Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by windows at 2015-06-02 20:06:46 Run:4
Running from C:\Documents and Settings\windows\Desktop
Loaded Profiles: windows (Available profiles: windows & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-15] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-01-15] ()
C:\WINDOWS\System32\DRIVERS\EsgScanner.sys
C:\Program Files\Enigma Software Group
Emptytemp:
*****************

SpyHunter 4 Service => Service not found.
EsgScanner => Service not found.
"C:\WINDOWS\System32\DRIVERS\EsgScanner.sys" => File/Directory not found.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
EmptyTemp: => Removed 52.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:06:56 ====

Lieber Schrauber,
habe jetzt das Resultat endlich gepostet, auch auf deine emailadresse mit screenshot die zeigt, dass der spyhunter noch immer da ist???
Danke!!!!
lg

poste bitte nochmal ein frisches FRST log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by windows at 2015-06-24 10:35:38 Run:6
Running from C:\Documents and Settings\windows\Desktop
Loaded Profiles: windows (Available profiles: windows & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-15] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-01-15] ()
C:\WINDOWS\System32\DRIVERS\EsgScanner.sys
C:\Program Files\Enigma Software Group
Emptytemp:

*****************

SpyHunter 4 Service => Service not found.
EsgScanner => Service not found.
"C:\WINDOWS\System32\DRIVERS\EsgScanner.sys" => File/Directory not found.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
EmptyTemp: => Removed 590 KB temporary data.


The system needed a reboot.

==== End of Fixlog 10:35:41 ====

Bittesehr.

Vielen vielen Dank, lg
supertrine

Ein FRST Scan log meinte ich

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015 (ATTENTION: ====> FRST version is 50 days old and could be outdated)
Ran by windows (administrator) on WINDOWS-2BA645A on 28-06-2015 13:07:45
Running from C:\Documents and Settings\windows\Desktop
Loaded Profiles: windows (Available profiles: windows & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Ares Development Group) C:\Program Files\Ares\Ares.exe
(Google Inc.) C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-11-17] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16384000 2007-08-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SiSPower] => Rundll32.exe SiSPower.dll,ModeAgent
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2010-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [ares] => C:\Program Files\Ares\Ares.exe [1015808 2010-10-27] (Ares Development Group)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [Google Update] => C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2015-01-07] (Google Inc.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {172a75ba-2e3d-11e0-a0ea-001e330204b1} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {30ddf53a-06f7-11e0-a064-0016441f7a07} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {6ab95dc0-45a9-11e0-a13e-001e330204b1} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
Startup: C:\Documents and Settings\windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk [2014-11-10]
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-02-15]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1606980848-57989841-1177238915-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-03] (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-03] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2011-03-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-11-17] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-12-11] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-09] ()
FF Plugin: @kaspersky.com/online_banking -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-09] ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1606980848-57989841-1177238915-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1606980848-57989841-1177238915-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-12-03] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-12-09] (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-12-03]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-12-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-04-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-12-11]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-09]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-09]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-05-09]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-05-09]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-09]

Chrome: 
=======
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.118\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcpildhclihlpljpfpojindpglggkpd [2015-05-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-26]
CHR HKLM\...\Chrome\Extension: [avast! WebRep] - C:\Program Files\AVAST Software\Avast\Setup\WebRep\aswWebRep.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22]
StartMenuInternet: chrome.exe - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [547072 2007-06-21] (Atheros Communications, Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [107104 2014-04-18] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [33888 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [640608 2014-04-18] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [23648 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [321536 2007-08-03] (Silicon Integrated Systems Corporation)
R3 SiSGbeXP; C:\WINDOWS\System32\DRIVERS\SiSGbeXP.sys [43264 2007-10-15] (Silicon Integrated Systems Corp.)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [18688 2007-08-03] (Silicon Integrated Systems Corporation)
S3 cpuz134; \??\C:\DOCUME~1\windows\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-06-28 13:07 - 2015-06-28 13:09 - 00022168 _____ () C:\Documents and Settings\windows\Desktop\FRST.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-06-28 13:09 - 2010-12-09 05:24 - 00000000 ____D () C:\Documents and Settings\windows\Local Settings\Temp
2015-06-28 13:08 - 2015-01-24 02:11 - 00000000 ____D () C:\FRST
2015-06-28 13:08 - 2010-12-09 00:57 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-28 13:06 - 2010-12-09 01:12 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003UA.job
2015-06-28 13:03 - 2010-12-09 04:48 - 01237992 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-28 12:59 - 2014-10-13 19:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-06-28 12:58 - 2008-04-14 10:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-06-28 12:57 - 2014-09-30 17:35 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-28 12:57 - 2011-01-21 12:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-06-28 12:57 - 2011-01-21 12:05 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-06-28 12:57 - 2010-12-09 05:24 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-28 12:57 - 2010-12-09 00:57 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-24 10:40 - 2011-01-21 12:05 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt
2015-06-24 10:40 - 2010-12-09 05:24 - 00000178 ___SH () C:\Documents and Settings\windows\ntuser.ini
2015-06-24 10:36 - 2014-10-13 21:41 - 00404834 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-06-24 10:36 - 2014-10-13 21:41 - 00404834 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1606980848-57989841-1177238915-1003-0.dat
2015-06-24 10:34 - 2015-04-14 20:05 - 00000000 ____D () C:\Documents and Settings\windows\Desktop\trojanerboard
2015-06-24 10:28 - 2014-09-30 17:35 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-06-02 20:28 - 2015-01-15 12:47 - 00001171 _____ () C:\Documents and Settings\windows\Desktop\SpyHunter.lnk

