| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Web- Browser können nicht geöffnet werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.08.2014, 18:05
| #1 |
| |  Web- Browser können nicht geöffnet werden Hallo an alle Mitglieder im Forum, es ist das erstemal in diesem Forum. Mein Problem: Nachdem ich nach 2 Wochen vom Urlaub gekommen bin, konnte ich keinen Web- Browser von der Leiste oder über Start öffnen. Vorher ging es problemlos, dieses Problem habe ich das erstemal. Einzigen Weg habe ich über Systemsteuerung und dann Windows update gefunden, dann kann ich IE starten. Jedesmal wenn ich Chromo, Firefox, oder IE anklicke steigt meine CPU Auslastung auf 100 %; ganz oben ist dann der angeklickte Browser mit über 90%. Ich habe versucht mit Malwarebytes und Spyboat Spam zu entfernen, es hat nicht geholfen. Seid mir nicht böse, ich habe keine Ahnung, was könnte ich weiter unternehmen ? Vielen Dank für Ihre Hilfe, bitte belehren, ich komme alleine nicht weiter. Gruß |
|
25.08.2014, 18:15
| #2 |
| /// the machine /// TB-Ausbilder    | Web- Browser können nicht geöffnet werden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
25.08.2014, 19:14
| #3 |
| | Web- Browser können nicht geöffnet werden FRST EDITOR:
__________________Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03 Ran by mark (administrator) on MARK-130D3DECD0 on 25-08-2014 19:30:51 Running from C:\Dokumente und Einstellungen\mark\Desktop Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgcsrvx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Intel Corporation) C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (brother Industries Ltd) C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE () C:\Programme\Movies Toolbar\SafetyNut\SafetyNutManager.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe () C:\Programme\Movies Toolbar\SafetyNut\SafetyNutManager.exe (TuneUp Software) C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (TuneUp Software) C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (Microsoft Corporation) C:\Programme\Internet Explorer\IEXPLORE.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AzMixerSel] => C:\Programme\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.) HKLM\...\Run: [ATICCC] => C:\Programme\ATI Technologies\ATI.ACE\cli.exe [57344 2005-08-31] (ATI Technologies Inc.) HKLM\...\Run: [LogitechVideoRepair] => C:\Programme\Logitech\Video\ISStart.exe [458752 2005-01-19] (Labtec Inc.) HKLM\...\Run: [LogitechVideoTray] => C:\Programme\Logitech\Video\LogiTray.exe [217088 2005-01-19] (Labtec Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM\...\Run: [PDFPrint] => C:\Programme\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM\...\Run: [] => [X] HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\IntelWireless: C:\Programme\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-746137067-1532298954-682003330-1004\...\MountPoints2: E - E:\setupSNK.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\bttray.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cli.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\cltmngsvc.exe: [Debugger] IFEO\configwizards.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\excel.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\javaw.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\javaws.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\msoxmled.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\mstore.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\offdiag.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\ois.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\onenote.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\onenotem.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\pdf24-creator.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\pdf24-fax.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\powerpnt.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\winword.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\wizard.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ATI CATALYST-Infobereich.lnk ShortcutTarget: ATI CATALYST-Infobereich.lnk -> C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) HKLM\...\AppCertDlls: [x64] -> c:\programme\movies toolbar\safetynut\x64\safetycrt.dll HKLM\...\AppCertDlls: [x86] -> C:\Programme\Movies Toolbar\SafetyNut\safetycrt.dll [489680 2014-07-03] () BootExecute: autocheck autochk * sdnclean.exeC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: localhost:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL} SearchScopes: HKCU - {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1408907716203 Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default FF Homepage: hxxp://google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default\user.js FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-04] FF Extension: No Name - C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [] Chrome: ======= CHR HomePage: https://www.google.de/ CHR RestoreOnStartup: "hxxp://google.com/" CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefi xUrl}{google  ageClassification}sugkey={google:suggestAPIKeyParameter}CHR Extension: (Google Docs) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23] CHR Extension: (Google Drive) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23] CHR Extension: (YouTube) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23] CHR Extension: (Google-Suche) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23] CHR Extension: (Google Wallet) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23] CHR Extension: (Google Mail) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2003-02-20] (Microsoft Corporation) [File not signed] R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2001-11-23] (brother Industries Ltd) S4 btwdins; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [258103 2005-09-06] (Broadcom Corporation.) [File not signed] S4 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [86016 2004-10-15] (Intel Corporation) [File not signed] S4 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-09-23] (Google Inc.) S4 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-09-23] (Google Inc.) S4 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2013-12-02] (Oracle Corporation) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-07-17] (Mozilla Foundation) S4 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) S4 OwnershipProtocol; C:\Programme\Intel\Wireless\Bin\OProtSvc.exe [98304 2004-10-15] (Intel Corporation) [File not signed] S4 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-10-15] (Intel Corporation) [File not signed] S4 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-10-15] (Intel Corporation ) [File not signed] R2 SafetyNutManager; C:\Programme\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3573456 2014-07-03] () [File not signed] R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies) R2 TuneUp.UtilitiesSvc; C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1731896 2014-01-28] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17119 2014-04-13] (Meetinghouse Data Communications) [File not signed] S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-01-19] (Creative) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed] R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1342138 2005-09-06] (Broadcom Corporation.) [File not signed] R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2005-09-06] (Broadcom Corporation.) [File not signed] R2 BTSLBCSP; C:\WINDOWS\system32\drivers\btslbcsp.sys [222876 2005-09-06] (Broadcom Corporation.) [File not signed] R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [56648 2005-09-06] (Broadcom Corporation.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Programme\Movies Toolbar\SafetyNut\configmgrc2.cfg [34384 2014-07-03] () [File not signed] U0 fwasqjg; C:\WINDOWS\System32\drivers\bpxxhtt.sys [52440 2014-08-25] (Malwarebytes Corporation) S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider) R1 Hotkey; C:\WINDOWS\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed] R3 IWCA; C:\WINDOWS\System32\DRIVERS\iwca.sys [234496 2004-08-12] (Intel Corporation) S3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-01-19] (Labtec Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-01-19] (Creative Technology Ltd.