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 19:31 - 2013-11-16 18:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-07 19:29 - 2014-11-23 13:54 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-07 19:22 - 2014-11-24 17:31 - 00007443 _____ () C:\WINDOWS\setupapi.log
2015-01-07 19:05 - 2013-05-30 21:02 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 17:13 - 2013-05-30 18:44 - 01833053 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-07 09:19 - 2013-12-05 20:03 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-07 09:18 - 2014-11-23 01:04 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 09:11 - 2014-04-30 00:31 - 00000222 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2015-01-07 09:11 - 2013-06-10 15:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-07 09:11 - 2013-06-10 15:02 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-07 09:11 - 2013-05-30 21:02 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 09:11 - 2013-05-30 18:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-07 09:11 - 2003-04-02 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-07 09:08 - 2013-06-16 19:31 - 00341462 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-18-0.dat
2015-01-07 09:08 - 2013-06-16 19:31 - 00132910 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-01-07 09:08 - 2013-06-16 15:36 - 00065536 _____ () C:\WINDOWS\system32\config\CaptureL.evt
2015-01-07 09:08 - 2013-05-30 19:06 - 00000190 ___SH () C:\Dokumente und Einstellungen\Admin\ntuser.ini
2015-01-07 09:08 - 2013-05-30 19:06 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin
2015-01-07 09:08 - 2013-05-30 18:49 - 00032478 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-07 00:52 - 2013-05-30 19:05 - 00000000 ____D () C:\Dokumente und Einstellungen\P
2015-01-06 16:37 - 2013-05-31 19:03 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-06 13:02 - 2013-05-30 18:49 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2015-01-06 12:58 - 2003-04-02 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-06 12:56 - 2013-05-30 18:41 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-06 12:48 - 2013-05-30 20:26 - 00000327 __RSH () C:\boot.ini
2015-01-06 03:00 - 2014-11-23 01:03 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-06 02:40 - 2013-05-31 17:06 - 00000190 __SHC () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2015-01-06 02:40 - 2013-05-31 17:06 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2015-01-06 02:27 - 2013-05-30 19:18 - 00019112 ____C () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2015-01-06 01:38 - 2014-10-14 09:52 - 00000000 ____D () C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Adobe
2015-01-06 01:38 - 2013-11-16 18:23 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-06 01:38 - 2013-11-16 18:23 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-06 01:24 - 2014-04-30 00:31 - 00000216 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2015-01-06 01:20 - 2013-05-31 01:51 - 00000000 ____D () C:\Programme\Biet-O-Matic
2015-01-06 00:58 - 2013-05-30 19:31 - 00000000 ____D () C:\Programme
2015-01-05 21:01 - 2014-11-23 01:03 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 21:01 - 2014-11-23 01:03 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2015-01-05 21:01 - 2014-11-23 01:03 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-12-16 18:35 - 2013-05-30 18:49 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-12-15 01:46 - 2013-05-30 21:34 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-12-15 01:46 - 2013-05-30 19:27 - 00122136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-11 01:43 - 2013-05-30 19:30 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-12-11 01:41 - 2013-05-31 01:09 - 00000000 ____D () C:\Programme\OpenOffice.org 3
2014-12-11 01:37 - 2013-07-16 17:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 01:34 - 2013-05-30 19:31 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Microsoft Shared
2014-12-11 01:16 - 2013-05-31 01:47 - 109818608 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\avgnt.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
QuestionGhost
Posts: 72 +0
Did it work? I'm not sure about the fixlist.txt, it is in the same "download" file / directory as the FRST program. FRST64 did not work on my computer, so I used the one that I used before (must be 32, then, I guess).
QuestionGhost
Posts: 72 +0
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Admin at 2015-01-07 23:34:02 Run:1
Running from C:\Dokumente und Einstellungen\Admin\Desktop
Loaded Profiles: Admin & P (Available profiles: Admin & P & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-682003330-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\avgnt.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\sqlite3.dll
*****************
"HKU\S-1-5-21-682003330-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
catchme => Service deleted successfully.
IntelIde => Service deleted successfully.
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\avgnt.exe => Moved successfully.
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\Quarantine.exe => Moved successfully.
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\sqlite3.dll => Moved successfully.
==== End of Fixlog 23:34:03 ====
Ran by Admin at 2015-01-07 23:34:02 Run:1
Running from C:\Dokumente und Einstellungen\Admin\Desktop
Loaded Profiles: Admin & P (Available profiles: Admin & P & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-682003330-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\avgnt.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\sqlite3.dll
*****************
"HKU\S-1-5-21-682003330-764733703-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
catchme => Service deleted successfully.
IntelIde => Service deleted successfully.
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\avgnt.exe => Moved successfully.
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\Quarantine.exe => Moved successfully.
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\sqlite3.dll => Moved successfully.
==== End of Fixlog 23:34:03 ====
Broni
Posts: 56,041 +516
Good 
Last scans...
Download Security Check from here or here and save it to your Desktop.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Download Sophos Free Virus Removal Tool and save it to your desktop.
Last scans...
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
- Double click the icon and select Run
- Click Next
- Select I accept the terms in this license agreement, then click Next twice
- Click Install
- Click Finish to launch the program
- Once the virus database has been updated click Start Scanning
- If any threats are found click Details, then View log file... (bottom left hand corner)
- Copy and paste the results in your reply
- Close the Notepad document, close the Threat Details screen, then click Start cleanup
- Click Exit to close the program
QuestionGhost
Posts: 72 +0
Right, I misinterpreted "save to your desktop" (desktop sometimes just means "desktop computer"). Better now?
QuestionGhost
Posts: 72 +0
"Security Check" seems currently not availlable - both links take too long to answer: "the server screen317.spywareinfoforum.org/ takes too long to answer"