==================== Files in the root of some directories =======

2010-12-10 22:43 - 2015-01-18 01:45 - 0034304 _____ () C:\Documents and Settings\windows\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         

--- --- ---


FRST Additions Logfile:
[CODE]Additional
FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by windows at 2015-06-28 13:09:36
Running from C:\Documents and Settings\windows\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1606980848-57989841-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1606980848-57989841-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1606980848-57989841-1177238915-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1606980848-57989841-1177238915-1002 - Limited - Disabled)
windows (S-1-5-21-1606980848-57989841-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\windows

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2015 (Enabled - Out of date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Internet Security (Enabled - Out of date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Generic Wireless LAN Driver (HKLM\...\{7CC7C026-F81D-4405-9639-B157B7480D73}) (Version: 1.01.0005T - Generic)
Google Chrome (HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
iTunes (HKLM\...\{FAE36873-1941-4076-A9A5-48812B5EA0B7}) (Version: 10.1.0.56 - Apple Inc.)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.0.463 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (Version: 12.0.1.881 - Kaspersky Lab) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version:  - )
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5464 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SiS VGA Utilities (HKLM\...\SiS VGA Driver) (Version:  - )
SiSAGP driver (HKLM\...\{DC226AC9-0314-496C-BE6A-B6A132628466}) (Version: 1.22 - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\42.0.2311.135\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

==================== Restore Points  =========================

13-10-2014 19:39:44 First Restore Point
13-10-2014 21:36:19 First Restore Point
13-10-2014 21:36:37 First Restore Point
06-01-2015 12:43:45 System Checkpoint
07-01-2015 10:45:17 Removed Kaspersky Anti-Virus.
09-01-2015 11:18:03 System Checkpoint
10-01-2015 01:51:43 Removed Adobe Community Help
10-01-2015 01:52:50 Removed Java(TM) 6 Update 22
10-01-2015 01:55:26 Removed QuickTime
10-01-2015 10:17:48 Software Distribution Service 3.0
11-01-2015 22:23:12 Software Distribution Service 3.0
12-01-2015 22:43:50 System Checkpoint
15-01-2015 01:58:52 Software Distribution Service 3.0
15-01-2015 17:45:15 Installed %1 %2.
15-01-2015 17:54:01 Restore Point before Corrupt Patch Registry keys
20-01-2015 00:23:38 System Checkpoint
25-01-2015 02:32:50 Installed QuickTime 7
06-04-2015 15:09:51 Revo Uninstaller's restore point - CCleaner
06-04-2015 15:14:13 Revo Uninstaller's restore point - CCleaner Packages
06-04-2015 16:29:54 Software Distribution Service 3.0
09-05-2015 14:55:41 Installed Kaspersky Security Scan.
09-05-2015 15:46:07 First Restore Point
11-05-2015 17:51:00 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 10:00 - 2008-04-14 10:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003Core.job => C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003UA.job => C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-14 10:00 - 2008-04-14 10:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 10:00 - 2008-04-14 10:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-07-12 21:09 - 2013-01-02 08:48 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2011-01-17 17:19 - 2011-02-15 21:30 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1606980848-57989841-1177238915-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\windows\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk => C:\WINDOWS\pss\Utility Tray.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SMSERIAL => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Ares\Ares.exe] => Enabled:Ares p2p for windows
StandardProfile\AuthorizedApplications: [C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe] => Enabled:Veoh Web Player 
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG-Installationsprogramm
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit

==================== Faulty Device Manager Devices =============

Name: Atheros AR5007EG Wireless Network Adapter
Description: Atheros AR5007EG Wireless Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: AR5211
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2015 10:35:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 9.5.2015.0, faulting module frst.exe, version 9.5.2015.0, fault address 0x0001f3f6.
Processing media-specific event for [frst.exe!ws!]