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation) S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-10-15] (Intel Corporation) [File not signed] S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] () R3 TuneUpUtilitiesDrv; C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software) R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3222784 2004-10-29] (Intel® Corporation) S1 mailKmd; No ImagePath S1 Wbutton; \SystemRoot\system32\drivers\Wbutton.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 19:30 - 2014-08-25 19:31 - 00019730 _____ () C:\Dokumente und Einstellungen\mark\Desktop\FRST.txt 2014-08-25 19:30 - 2014-08-25 19:30 - 01095168 _____ (Farbar) C:\Dokumente und Einstellungen\mark\Desktop\FRST.exe 2014-08-25 19:30 - 2014-08-25 19:30 - 00000000 ____D () C:\FRST 2014-08-25 19:20 - 2014-08-25 19:20 - 05487016 _____ (Microsoft Corporation) C:\Dokumente und Einstellungen\mark\Desktop\Windows8-UpgradeAssistant.exe 2014-08-25 17:55 - 2014-08-25 17:55 - 00063856 _____ () C:\Dokumente und Einstellungen\mark\Desktop\OTL.Txt 2014-08-25 17:55 - 2014-08-25 17:55 - 00039120 _____ () C:\Dokumente und Einstellungen\mark\Desktop\Extras.Txt 2014-08-25 17:47 - 2014-08-25 17:47 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\mark\Desktop\OTL.exe 2014-08-25 17:43 - 2014-08-25 17:43 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\bpxxhtt.sys 2014-08-25 17:42 - 2014-08-25 17:42 - 00128240 _____ () C:\Dokumente und Einstellungen\mark\Desktop\scan.xml 2014-08-25 17:27 - 2014-08-25 17:28 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-25 17:26 - 2014-08-25 17:26 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2014-08-25 17:26 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-25 17:26 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-08-25 17:25 - 2014-08-25 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Programme\mbam-setup-2[1].0.2.1012.exe 2014-08-25 16:49 - 2014-08-25 16:51 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Temp 2014-08-25 16:49 - 2014-08-25 16:49 - 00001777 _____ () C:\Dokumente und Einstellungen\Gast\Desktop\Google Chrome.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00001599 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Remoteunterstützung.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000772 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Windows Media Player.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000747 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Internet Explorer.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000718 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Outlook Express.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000020 ___SH () C:\Dokumente und Einstellungen\Gast\ntuser.ini 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___SD () C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Verlauf 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Zubehör 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Eigene Musik 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Eigene Bilder 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Intel 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast 2014-08-25 16:49 - 2013-09-22 23:13 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Autostart 2014-08-25 16:49 - 2013-09-22 23:13 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü 2014-08-25 16:49 - 2013-09-22 23:13 - 00000000 ___HD () C:\Dokumente und Einstellungen\Gast\Netzwerkumgebung 2014-08-25 16:49 - 2013-09-22 23:13 - 00000000 ___HD () C:\Dokumente und Einstellungen\Gast\Druckumgebung 2014-08-24 22:08 - 2014-08-24 22:08 - 00000702 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk 2014-08-24 22:08 - 2014-08-24 22:08 - 00000696 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk 2014-08-24 22:08 - 2014-08-24 22:08 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service 2014-08-24 22:07 - 2014-08-24 22:07 - 32047680 _____ () C:\Programme\firefox_setup_31.0.exe 2014-08-24 21:38 - 2014-08-02 15:32 - 00450699 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140824-213840.backup 2014-08-24 21:14 - 2014-08-24 21:14 - 00000000 ___SD () C:\Dokumente und Einstellungen\mark\UserData 2014-08-07 21:31 - 2014-08-07 21:39 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Desktop\Neuer Ordner (3) 2014-08-07 21:24 - 2014-08-07 21:25 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Desktop\28.07.2014 2014-08-02 15:32 - 2014-05-31 13:50 - 00450699 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140802-153239.backup ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 19:31 - 2014-08-25 19:30 - 00019730 _____ () C:\Dokumente und Einstellungen\mark\Desktop\FRST.txt 2014-08-25 19:31 - 2013-09-22 22:30 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Temp 2014-08-25 19:30 - 2014-08-25 19:30 - 01095168 _____ (Farbar) C:\Dokumente und Einstellungen\mark\Desktop\FRST.exe 2014-08-25 19:30 - 2014-08-25 19:30 - 00000000 ____D () C:\FRST 2014-08-25 19:20 - 2014-08-25 19:20 - 05487016 _____ (Microsoft Corporation) C:\Dokumente und Einstellungen\mark\Desktop\Windows8-UpgradeAssistant.exe 2014-08-25 19:10 - 2013-09-22 22:23 - 00415749 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-25 18:56 - 2014-01-05 13:44 - 00000896 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-25 18:09 - 2013-10-27 14:12 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office 2014-08-25 18:09 - 2013-10-27 14:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2014-08-25 17:55 - 2014-08-25 17:55 - 00063856 _____ () C:\Dokumente und Einstellungen\mark\Desktop\OTL.Txt 2014-08-25 17:55 - 2014-08-25 17:55 - 00039120 _____ () C:\Dokumente und Einstellungen\mark\Desktop\Extras.Txt 2014-08-25 17:47 - 2014-08-25 17:47 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\mark\Desktop\OTL.exe 2014-08-25 17:43 - 2014-08-25 17:43 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\bpxxhtt.sys 2014-08-25 17:43 - 2013-11-11 19:07 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert 2014-08-25 17:43 - 2013-09-23 00:05 - 00000000 ____D () C:\WINDOWS\pchealth 2014-08-25 17:43 - 2013-09-22 23:14 - 00000000 ___RD () C:\Programme 2014-08-25 17:42 - 2014-08-25 17:42 - 00128240 _____ () C:\Dokumente und Einstellungen\mark\Desktop\scan.xml 2014-08-25 17:28 - 2014-08-25 17:27 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-25 17:26 - 2014-08-25 17:26 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2014-08-25 17:26 - 2014-08-25 17:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Programme\mbam-setup-2[1].0.2.1012.exe 2014-08-25 17:26 - 2013-09-22 23:13 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme 2014-08-25 17:18 - 2014-01-20 10:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-08-25 17:18 - 2014-01-20 10:38 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-08-25 17:18 - 2013-11-24 16:10 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2014-08-25 17:17 - 2013-09-22 22:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-25 17:05 - 2014-04-13 17:44 - 00025617 _____ () C:\WINDOWS\ocgen.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00024630 _____ () C:\WINDOWS\FaxSetup.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00014148 _____ () C:\WINDOWS\tsoc.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00009601 _____ () C:\WINDOWS\comsetup.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00007664 _____ () C:\WINDOWS\ntdtcsetup.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00003037 _____ () C:\WINDOWS\iis6.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00001917 _____ () C:\WINDOWS\imsins.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00001917 _____ () C:\WINDOWS\imsins.BAK 2014-08-25 17:05 - 2014-04-13 17:44 - 00001823 _____ () C:\WINDOWS\ocmsn.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00001544 _____ () C:\WINDOWS\msgsocm.log 2014-08-25 17:05 - 2014-04-07 14:35 - 00097870 _____ () C:\WINDOWS\setupapi.log 2014-08-25 16:51 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Temp 2014-08-25 16:49 - 2014-08-25 16:49 - 00001777 _____ () C:\Dokumente und Einstellungen\Gast\Desktop\Google Chrome.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00001599 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Remoteunterstützung.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000772 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Windows Media Player.