LederLappen | 03.06.2015 05:52 | Guten Morgen :)
So, alles erledigt! Code:
# AdwCleaner v4.206 - Logfile created 03/06/2015 at 04:50:11
# Updated 01/06/2015 by Xplode
# Database : 2015-06-01.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Helge - HANSA
# Running from : C:\Documents and Settings\Helge\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : globalUpdatem
[#] Service Deleted : {15005ce0-4adb-4842-9f2a-405172e87bce}t
[#] Service Deleted : {62eca849-70b6-47ed-932e-18163afa5bee}Gt
[#] Service Deleted : {c44114b8-1134-4aeb-950a-2e0ff4eceaae}t
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\8b182ab200006a71
Folder Deleted : C:\Program Files\ss8
Folder Deleted : C:\Program Files\WSE_Taplika
Folder Deleted : C:\Program Files\Browser Good
Folder Deleted : C:\DOCUME~1\Helge\LOCALS~1\Temp\Browser Good
Folder Deleted : C:\Documents and Settings\Helge\Local Settings\Application Data\globalUpdate
Folder Deleted : C:\Documents and Settings\Helge\Local Settings\Application Data\gmsd_de_249
Folder Deleted : C:\Documents and Settings\Helge\Application Data\Taplika
Folder Deleted : C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\KUKDSXGS67213349@EDCBUFV5900769.com
[!] Folder Deleted : C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
File Deleted : C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\{62eca849-70b6-47ed-932e-18163afa5bee}.xpi
File Deleted : C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfkjojacgdjkninepeghaamnapdjmlfn_0.localstorage
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\system32\drivers\{15005ce0-4adb-4842-9f2a-405172e87bce}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{62eca849-70b6-47ed-932e-18163afa5bee}Gt.sys
File Deleted : C:\WINDOWS\system32\drivers\{c44114b8-1134-4aeb-950a-2e0ff4eceaae}t.sys
File Deleted : C:\Documents and Settings\Helge\Application Data\ACFAF
File Deleted : C:\Documents and Settings\Helge\Application Data\SQKPEW
File Deleted : C:\Documents and Settings\Helge\Favorites\Startfenster.lnk
File Deleted : C:\Documents and Settings\Helge\Favorites\Links\Startfenster.lnk
File Deleted : C:\Documents and Settings\Helge\Start Menu\Startfenster.lnk
File Deleted : C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\searchplugins\Taplika.xml
File Deleted : C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\user.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
***** [ Scheduled tasks ] *****
Task Deleted : 11a623c5-4868-4253-879e-252a0911b26b-1-6
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Browser Good
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Browser Good
Key Deleted : HKLM\SOFTWARE\9316781e-038b-4647-beb0-34036ff36f59
Key Deleted : HKLM\SOFTWARE\b45f9fad-8914-61b3-c77f-c676912144e9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\GAMESDESKTOP
Key Deleted : HKCU\Software\Wnkey
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\Taplika Browser
Key Deleted : HKCU\Software\WSE_Taplika
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\ss8
Key Deleted : HKCU\Software\ss8-nv
Key Deleted : HKCU\Software\ss8-nv-ie
Key Deleted : HKCU\Software\Browser Good
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\ss8
Key Deleted : HKLM\SOFTWARE\ss8-nv
Key Deleted : HKLM\SOFTWARE\ss8-nv-ie
Key Deleted : HKLM\SOFTWARE\Browser Good
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Good
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Browser Good
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
-\\ Mozilla Firefox v38.0.1 (x86 de)
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22an[...]
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22hxxp%3A//www.holasearc[...]
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%2[...]