Error: (04/20/2015 05:40:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (04/20/2015 05:35:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst(4).exe, version 19.4.2015.1, faulting module frst(4).exe, version 19.4.2015.1, fault address 0x0001f09e.
Processing media-specific event for [frst(4).exe!ws!]

Error: (04/20/2015 05:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (04/20/2015 05:26:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (04/20/2015 05:25:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (04/20/2015 05:25:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (04/20/2015 05:25:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (04/20/2015 05:25:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (04/20/2015 05:25:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


System errors:
=============
Error: (06/28/2015 01:03:48 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (06/24/2015 10:29:58 AM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (06/24/2015 10:29:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (06/02/2015 08:01:52 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/20/2015 02:47:52 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/09/2015 00:45:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (04/14/2015 07:33:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/14/2015 07:33:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/14/2015 07:33:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/14/2015 07:33:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SpyHunter 4 Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU 570 @ 2.26GHz
Percentage of memory in use: 65%
Total physical RAM: 765.1 MB
Available physical RAM: 267.59 MB
Total Pagefile: 1867.94 MB
Available Pagefile: 1153.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:129.86 GB) (Free:51.2 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 51EC51EC)
Partition 1: (Active) - (Size=129.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19.2 GB) - (Type=05)

==================== End Of Log ============================
         

--- --- ---

--- --- ---

bitteschön der aktuelle scan.

Dankesehr
lg
supertrine

Deaktiviere bitte dein Antivirenprogramm, da es die Entfernung von SpyHunter blockieren kann.
Bitte downloade SpyHunterCleaner auf Deinen Desktop.

• Schließe alle offenen Programme und Browser.
• Starte die SpyHunterCleaner.exe.
• Drücke eine beliebige Taste, um den Entfernungsprozess zu starten.
• Wenn das Tool fertig ist, wird es sich selbst schließen.
• Gib mir Bescheid, ob nun noch Reste von SpyHunter zu sehen sind.

Hallo lieber Schrauber, ich wiedermal bzw. noch immer. hab den spyhuntercleaner drueberlaufen lassen, aber der spyhunter ist noch immer da.
Vielen Dank! Trine

Neu laden und nochmal laufen lassen. Dann:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-10-2015
Ran by windows (administrator) on WINDOWS-2BA645A (17-10-2015 18:23:54)
Running from C:\Documents and Settings\windows\Desktop
Loaded Profiles: windows (Available Profiles: windows & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Ares Development Group) C:\Program Files\Ares\Ares.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Farbar) C:\Documents and Settings\windows\Desktop\FRST (2).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-11-17] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16384000 2007-08-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SiSPower] => Rundll32.exe SiSPower.dll,ModeAgent
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2010-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [ares] => C:\Program Files\Ares\Ares.exe [1015808 2010-10-27] (Ares Development Group)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [Google Update] => C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-09-21] (Google Inc.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {172a75ba-2e3d-11e0-a0ea-001e330204b1} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {30ddf53a-06f7-11e0-a064-0016441f7a07} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {6ab95dc0-45a9-11e0-a13e-001e330204b1} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Startup: C:\Documents and Settings\windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk [2014-11-10]
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-02-15]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.33.99.70 80.120.17.70
Tcpip\..\Interfaces\{E7B884F1-2F3C-4F78-901D-2B605D149E8C}: [DhcpNameServer] 213.33.99.70 80.120.17.70

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1606980848-57989841-1177238915-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-03] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-03] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\0n34twbj.default-1442852442062
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2011-03-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-11-17] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-12-11] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1606980848-57989841-1177238915-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-1606980848-57989841-1177238915-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-12-03] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-12-09] (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-12-03]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-12-03]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\0n34twbj.default-1442852442062\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-09-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-26] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-12-11] [not signed]

Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://flcpildhclihlpljpfpojindpglggkpd/stubby.html","chrome-extension://ncheegbloelpifhkekmpljcbekcmbpig/stubby.html"
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.71\gears.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.71\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (MapsGalaxy) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcpildhclihlpljpfpojindpglggkpd [2015-05-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-26]
CHR HKLM\...\Chrome\Extension: [avast! WebRep] - C:\Program Files\AVAST Software\Avast\Setup\WebRep\aswWebRep.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22]
StartMenuInternet: chrome.exe - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [547072 2007-06-21] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [321536 2007-08-03] (Silicon Integrated Systems Corporation)
R3 SiSGbeXP; C:\WINDOWS\System32\DRIVERS\SiSGbeXP.sys [43264 2007-10-15] (Silicon Integrated Systems Corp.)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [18688 2007-08-03] (Silicon Integrated Systems Corporation)
S3 cpuz134; \??\C:\DOCUME~1\windows\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-17 18:23 - 2015-10-17 18:23 - 00000400 _____ C:\Documents and Settings\windows\Desktop\Addition.txt
2015-10-17 18:22 - 2015-10-17 18:23 - 00017890 _____ C:\Documents and Settings\windows\Desktop\FRST.txt
2015-10-17 18:22 - 2015-10-17 18:22 - 01700864 _____ (Farbar) C:\Documents and Settings\windows\Desktop\FRST (2).exe
2015-10-17 18:05 - 2015-10-17 18:05 - 00305152 _____ C:\Documents and Settings\windows\Desktop\SpyHunterCleaner-reboot.exe
2015-10-17 18:04 - 2015-10-17 18:04 - 00496640 _____ C:\Documents and Settings\windows\Desktop\SpyHunterCleaner (4).exe
2015-09-21 19:15 - 2015-09-21 19:15 - 00000104 _____ C:\Documents and Settings\windows\Desktop\Internet.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-17 18:24 - 2010-12-09 05:24 - 00000000 ____D C:\Documents and Settings\windows\Local Settings\Temp
2015-10-17 18:23 - 2015-01-24 02:11 - 00000000 ____D C:\FRST
2015-10-17 18:08 - 2010-12-09 04:48 - 01499586 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-17 18:07 - 2014-09-30 17:35 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-17 18:07 - 2011-01-21 12:05 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-10-17 18:07 - 2011-01-21 12:05 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-17 18:07 - 2010-12-09 05:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-17 18:07 - 2010-12-09 00:57 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-17 18:07 - 2008-04-14 10:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-17 18:06 - 2011-01-21 12:05 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-17 18:06 - 2010-12-09 05:24 - 00000178 ___SH C:\Documents and Settings\windows\ntuser.ini
2015-10-17 17:52 - 2015-01-15 18:15 - 00025187 _____ C:\WINDOWS\setupapi.log
2015-10-17 17:52 - 2010-12-20 14:58 - 00000000 ____D C:\Documents and Settings\windows\Application Data\Skype
2015-10-17 17:51 - 2014-09-30 17:35 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-21 19:32 - 2010-12-09 01:12 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003UA.job
2015-09-21 19:31 - 2010-12-09 00:57 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-21 19:04 - 2014-10-13 21:41 - 00404834 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-09-21 19:03 - 2010-12-09 05:24 - 00000000 ____D C:\Documents and Settings\windows
2015-09-21 18:32 - 2010-12-09 01:12 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003Core.job

====================
         

--- --- ---
Files in the root of some directories =======

2010-12-10 22:43 - 2015-01-18 01:45 - 0034304 _____ () C:\Documents and Settings\windows\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-10-2015
Ran by windows (2015-10-17 18:23:17)
Running from C:\Documents and Settings\windows\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-12-09 03:03:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

lieber schrauber,
vielen Dank fuer deine rasche Antwort. Ich habe den Spyhuntercleaner noch mal drueberlaufen gelassen und dann die frst32 gemacht.
vielen lieben dank,
Christine

Das Log bitte nochmal posten, ist unvollständig

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by windows (administrator) on WINDOWS-2BA645A (13-11-2015 18:29:03)
Running from C:\Documents and Settings\windows\My Documents\Downloads
Loaded Profiles: windows (Available Profiles: windows & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Ares Development Group) C:\Program Files\Ares\Ares.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Google Inc.) C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Farbar) C:\Documents and Settings\windows\My Documents\Downloads\FRST (3).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-11-17] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16384000 2007-08-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SiSPower] => Rundll32.exe SiSPower.dll,ModeAgent
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2010-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [ares] => C:\Program Files\Ares\Ares.exe [1015808 2010-10-27] (Ares Development Group)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [Google Update] => C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-09-21] (Google Inc.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {172a75ba-2e3d-11e0-a0ea-001e330204b1} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {30ddf53a-06f7-11e0-a064-0016441f7a07} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {6ab95dc0-45a9-11e0-a13e-001e330204b1} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Startup: C:\Documents and Settings\windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk [2014-11-10]
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-02-15]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.33.99.70 80.120.17.70
Tcpip\..\Interfaces\{E7B884F1-2F3C-4F78-901D-2B605D149E8C}: [DhcpNameServer] 213.33.99.70 80.120.17.70