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000747 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Internet Explorer.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000718 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Outlook Express.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000020 ___SH () C:\Dokumente und Einstellungen\Gast\ntuser.ini 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___SD () C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Verlauf 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Zubehör 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Eigene Musik 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Eigene Bilder 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Intel 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast 2014-08-25 16:40 - 2013-09-22 22:30 - 00000747 _____ () C:\Dokumente und Einstellungen\mark\Startmenü\Programme\Internet Explorer.lnk 2014-08-25 16:40 - 2013-09-22 22:30 - 00000718 _____ () C:\Dokumente und Einstellungen\mark\Startmenü\Programme\Outlook Express.lnk 2014-08-25 16:22 - 2013-09-23 17:45 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Skype 2014-08-25 16:15 - 2013-10-23 22:27 - 00002347 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk 2014-08-25 16:15 - 2013-10-23 22:27 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Adobe 2014-08-25 16:11 - 2013-09-27 19:20 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2014-08-25 07:33 - 2014-01-19 23:16 - 00032440 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-25 07:33 - 2013-10-27 15:56 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-08-25 07:33 - 2013-09-28 15:47 - 00131072 _____ () C:\WINDOWS\system32\config\TuneUp.evt 2014-08-25 07:32 - 2013-09-22 22:30 - 00000190 ___SH () C:\Dokumente und Einstellungen\mark\ntuser.ini 2014-08-24 22:08 - 2014-08-24 22:08 - 00000702 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk 2014-08-24 22:08 - 2014-08-24 22:08 - 00000696 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk 2014-08-24 22:08 - 2014-08-24 22:08 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service 2014-08-24 22:08 - 2014-07-23 20:23 - 00000000 ____D () C:\Programme\Mozilla Firefox 2014-08-24 22:07 - 2014-08-24 22:07 - 32047680 _____ () C:\Programme\firefox_setup_31.0.exe 2014-08-24 21:14 - 2014-08-24 21:14 - 00000000 ___SD () C:\Dokumente und Einstellungen\mark\UserData 2014-08-24 21:14 - 2013-09-22 22:30 - 00000000 ____D () C:\Dokumente und Einstellungen\mark 2014-08-24 21:03 - 2013-09-22 23:14 - 00897954 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-24 12:53 - 2004-08-04 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-07 21:39 - 2014-08-07 21:31 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Desktop\Neuer Ordner (3) 2014-08-07 21:25 - 2014-08-07 21:24 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Desktop\28.07.2014 2014-08-06 16:45 - 2013-11-02 19:44 - 00001604 _____ () C:\WINDOWS\wininit.ini 2014-08-02 15:33 - 2013-10-27 15:55 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2 2014-08-02 15:32 - 2014-08-24 21:38 - 00450699 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140824-213840.backup ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ADDITION editor: Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 03 Ran by mark at 2014-08-25 19:31:55 Running from C:\Dokumente und Einstellungen\mark\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) ATI - Dienstprogramm zur Deinstallation der Software (HKLM\...\All ATI Software) (Version: 6.14.10.1013 - ) ATI Catalyst Control Center (HKLM\...\{53C38B64-91AC-42CB-AAEB-699E1F32AB5F}) (Version: 1.2.2068.42622 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.172-050830a1-026240C - ) AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden Brother 1450 (HKLM\...\Brother 1450) (Version: - ) DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC) Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg) Google Chrome (HKLM\...\Google Chrome) (Version: 30.0.1599.101 - Google Inc.) Google Earth Plug-in (HKLM\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (Version: 1.3.21.165 - Google Inc.) Hidden Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kabel Deutschland Installations-Software (Version: 3.6.0.0 - Kabel Deutschland Vertrieb und Services GmbH) Hidden Labtec WebCam-Software (HKLM\...\{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}) (Version: 8.43.0000 - Labtec, Inc.) Labtec® Camera-Treiber (HKLM\...\QcDrv) (Version: - ) Launch Manager V1.2.4 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: - ) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) mCore (Version: 1.23.0000 - Intel Corporation) Hidden mDriver (Version: 1.23.0000 - Intel) Hidden mDrWiFi (Version: 1.23.0000 - Intel Corporation) Hidden mEoU.msi (Version: 1.23.0000 - Intel Corporation) Hidden mHelp (Version: 1.23.0000 - Intel) Hidden Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden mIWA (Version: 1.23.0000 - Intel Corporation) Hidden mIWCA (Version: 1.23.0000 - Intel Corporation) Hidden mLogView (Version: 1.23.0000 - Intel Corporation) Hidden mMHouse (Version: 1.23.0000 - Intel Corporation) Hidden Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) mPfMgr (Version: 1.23.0000 - Intel Corporation) Hidden mPfWiz (Version: 1.23.0000 - Intel Corporation) Hidden mProSafe (Version: 9.00.0000 - Intel) Hidden MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation) mWlsSafe (Version: 9.00.0000 - Intel) Hidden mXML (Version: 1.23.0000 - Intel Corporation) Hidden mZConfig (Version: 1.23.0000 - Intel Corporation) Hidden Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version: - ) PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7106 - Realtek Semiconductor Corp.) Skype™ 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.1.6.0 - Synaptics) Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{425ECED4-23ED-4E05-A88A-B59700DAF2AD}) (Version: 1.04.0000 - Texas Instruments Inc.) TIxx21/x515 (Version: 1.04.0000 - Texas Instruments Inc.) Hidden TuneUp Utilities 2013 (HKLM\...\TuneUp Utilities 2013) (Version: 13.0.4000.245 - TuneUp Software) TuneUp Utilities 2013 (Version: 13.0.4000.245 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.245 - TuneUp Software) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 4.0.1.2800 - WIDCOMM, Inc.) Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-05-2014 17:28:23 Systemprüfpunkt 31-05-2014 11:56:42 Systemprüfpunkt 02-06-2014 14:07:47 Systemprüfpunkt 04-06-2014 08:00:29 Systemprüfpunkt 05-06-2014 15:23:29 Systemprüfpunkt 10-06-2014 13:45:59 Systemprüfpunkt 11-06-2014 15:13:32 Systemprüfpunkt 12-06-2014 16:45:52 Systemprüfpunkt 16-06-2014 14:43:54 Systemprüfpunkt 18-06-2014 14:56:44 Systemprüfpunkt 20-06-2014 09:58:01 Systemprüfpunkt 23-06-2014 05:16:08 Systemprüfpunkt 25-06-2014 09:56:09 Systemprüfpunkt 26-06-2014 10:24:20 Systemprüfpunkt 27-06-2014 15:55:51 Systemprüfpunkt 02-07-2014 08:48:03 Systemprüfpunkt 03-07-2014 09:41:51 Systemprüfpunkt 04-07-2014 11:30:44 Systemprüfpunkt 08-07-2014 17:53:47 Systemprüfpunkt 10-07-2014 19:04:04 Systemprüfpunkt 15-07-2014 07:55:42 Systemprüfpunkt 16-07-2014 11:27:24 Systemprüfpunkt 17-07-2014 16:03:50 Systemprüfpunkt 18-07-2014 17:50:53 Systemprüfpunkt 20-07-2014 13:34:34 Systemprüfpunkt 21-07-2014 18:22:12 Systemprüfpunkt 22-07-2014 18:34:52 Systemprüfpunkt 24-07-2014 05:49:42 Systemprüfpunkt 25-07-2014 15:26:50 Systemprüfpunkt 26-07-2014 15:47:12 Systemprüfpunkt 28-07-2014 08:00:13 Systemprüfpunkt 29-07-2014 14:53:42 Systemprüfpunkt 30-07-2014 16:14:04 Systemprüfpunkt 01-08-2014 09:18:58 Systemprüfpunkt 02-08-2014 11:12:58 Systemprüfpunkt 03-08-2014 11:27:50 Systemprüfpunkt 05-08-2014 05:16:08 Systemprüfpunkt 06-08-2014 05:57:24 Systemprüfpunkt 07-08-2014 13:11:22 Systemprüfpunkt 07-08-2014 19:27:37 Configured Microsoft Office Home and Student 2007 07-08-2014 19:33:18 Configured Microsoft Office Home and Student 2007 24-08-2014 11:10:33 Systemprüfpunkt 25-08-2014 16:04:25 Configured Microsoft Office Home and Student 2007 25-08-2014 16:06:00 Configured Microsoft Office Home and Student 2007 25-08-2014 16:07:40 Configured Microsoft Office Home and Student 2007 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-04 14:00 - 2014-08-24 21:38 - 00450699 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 Domain suspended 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 [¹ã³¡ÎèÀÏÆÅ×î´óÇ¡Ç¡,¹ã³¡ÎèÃñ×åÎè,ÔÆÉѹ㳡ÎèÌÒ»¨ÔËÇ¡Ç¡],2014Ê×Ò³ 127.0.0.1 032439.com 127.0.0.1 0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com - Informationen zum Thema 1001namen. Diese Website steht zum Verkauf! 