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14bbabbbd996048b4c88f224d45aa4f3");
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v43.0.2357.81
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://taplika.com/?f=1&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://taplika.com/?f=7&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
*************************
AdwCleaner[R0].txt - [13645 bytes] - [01/06/2015 18:37:12]
AdwCleaner[R1].txt - [13690 bytes] - [03/06/2015 04:48:09]
AdwCleaner[S0].txt - [12340 bytes] - [03/06/2015 04:50:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12400 bytes] ########## Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 03.06.2015
Suchlauf-Zeit: 05:41:07
Logdatei: mbam.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.06.03.01
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows XP Service Pack 3
CPU: x86
Dateisystem: NTFS
Benutzer: Helge
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 314015
Verstrichene Zeit: 40 Min, 51 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 4
PUP.Optional.Trovi.A, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, In Quarantäne, [1934ffb7533721156d9ee876fd0639c7],
PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [95b84d69e9a1f343dfeb054641c1e818],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{22134214}, In Quarantäne, [e766a0162862c86eeb27394655b07a86],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [f35ac6f0d2b862d44ddad0b159ac1fe1],
Registrierungswerte: 6
PUP.Optional.Taplika.C, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files\WSE_Taplika\\, In Quarantäne, [9fae7f371575e254647edf06b2515ba5]
Hijack.ControlPanelStyle, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, In Quarantäne, [f15cdbdbe4a66ec8a934168ea262eb15]
PUP.Optional.Taplika.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Taplika, C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Helge\APPLIC~1\Taplika\UpdateProc\bkup.dat", In Quarantäne, [04495a5c6f1b23134f36c72ace35fd03]
Hijack.ControlPanelStyle, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, In Quarantäne, [89c4397d0981181ec5186143f31136ca]
Hijack.ControlPanelStyle, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, In Quarantäne, [4d0013a37f0bd165b627a3011de77d83]
Hijack.ControlPanelStyle, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, In Quarantäne, [54f97541d4b6b48236a7465ea36107f9]
Registrierungsdaten: 5
PUM.Hijack.Help, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Gut: (0), Schlecht: (1),Ersetzt,[410c1d990486dc5a8dd606285ea835cb]
PUM.Hijack.Help, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Gut: (0), Schlecht: (1),Ersetzt,[78d565517218280e94cf46e8877f8080]
PUM.Hijack.Help, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Gut: (0), Schlecht: (1),Ersetzt,[db72cee8fc8e5ed8243f87a71ee8ec14]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Gut: (1), Schlecht: (0),Ersetzt,[b499ae087b0fe254b1fe0c23c541bc44]
PUM.Hijack.Help, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Gut: (0), Schlecht: (1),Ersetzt,[ba93ccea7f0bcc6a2241a08ef511ef11]
Ordner: 2
PUP.Optional.Multiplug.A, C:\Documents and Settings\All Users\Application Data\{db50cd3a-b2de-58e8-db50-0cd3ab2d34ea}, In Quarantäne, [6ae37b3bbbcf7abcae81ceb190750df3],
PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146, In Quarantäne, [05482690375325112fea9333f40fa957],
Dateien: 34
PUP.Optional.Nova.A, C:\Program Files\5e96cb34-cc43-4cfe-a72c-e7fd8275f4c8\3a62beb1-3006-4be3-9094-3a636b9dcc22.dll, In Quarantäne, [28252c8a0387df5781c19183639fda26],
PUP.Optional.Nova.A, C:\Program Files\5e96cb34-cc43-4cfe-a72c-e7fd8275f4c8\b5b015af-2930-4408-a284-6e65821f0882.dll, In Quarantäne, [d17cc3f39dedde5829194aca32d02bd5],
PUP.Optional.APNToolBar.A, C:\Documents and Settings\Helge\Local Settings\Temp\MSI60.tmp, In Quarantäne, [61ec4670ccbe80b6614cb4afeb175ea2],