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1606980848-57989841-1177238915-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-02] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-02] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\0n34twbj.default-1442852442062
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2011-03-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-11-17] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-12-11] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1606980848-57989841-1177238915-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-1606980848-57989841-1177238915-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-12-03] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-12-09] (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-12-03]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-12-03]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\0n34twbj.default-1442852442062\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-09-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-27] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-12-11] [not signed]

Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://flcpildhclihlpljpfpojindpglggkpd/stubby.html","chrome-extension://ncheegbloelpifhkekmpljcbekcmbpig/stubby.html"
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.71\gears.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\46.0.2490.71\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (MapsGalaxy) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcpildhclihlpljpfpojindpglggkpd [2015-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-17]
CHR HKLM\...\Chrome\Extension: [avast! WebRep] - C:\Program Files\AVAST Software\Avast\Setup\WebRep\aswWebRep.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22]
StartMenuInternet: chrome.exe - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [547072 2007-06-21] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [321536 2007-08-03] (Silicon Integrated Systems Corporation)
R3 SiSGbeXP; C:\WINDOWS\System32\DRIVERS\SiSGbeXP.sys [43264 2007-10-15] (Silicon Integrated Systems Corp.)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [18688 2007-08-03] (Silicon Integrated Systems Corporation)
S3 cpuz134; \??\C:\DOCUME~1\windows\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-17 17:24 - 2015-10-17 17:24 - 00021785 _____ C:\Documents and Settings\windows\Desktop\FRST 17.10.15.txt
2015-10-17 17:23 - 2015-10-17 17:23 - 00000400 _____ C:\Documents and Settings\windows\Desktop\Addition.txt
2015-10-17 17:22 - 2015-10-17 17:24 - 00021785 _____ C:\Documents and Settings\windows\Desktop\FRST.txt
2015-10-17 17:22 - 2015-10-17 17:22 - 01700864 _____ (Farbar) C:\Documents and Settings\windows\Desktop\FRST (2).exe
2015-10-17 17:05 - 2015-10-17 17:05 - 00305152 _____ C:\Documents and Settings\windows\Desktop\SpyHunterCleaner-reboot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-13 18:29 - 2015-01-24 01:11 - 00000000 ____D C:\FRST
2015-11-13 18:29 - 2010-12-09 04:24 - 00000000 ____D C:\Documents and Settings\windows\Local Settings\Temp
2015-11-13 18:29 - 2010-12-09 03:48 - 01705266 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-13 18:25 - 2015-01-15 17:15 - 00026768 _____ C:\WINDOWS\setupapi.log
2015-11-13 18:21 - 2010-12-08 23:57 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-13 18:13 - 2014-09-30 16:35 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-11-13 18:12 - 2008-04-14 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-13 18:11 - 2014-09-30 16:35 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-11-13 18:11 - 2011-01-21 11:05 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-13 18:11 - 2011-01-21 11:05 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-13 18:11 - 2010-12-09 04:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-13 18:10 - 2011-01-21 11:05 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-13 18:10 - 2010-12-09 04:24 - 00000178 ___SH C:\Documents and Settings\windows\ntuser.ini
2015-11-13 17:53 - 2010-12-08 19:35 - 00563998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-13 17:33 - 2010-12-09 00:12 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003UA.job
2015-11-13 17:31 - 2010-12-08 23:57 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-29 04:17 - 2011-01-20 12:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-10-17 17:32 - 2010-12-09 00:12 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003Core.job
2015-10-17 16:52 - 2010-12-20 13:58 - 00000000 ____D C:\Documents and Settings\windows\Application Data\Skype

====================
         

--- --- ---

--- --- ---
Files in the root of some directories =======

2010-12-10 21:43 - 2015-01-18 00:45 - 0034304 _____ () C:\Documents and Settings\windows\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

FRST32 ist durch. Addition kam vorher immer von selbst, wo den bitte diese # reintippen? bei der FRST? sorry
DANKE!!!! gvlg die supertrine

Schau dir mal den Screenshot an

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Aber ich habe dann ja nix geschickt, darum ist keine Antwort gekommen.
Hab auch den alten Computer nie benutzt, aber es waere schon ein Moerdererfolgserlebniss diesen Spyhunter zu besiegen!
Nur wie? Dankesehr!