127.0.0.1 100888290cs.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 Gadgets And More 127.0.0.1 1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDScan.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-11 19:06 - 2014-07-03 16:38 - 00489680 _____ () C:\Programme\Movies Toolbar\SafetyNut\safetycrt.dll 2013-11-11 19:06 - 2014-07-03 16:38 - 03573456 _____ () C:\Programme\Movies Toolbar\SafetyNut\SafetyNutManager.exe 2013-11-11 19:06 - 2014-07-03 16:38 - 00019664 _____ () C:\Programme\Movies Toolbar\SafetyNut\safetyldr.dll 2013-11-24 16:09 - 2012-08-23 11:38 - 00574840 _____ () C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll 2013-11-24 16:09 - 2013-05-16 11:55 - 00113496 _____ () C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-11-24 16:09 - 2013-05-16 11:55 - 00416600 _____ () C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl 2013-11-24 16:09 - 2013-05-16 11:55 - 00161112 _____ () C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-11-24 16:09 - 2012-04-03 18:06 - 00565640 _____ () C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-01-28 10:37 - 2014-01-28 10:37 - 00607032 _____ () C:\Programme\TuneUp Utilities 2013\avgreplibx.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Modem Device on High Definition Audio Bus Description: Modem Device on High Definition Audio Bus Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: RF receiver Description: RF receiver Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/25/2014 07:14:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul , Version 0.0.0.0, Fehleradresse 0x00000000. Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet. Error: (08/25/2014 05:38:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Stillstehende Anwendung IEXPLORE.EXE, Version 6.0.2900.2180, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (08/25/2014 05:37:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul mshtml.dll, Version 6.0.2900.2180, Fehleradresse 0x0008efeb. Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet. Error: (08/25/2014 05:04:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul mshtml.dll, Version 6.0.2900.2180, Fehleradresse 0x0008efeb. Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet. Error: (08/25/2014 06:55:51 AM) (Source: Application Hang) (EventID: 1001) (User: ) Description: Fehlerhafter Speicherbereich 126833367. Error: (08/25/2014 06:55:46 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Stillstehende Anwendung HelpCtr.exe, Version 5.1.2600.2180, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (08/07/2014 09:39:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x01ad0fef. Das medienspezifische Ereignis für [explorer.exe!ws!] wird verarbeitet. Error: (08/07/2014 09:27:40 PM) (Source: MsiInstaller) (EventID: 11500) (User: MARK-130D3DECD0) Description: Produkt: Microsoft Office Home and Student 2007 -- Fehler 1500.Zurzeit wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation abschließen, bevor Sie diese Installation fortsetzen können. Error: (08/05/2014 06:33:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung plugin-container.exe, Version 31.0.0.5310, fehlgeschlagenes Modul mozalloc.dll, Version 31.0.0.5310, Fehleradresse 0x0000141b. Das medienspezifische Ereignis für [plugin-container.exe!ws!] wird verarbeitet. Error: (08/05/2014 06:32:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Stillstehende Anwendung firefox.exe, Version 31.0.0.5310, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. System errors: ============= Error: (08/25/2014 05:18:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/25/2014 05:18:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error: (08/25/2014 04:58:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/25/2014 04:58:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Microsoft Office Sessions: ========================= Error: (06/23/2014 00:40:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 211285 seconds with 3540 seconds of active time. This session ended with a crash. Error: (06/06/2014 07:22:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2780 seconds with 120 seconds of active time. This session ended with a crash. Error: (05/06/2014 09:47:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 221 seconds with 120 seconds of active time. This session ended with a crash. Error: (05/06/2014 09:43:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3484 seconds with 480 seconds of active time. This session ended with a crash. Error: (05/06/2014 08:40:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 93 seconds with 60 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) M processor 1.73GHz Percentage of memory in use: 54% Total physical RAM: 1022.42 MB Available physical RAM: 466.79 MB Total Pagefile: 2459.21 MB Available Pagefile: 1866.14 MB Total Virtual: 2047.88 MB Available Virtual: 1933.69 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:47.28 GB) (Free:29.75 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (BACKUP) (Fixed) (Total:34.15 GB) (Free:31.35 GB) NTFS Drive e: (RECOVER) (Fixed) (Total:11.69 GB) (Free:3.89 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 93.2 GB) (Disk ID: 42A442A4) Partition 1: (Active) - (Size=47.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=45.9 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=24 MB) - (Type=12) Danke FRST EDITOR: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03 Ran by mark (administrator) on MARK-130D3DECD0 on 25-08-2014 19:30:51 Running from C:\Dokumente und Einstellungen\mark\Desktop Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgcsrvx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Intel Corporation) C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (brother Industries Ltd) C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE () C:\Programme\Movies Toolbar\SafetyNut\SafetyNutManager.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe () C:\Programme\Movies Toolbar\SafetyNut\SafetyNutManager.exe (TuneUp Software) C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (TuneUp Software) C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (Microsoft Corporation) C:\Programme\Internet Explorer\IEXPLORE.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AzMixerSel] => C:\Programme\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.) HKLM\...\Run: [ATICCC] => C:\Programme\ATI Technologies\ATI.ACE\cli.exe [57344 2005-08-31] (ATI Technologies Inc.) HKLM\...\Run: [LogitechVideoRepair] => C:\Programme\Logitech\Video\ISStart.exe [458752 2005-01-19] (Labtec Inc.) HKLM\...\Run: [LogitechVideoTray] => C:\Programme\Logitech\Video\LogiTray.exe [217088 2005-01-19] (Labtec Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM\...\Run: [PDFPrint] => C:\Programme\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM\...\Run: [] => [X] HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\IntelWireless: C:\Programme\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-746137067-1532298954-682003330-1004\...\MountPoints2: E - E:\setupSNK.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\bttray.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cli.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\cltmngsvc.exe: [Debugger] IFEO\configwizards.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\excel.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\javaw.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\javaws.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\msoxmled.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\mstore.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\offdiag.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\ois.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\onenote.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\onenotem.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\pdf24-creator.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\pdf24-fax.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\powerpnt.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\winword.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\wizard.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ATI CATALYST-Infobereich.lnk ShortcutTarget: ATI CATALYST-Infobereich.lnk -> C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) HKLM\...\AppCertDlls: [x64] -> c:\programme\movies toolbar\safetynut\x64\safetycrt.dll HKLM\...\AppCertDlls: [x86] -> C:\Programme\Movies Toolbar\SafetyNut\safetycrt.dll [489680 2014-07-03] () BootExecute: autocheck autochk * sdnclean.exeC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: localhost:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL} SearchScopes: HKCU - {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1408907716203 Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default FF Homepage: hxxp://google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default\user.js FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-04] FF Extension: No Name - C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [] Chrome: ======= CHR HomePage: https://www.google.de/ CHR RestoreOnStartup: "hxxp://google.com/" CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefi xUrl}{google ageClassification}sugkey={google:suggestAPIKeyParameter}CHR Extension: (Google Docs) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23] CHR Extension: (Google Drive) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23] CHR Extension: (YouTube) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23] CHR Extension: (Google-Suche) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23] CHR Extension: (Google Wallet) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23] CHR Extension: (Google Mail) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2003-02-20] (Microsoft Corporation) [File not signed] R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2001-11-23] (brother Industries Ltd) S4 btwdins; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [258103 2005-09-06] (Broadcom Corporation.) [File not signed] S4 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [86016 2004-10-15] (Intel Corporation) [File not signed] S4 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-09-23] (Google Inc.) S4 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-09-23] (Google Inc.) S4 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2013-12-02] (Oracle Corporation) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-07-17] (Mozilla Foundation) S4 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) S4 OwnershipProtocol; C:\Programme\Intel\Wireless\Bin\OProtSvc.exe [98304 2004-10-15] (Intel Corporation) [File not signed] S4 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-10-15] (Intel Corporation) [File not signed] S4 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-10-15] (Intel Corporation ) [File not signed] R2 SafetyNutManager; C:\Programme\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3573456 2014-07-03] () [File not signed] R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies) R2 TuneUp.UtilitiesSvc; C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1731896 2014-01-28] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17119 2014-04-13] (Meetinghouse Data Communications) [File not signed] S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-01-19] (Creative) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed] R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [1342138 2005-09-06] (Broadcom Corporation.) [File not signed] R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2005-09-06] (Broadcom Corporation.) [File not signed] R2 BTSLBCSP; C:\WINDOWS\system32\drivers\btslbcsp.sys [222876 2005-09-06] (Broadcom Corporation.) [File not signed] R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [56648 2005-09-06] (Broadcom Corporation.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Programme\Movies Toolbar\SafetyNut\configmgrc2.cfg [34384 2014-07-03] () [File not signed] U0 fwasqjg; C:\WINDOWS\System32\drivers\bpxxhtt.sys [52440 2014-08-25] (Malwarebytes Corporation) S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider) R1 Hotkey; C:\WINDOWS\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed] R3 IWCA; C:\WINDOWS\System32\DRIVERS\iwca.sys [234496 2004-08-12] (Intel Corporation) S3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-01-19] (Labtec Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-01-19] (Creative Technology Ltd.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation) S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-10-15] (Intel Corporation) [File not signed] S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] () R3 TuneUpUtilitiesDrv; C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software) R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3222784 2004-10-29] (Intel® Corporation) S1 mailKmd; No ImagePath S1 Wbutton; \SystemRoot\system32\drivers\Wbutton.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 19:30 - 2014-08-25 19:31 - 00019730 _____ () C:\Dokumente und Einstellungen\mark\Desktop\FRST.txt 2014-08-25 19:30 - 2014-08-25 19:30 - 01095168 _____ (Farbar) C:\Dokumente und Einstellungen\mark\Desktop\FRST.exe 2014-08-25 19:30 - 2014-08-25 19:30 - 00000000 ____D () C:\FRST 2014-08-25 19:20 - 2014-08-25 19:20 - 05487016 _____ (Microsoft Corporation) C:\Dokumente und Einstellungen\mark\Desktop\Windows8-UpgradeAssistant.exe 2014-08-25 17:55 - 2014-08-25 17:55 - 00063856 _____ () C:\Dokumente und Einstellungen\mark\Desktop\OTL.Txt 2014-08-25 17:55 - 2014-08-25 17:55 - 00039120 _____ () C:\Dokumente und Einstellungen\mark\Desktop\Extras.Txt 2014-08-25 17:47 - 2014-08-25 17:47 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\mark\Desktop\OTL.exe 2014-08-25 17:43 - 2014-08-25 17:43 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\bpxxhtt.sys 2014-08-25 17:42 - 2014-08-25 17:42 - 00128240 _____ () C:\Dokumente und Einstellungen\mark\Desktop\scan.xml 2014-08-25 17:27 - 2014-08-25 17:28 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-25 17:26 - 2014-08-25 17:26 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2014-08-25 17:26 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-25 17:26 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-08-25 17:25 - 2014-08-25 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Programme\mbam-setup-2[1].0.2.1012.exe 2014-08-25 16:49 - 2014-08-25 16:51 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Temp 2014-08-25 16:49 - 2014-08-25 16:49 - 00001777 _____ () C:\Dokumente und Einstellungen\Gast\Desktop\Google Chrome.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00001599 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Remoteunterstützung.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000772 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Windows Media Player.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000747 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Internet Explorer.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000718 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Outlook Express.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000020 ___SH () C:\Dokumente und Einstellungen\Gast\ntuser.ini 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___SD () C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Verlauf 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Zubehör 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Eigene Musik 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Eigene Bilder 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Intel 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast 2014-08-25 16:49 - 2013-09-22 23:13 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Autostart 2014-08-25 16:49 - 2013-09-22 23:13 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü 2014-08-25 16:49 - 2013-09-22 23:13 - 00000000 ___HD () C:\Dokumente und Einstellungen\Gast\Netzwerkumgebung 2014-08-25 16:49 - 2013-09-22 23:13 - 00000000 ___HD () C:\Dokumente und Einstellungen\Gast\Druckumgebung 2014-08-24 22:08 - 2014-08-24 22:08 - 00000702 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk 2014-08-24 22:08 - 2014-08-24 22:08 - 00000696 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk 2014-08-24 22:08 - 2014-08-24 22:08 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service 2014-08-24 22:07 - 2014-08-24 22:07 - 32047680 _____ () C:\Programme\firefox_setup_31.0.exe 2014-08-24 21:38 - 2014-08-02 15:32 - 00450699 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140824-213840.backup 2014-08-24 21:14 - 2014-08-24 21:14 - 00000000 ___SD () C:\Dokumente und Einstellungen\mark\UserData 2014-08-07 21:31 - 2014-08-07 21:39 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Desktop\Neuer Ordner (3) 2014-08-07 21:24 - 2014-08-07 21:25 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Desktop\28.07.2014 2014-08-02 15:32 - 2014-05-31 13:50 - 00450699 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140802-153239.backup ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 19:31 - 2014-08-25 19:30 - 00019730 _____ () C:\Dokumente und Einstellungen\mark\Desktop\FRST.txt 2014-08-25 19:31 - 2013-09-22 22:30 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Temp 2014-08-25 19:30 - 2014-08-25 19:30 - 01095168 _____ (Farbar) C:\Dokumente und Einstellungen\mark\Desktop\FRST.exe 2014-08-25 19:30 - 2014-08-25 19:30 - 00000000 ____D () C:\FRST 2014-08-25 19:20 - 2014-08-25 19:20 - 05487016 _____ (Microsoft Corporation) C:\Dokumente und Einstellungen\mark\Desktop\Windows8-UpgradeAssistant.exe 2014-08-25 19:10 - 2013-09-22 22:23 - 00415749 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-25 18:56 - 2014-01-05 13:44 - 00000896 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-25 18:09 - 2013-10-27 14:12 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office 2014-08-25 18:09 - 2013-10-27 14:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2014-08-25 17:55 - 2014-08-25 17:55 - 00063856 _____ () C:\Dokumente und Einstellungen\mark\Desktop\OTL.Txt 2014-08-25 17:55 - 2014-08-25 17:55 - 00039120 _____ () C:\Dokumente und Einstellungen\mark\Desktop\Extras.Txt 2014-08-25 17:47 - 2014-08-25 17:47 - 00602112 _____ (OldTimer Tools) C:\Dokumente und Einstellungen\mark\Desktop\OTL.exe 2014-08-25 17:43 - 2014-08-25 17:43 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\bpxxhtt.sys 2014-08-25 17:43 - 2013-11-11 19:07 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wincert 2014-08-25 17:43 - 2013-09-23 00:05 - 00000000 ____D () C:\WINDOWS\pchealth 2014-08-25 17:43 - 2013-09-22 23:14 - 00000000 ___RD () C:\Programme 2014-08-25 17:42 - 2014-08-25 17:42 - 00128240 _____ () C:\Dokumente und Einstellungen\mark\Desktop\scan.xml 2014-08-25 17:28 - 2014-08-25 17:27 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-25 17:26 - 2014-08-25 17:26 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 2014-08-25 17:26 - 2014-08-25 17:26 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2014-08-25 17:26 - 2014-08-25 17:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Programme\mbam-setup-2[1].0.2.1012.exe 2014-08-25 17:26 - 2013-09-22 23:13 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme 2014-08-25 17:18 - 2014-01-20 10:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-08-25 17:18 - 2014-01-20 10:38 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-08-25 17:18 - 2013-11-24 16:10 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2014-08-25 17:17 - 2013-09-22 22:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-25 17:05 - 2014-04-13 17:44 - 00025617 _____ () C:\WINDOWS\ocgen.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00024630 _____ () C:\WINDOWS\FaxSetup.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00014148 _____ () C:\WINDOWS\tsoc.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00009601 _____ () C:\WINDOWS\comsetup.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00007664 _____ () C:\WINDOWS\ntdtcsetup.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00003037 _____ () C:\WINDOWS\iis6.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00001917 _____ () C:\WINDOWS\imsins.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00001917 _____ () C:\WINDOWS\imsins.BAK 2014-08-25 17:05 - 2014-04-13 17:44 - 00001823 _____ () C:\WINDOWS\ocmsn.log 2014-08-25 17:05 - 2014-04-13 17:44 - 00001544 _____ () C:\WINDOWS\msgsocm.log 2014-08-25 17:05 - 2014-04-07 14:35 - 00097870 _____ () C:\WINDOWS\setupapi.log 2014-08-25 16:51 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Temp 2014-08-25 16:49 - 2014-08-25 16:49 - 00001777 _____ () C:\Dokumente und Einstellungen\Gast\Desktop\Google Chrome.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00001599 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Remoteunterstützung.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000772 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Windows Media Player.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000747 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Internet Explorer.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000718 _____ () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Outlook Express.lnk 2014-08-25 16:49 - 2014-08-25 16:49 - 00000020 ___SH () C:\Dokumente und Einstellungen\Gast\ntuser.ini 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___SD () C:\Dokumente und Einstellungen\Gast\Lokale Einstellungen\Verlauf 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme\Zubehör 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Startmenü\Programme 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Eigene Musik 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ___RD () C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Eigene Bilder 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Intel 2014-08-25 16:49 - 2014-08-25 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gast 2014-08-25 16:40 - 2013-09-22 22:30 - 00000747 _____ () C:\Dokumente und Einstellungen\mark\Startmenü\Programme\Internet Explorer.lnk 2014-08-25 16:40 - 2013-09-22 22:30 - 00000718 _____ () C:\Dokumente und Einstellungen\mark\Startmenü\Programme\Outlook Express.lnk 2014-08-25 16:22 - 2013-09-23 17:45 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Skype 2014-08-25 16:15 - 2013-10-23 22:27 - 00002347 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk 2014-08-25 16:15 - 2013-10-23 22:27 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Adobe 2014-08-25 16:11 - 2013-09-27 19:20 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2014-08-25 07:33 - 2014-01-19 23:16 - 00032440 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-25 07:33 - 2013-10-27 15:56 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-08-25 07:33 - 2013-09-28 15:47 - 00131072 _____ () C:\WINDOWS\system32\config\TuneUp.evt 2014-08-25 07:32 - 2013-09-22 22:30 - 00000190 ___SH () C:\Dokumente und Einstellungen\mark\ntuser.ini 2014-08-24 22:08 - 2014-08-24 22:08 - 00000702 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk 2014-08-24 22:08 - 2014-08-24 22:08 - 00000696 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk 2014-08-24 22:08 - 2014-08-24 22:08 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service 2014-08-24 22:08 - 2014-07-23 20:23 - 00000000 ____D () C:\Programme\Mozilla Firefox 2014-08-24 22:07 - 2014-08-24 22:07 - 32047680 _____ () C:\Programme\firefox_setup_31.0.exe 2014-08-24 21:14 - 2014-08-24 21:14 - 00000000 ___SD () C:\Dokumente und Einstellungen\mark\UserData 2014-08-24 21:14 - 2013-09-22 22:30 - 00000000 ____D () C:\Dokumente und Einstellungen\mark 2014-08-24 21:03 - 2013-09-22 23:14 - 00897954 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-24 12:53 - 2004-08-04 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-07 21:39 - 2014-08-07 21:31 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Desktop\Neuer Ordner (3) 2014-08-07 21:25 - 2014-08-07 21:24 - 00000000 ____D () C:\Dokumente und Einstellungen\mark\Desktop\28.07.2014 2014-08-06 16:45 - 2013-11-02 19:44 - 00001604 _____ () C:\WINDOWS\wininit.ini 2014-08-02 15:33 - 2013-10-27 15:55 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2 2014-08-02 15:32 - 2014-08-24 21:38 - 00450699 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140824-213840.backup ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ADDITION editor: Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 03 Ran by mark at 2014-08-25 19:31:55 Running from C:\Dokumente und Einstellungen\mark\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) ATI - Dienstprogramm zur Deinstallation der Software (HKLM\...\All ATI Software) (Version: 6.14.10.1013 - ) ATI Catalyst Control Center (HKLM\...\{53C38B64-91AC-42CB-AAEB-699E1F32AB5F}) (Version: 1.2.2068.42622 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.172-050830a1-026240C - ) AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden Brother 1450 (HKLM\...\Brother 1450) (Version: - ) DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC) Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg) Google Chrome (HKLM\...\Google Chrome) (Version: 30.0.1599.101 - Google Inc.) Google Earth Plug-in (HKLM\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (Version: 1.3.21.165 - Google Inc.) Hidden Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kabel Deutschland Installations-Software (Version: 3.6.0.0 - Kabel Deutschland Vertrieb und Services GmbH) Hidden Labtec WebCam-Software (HKLM\...\{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}) (Version: 8.43.0000 - Labtec, Inc.) Labtec® Camera-Treiber (HKLM\...\QcDrv) (Version: - ) Launch Manager V1.2.4 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: - ) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) mCore (Version: 1.23.0000 - Intel Corporation) Hidden mDriver (Version: 1.23.0000 - Intel) Hidden mDrWiFi (Version: 1.23.0000 - Intel Corporation) Hidden mEoU.msi (Version: 1.23.0000 - Intel Corporation) Hidden mHelp (Version: 1.23.0000 - Intel) Hidden Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden mIWA (Version: 1.23.0000 - Intel Corporation) Hidden mIWCA (Version: 1.23.0000 - Intel Corporation) Hidden mLogView (Version: 1.23.0000 - Intel Corporation) Hidden mMHouse (Version: 1.23.0000 - Intel Corporation) Hidden Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) mPfMgr (Version: 1.23.0000 - Intel Corporation) Hidden mPfWiz (Version: 1.23.0000 - Intel Corporation) Hidden mProSafe (Version: 9.00.0000 - Intel) Hidden MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation) mWlsSafe (Version: 9.00.0000 - Intel) Hidden mXML (Version: 1.23.0000 - Intel Corporation) Hidden mZConfig (Version: 1.23.0000 - Intel Corporation) Hidden Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version: - ) PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7106 - Realtek Semiconductor Corp.) Skype™ 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.1.6.0 - Synaptics) Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{425ECED4-23ED-4E05-A88A-B59700DAF2AD}) (Version: 1.04.0000 - Texas Instruments Inc.) TIxx21/x515 (Version: 1.04.0000 - Texas Instruments Inc.) Hidden TuneUp Utilities 2013 (HKLM\...\TuneUp Utilities 2013) (Version: 13.0.4000.245 - TuneUp Software) TuneUp Utilities 2013 (Version: 13.0.4000.245 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.245 - TuneUp Software) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 4.0.1.2800 - WIDCOMM, Inc.) Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-05-2014 17:28:23 Systemprüfpunkt 31-05-2014 11:56:42 Systemprüfpunkt 02-06-2014 14:07:47 Systemprüfpunkt 04-06-2014 08:00:29 Systemprüfpunkt 05-06-2014 15:23:29 Systemprüfpunkt 10-06-2014 13:45:59 Systemprüfpunkt 11-06-2014 15:13:32 Systemprüfpunkt 12-06-2014 16:45:52 Systemprüfpunkt 16-06-2014 14:43:54 Systemprüfpunkt 18-06-2014 14:56:44 Systemprüfpunkt 20-06-2014 09:58:01 Systemprüfpunkt 23-06-2014 05:16:08 Systemprüfpunkt 25-06-2014 09:56:09 Systemprüfpunkt 26-06-2014 10:24:20 Systemprüfpunkt 27-06-2014 15:55:51 Systemprüfpunkt 02-07-2014 08:48:03 Systemprüfpunkt 03-07-2014 09:41:51 Systemprüfpunkt 04-07-2014 11:30:44 Systemprüfpunkt 08-07-2014 17:53:47 Systemprüfpunkt 10-07-2014 19:04:04 Systemprüfpunkt 15-07-2014 07:55:42 Systemprüfpunkt 16-07-2014 11:27:24 Systemprüfpunkt 17-07-2014 16:03:50 Systemprüfpunkt 18-07-2014 17:50:53 Systemprüfpunkt 20-07-2014 13:34:34 Systemprüfpunkt 21-07-2014 18:22:12 Systemprüfpunkt 22-07-2014 18:34:52 Systemprüfpunkt 24-07-2014 05:49:42 Systemprüfpunkt 25-07-2014 15:26:50 Systemprüfpunkt 26-07-2014 15:47:12 Systemprüfpunkt 28-07-2014 08:00:13 Systemprüfpunkt 29-07-2014 14:53:42 Systemprüfpunkt 30-07-2014 16:14:04 Systemprüfpunkt 01-08-2014 09:18:58 Systemprüfpunkt 02-08-2014 11:12:58 Systemprüfpunkt 03-08-2014 11:27:50 Systemprüfpunkt 05-08-2014 05:16:08 Systemprüfpunkt 06-08-2014 05:57:24 Systemprüfpunkt 07-08-2014 13:11:22 Systemprüfpunkt 07-08-2014 19:27:37 Configured Microsoft Office Home and Student 2007 07-08-2014 19:33:18 Configured Microsoft Office Home and Student 2007 24-08-2014 11:10:33 Systemprüfpunkt 25-08-2014 16:04:25 Configured Microsoft Office Home and Student 2007 25-08-2014 16:06:00 Configured Microsoft Office Home and Student 2007 25-08-2014 16:07:40 Configured Microsoft Office Home and Student 2007 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-04 14:00 - 2014-08-24 21:38 - 00450699 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 Domain suspended 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 [¹ã³¡ÎèÀÏÆÅ×î´óÇ¡Ç¡,¹ã³¡ÎèÃñ×åÎè,ÔÆÉѹ㳡ÎèÌÒ»¨ÔËÇ¡Ç¡],2014Ê×Ò³ 127.0.0.1 032439.com 127.0.0.1 0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 Gadgets And More 127.0.0.1 1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDScan.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-11 19:06 - 2014-07-03 16:38 - 00489680 _____ () C:\Programme\Movies Toolbar\SafetyNut\safetycrt.dll 2013-11-11 19:06 - 2014-07-03 16:38 - 03573456 _____ () C:\Programme\Movies Toolbar\SafetyNut\SafetyNutManager.exe 2013-11-11 19:06 - 2014-07-03 16:38 - 00019664 _____ () C:\Programme\Movies Toolbar\SafetyNut\safetyldr.dll 2013-11-24 16:09 - 2012-08-23 11:38 - 00574840 _____ () C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll 2013-11-24 16:09 - 2013-05-16 11:55 - 00113496 _____ () C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-11-24 16:09 - 2013-05-16 11:55 - 00416600 _____ () C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl 2013-11-24 16:09 - 2013-05-16 11:55 - 00161112 _____ () C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-11-24 16:09 - 2012-04-03 18:06 - 00565640 _____ () C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-01-28 10:37 - 2014-01-28 10:37 - 00607032 _____ () C:\Programme\TuneUp Utilities 2013\avgreplibx.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Modem Device on High Definition Audio Bus Description: Modem Device on High Definition Audio Bus Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: RF receiver Description: RF receiver Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/25/2014 07:14:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul , Version 0.0.0.0, Fehleradresse 0x00000000. Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet. Error: (08/25/2014 05:38:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Stillstehende Anwendung IEXPLORE.EXE, Version 6.0.2900.2180, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (08/25/2014 05:37:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul mshtml.dll, Version 6.0.2900.2180, Fehleradresse 0x0008efeb. Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet. Error: (08/25/2014 05:04:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul mshtml.dll, Version 6.0.2900.2180, Fehleradresse 0x0008efeb. Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet. Error: (08/25/2014 06:55:51 AM) (Source: Application Hang) (EventID: 1001) (User: ) Description: Fehlerhafter Speicherbereich 126833367. Error: (08/25/2014 06:55:46 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Stillstehende Anwendung HelpCtr.exe, Version 5.1.2600.2180, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (08/07/2014 09:39:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x01ad0fef. Das medienspezifische Ereignis für [explorer.exe!ws!] wird verarbeitet. Error: (08/07/2014 09:27:40 PM) (Source: MsiInstaller) (EventID: 11500) (User: MARK-130D3DECD0) Description: Produkt: Microsoft Office Home and Student 2007 -- Fehler 1500.Zurzeit wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation abschließen, bevor Sie diese Installation fortsetzen können. Error: (08/05/2014 06:33:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlgeschlagene Anwendung plugin-container.exe, Version 31.0.0.5310, fehlgeschlagenes Modul mozalloc.dll, Version 31.0.0.5310, Fehleradresse 0x0000141b. Das medienspezifische Ereignis für [plugin-container.exe!ws!] wird verarbeitet. Error: (08/05/2014 06:32:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Stillstehende Anwendung firefox.exe, Version 31.0.0.5310, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. System errors: ============= Error: (08/25/2014 05:18:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/25/2014 05:18:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error: (08/25/2014 04:58:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/25/2014 04:58:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Error: (08/25/2014 04:49:14 PM) (Source: DCOM) (EventID: 10005) (User: MARK-130D3DECD0) Description: Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "RegSrvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} Microsoft Office Sessions: ========================= Error: (06/23/2014 00:40:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 211285 seconds with 3540 seconds of active time. This session ended with a crash. Error: (06/06/2014 07:22:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2780 seconds with 120 seconds of active time. This session ended with a crash. Error: (05/06/2014 09:47:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 221 seconds with 120 seconds of active time. This session ended with a crash. Error: (05/06/2014 09:43:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3484 seconds with 480 seconds of active time. This session ended with a crash. Error: (05/06/2014 08:40:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 93 seconds with 60 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) M processor 1.73GHz Percentage of memory in use: 54% Total physical RAM: 1022.42 MB Available physical RAM: 466.79 MB Total Pagefile: 2459.21 MB Available Pagefile: 1866.14 MB Total Virtual: 2047.88 MB Available Virtual: 1933.69 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:47.28 GB) (Free:29.75 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (BACKUP) (Fixed) (Total:34.15 GB) (Free:31.35 GB) NTFS Drive e: (RECOVER) (Fixed) (Total:11.69 GB) (Free:3.89 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 93.2 GB) (Disk ID: 42A442A4) Partition 1: (Active) - (Size=47.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=45.9 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=24 MB) - (Type=12) Danke |
|
26.08.2014, 09:23
| #4 |
| | Web- Browser können nicht geöffnet werden Es wurde mir gestern empfohlen Servicepack 3 zu instalieren. Das führte dazu, dass ich wieder meine Browser nutzen kann. Es wurde mir auch gesagt, dass ein Proxy Server aktiv ist und unterbindet jeglichen Internetzugang;auch ist eine Windows Datei Host verändert... Kann man damit was machen ? Bitte belehren... Nochmal FRST von heute: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03 Ran by mark (administrator) on MARK-130D3DECD0 on 26-08-2014 10:12:49 Running from C:\Dokumente und Einstellungen\mark\Desktop Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Programme\AVG\AVG2014\avgcsrvx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Intel Corporation) C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (brother Industries Ltd) C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (TuneUp Software) C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (TuneUp Software) C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software) C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe (Labtec Inc.) C:\WINDOWS\system32\LVCOMSX.EXE (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AzMixerSel] => C:\Programme\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.) HKLM\...\Run: [ATICCC] => C:\Programme\ATI Technologies\ATI.ACE\cli.exe [57344 2005-08-31] (ATI Technologies Inc.) HKLM\...\Run: [LogitechVideoRepair] => C:\Programme\Logitech\Video\ISStart.exe [458752 2005-01-19] (Labtec Inc.) HKLM\...\Run: [LogitechVideoTray] => C:\Programme\Logitech\Video\LogiTray.exe [217088 2005-01-19] (Labtec Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM\...\Run: [PDFPrint] => C:\Programme\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM\...\Run: [] => [X] HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\IntelWireless: C:\Programme\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-746137067-1532298954-682003330-1004\...\MountPoints2: E - E:\setupSNK.exe IFEO\AcroRd32.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\bttray.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cli.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\cltmngsvc.exe: [Debugger] IFEO\configwizards.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\excel.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\javaw.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\javaws.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\msoxmled.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\mstore.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\offdiag.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\ois.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\onenote.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\onenotem.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\pdf24-creator.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\pdf24-fax.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\powerpnt.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\skype.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\winword.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" IFEO\wizard.exe: [Debugger] "C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe" Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ATI CATALYST-Infobereich.lnk ShortcutTarget: ATI CATALYST-Infobereich.lnk -> C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) HKLM\...\AppCertDlls: [x64] -> c:\programme\movies toolbar\safetynut\x64\safetycrt.dll HKLM\...\AppCertDlls: [x86] -> C:\Programme\Movies Toolbar\SafetyNut\safetycrt.dll BootExecute: autocheck autochk * sdnclean.exeC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: localhost:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL} SearchScopes: HKCU - {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1408907716203 Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default FF Homepage: hxxp://google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default\user.js FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\Ask.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\mark\Anwendungsdaten\Mozilla\Firefox\Profiles\r43wo3ui.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-04] Chrome: ======= CHR HomePage: https://www.google.de/ CHR RestoreOnStartup: "hxxp://google.com/" CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefi xUrl}{google ageClassification}sugkey={google:suggestAPIKeyParameter}CHR Extension: (Google Docs) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23] CHR Extension: (Google Drive) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23] CHR Extension: (YouTube) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23] CHR Extension: (Google-Suche) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23] CHR Extension: (Google Wallet) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23] CHR Extension: (Google Mail) - C:\Dokumente und Einstellungen\mark\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23] danke |
|
27.08.2014, 09:59
| #5 |
| /// the machine /// TB-Ausbilder | Web- Browser können nicht geöffnet werden von wem wurde das alles gesagt? Aber egal, die Kiste musst du formatieren. Wer erst nach 10 Jahren merkt dass es SP3 für XP gibt, Hut ab. Das Ding ist verseucht, offen wie ein Scheunentor, und man installiert kein SP über ne verseuchte Kiste.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.08.2014, 12:49
| #6 |
| | Web- Browser können nicht geöffnet werden Hallo, danke schön, für die harte Diagnose. Obwohl ich meine Browser öffnen kann, "zufrieden" bin ich nicht. Formatieren heisst neu-instalieren ? Seid mir nicht ruhig böse, ich verstehe nur Bahnhof. LG mark |
|
28.08.2014, 07:36
| #7 |
| /// the machine /// TB-Ausbilder | Web- Browser können nicht geöffnet werden Ich bin nicht böse, aber so hart musste es sein. Wer XP nutzt, ist schon eigentlich gestraft. Wer dann aber noch ohne Sp3 unterwegs ist kann sein Geld auch gleich komplett abheben und auf der Strasse verschenken. Ja, nicht ausführbare Dateien sichern, alles löschen und formatieren, neu aufsetzen. Und kein XP mehr!!
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Web- Browser können nicht geöffnet werden |
| ahnung, auslastung, browser, cpu, cpu auslastung, entfernen, firefox, forum, klicke, malwarebytes, problem, problemlos, spam, start, starte, steigt, systemsteuerung, unternehmen, update, urlaub, versucht, windows, windows update, woche, wochen |
Linear-Darstellung