Trojan.FakeMS.ED, C:\Documents and Settings\Helge\Local Settings\Temp\1E.tmp, In Quarantäne, [53faebcb5337c76f2b6429116d958977],
PUP.Optional.SuperOptimizer.A, C:\Documents and Settings\Helge\Local Settings\Temp\supoptsetup.exe, In Quarantäne, [65e8d1e5098149ed4b3aadb33dc5956b],
PUP.Optional.MyPCBackup.SID.A, C:\Documents and Settings\Helge\Local Settings\Temp\dd3cf709-c09b-47bf-8a03-d62752e74aad\cloud_backup_setup.exe, In Quarantäne, [64e9971fc9c142f41bf3690649bd1ee2],
PUP.Optional.CrossRider.A, C:\Documents and Settings\Helge\Local Settings\Temp\dd492191-3932-4959-ab56-ed88390d475e\smarts8.exe, In Quarantäne, [91bcddd9e6a4191d877642ef2bd702fe],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-29BH8.tmp\gentlemjmp_ieu.exe, In Quarantäne, [50fd86306d1dbc7a1e156f008e78aa56],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-7H7GG.tmp\gentlemjmp_ieu.exe, In Quarantäne, [b29b229458322313f1429bd43fc74eb2],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-9MRNM.tmp\gentlemjmp_ieu.exe, In Quarantäne, [25280caa9beff93de74c1f5045c111ef],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-B7MKI.tmp\package_browsergood_installer_multilang.exe, In Quarantäne, [08452e88fb8f3303bef919ebaa58a35d],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-B7MKI.tmp\package_superpc_installer_multilang.exe, In Quarantäne, [b6975165cfbb9e981b9c5ba94db5b050],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-B7MKI.tmp\package_taplika_installer_multilang.exe, In Quarantäne, [fe4f1e981971c373f2c547bde022847c],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-POULO.tmp\package_zombie_installer_multilang.exe, In Quarantäne, [db727541bbcf290d9a1dfc08f60c9a66],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-POULO.tmp\package_optimizerpro_installer_multilang.exe, In Quarantäne, [97b66d49b2d849ed981f7f851de518e8],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-POULO.tmp\package_plushd_installer_multilang.exe, In Quarantäne, [2924c1f5f99149ed53644eb6ec16936d],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-UIFMF.tmp\package_plushd_installer_multilang.exe, In Quarantäne, [97b626900e7c2c0aa215699b639f3bc5],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-UIFMF.tmp\package_optimizerpro_installer_multilang.exe, In Quarantäne, [90bd6b4bc7c3f640cbec9b6925dd35cb],
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleCrashHandler.exe, In Quarantäne, [c7864c6a7e0c24122aa09ab1c53d24dc],
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleUpdate.exe, In Quarantäne, [95b84d69e9a1f343dfeb054641c1e818],
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleUpdateBroker.exe, In Quarantäne, [420b0da9444692a410ba4dfe82805da3],
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleUpdateOnDemand.exe, In Quarantäne, [222b4076c0cae254fad018331be7d12f],
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\goopdate.dll, In Quarantäne, [400da412602a11256367bf8c669cc63a],
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\goopdateres_en.dll, In Quarantäne, [0d40bbfb2664d56162686edd689a5ea2],
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\npGoogleUpdate4.dll, In Quarantäne, [3b12ecca3951b28482484efd8979b050],
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\psmachine.dll, In Quarantäne, [410c43731773be784a80ba91b1514bb5],
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\psuser.dll, In Quarantäne, [78d5e6d024667eb89436f853c53db749],
PUP.Optional.IStartsurf.A, C:\Documents and Settings\Helge\Local Settings\Temp\7576eadf-8f0e-4af9-a6ac-877c3e270f3f\lly_istartsurf.exe, In Quarantäne, [f75652641c6e3600b24490dcb74fba46],
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\7e92182a-27e2-4c1b-8e16-16eeb3fa30f5\games desktop.exe, In Quarantäne, [9fae42749af0ac8a85af67b9a959b749],
PUP.Optional.APNToolBar.A, C:\WINDOWS\Installer\49ba66.msi, In Quarantäne, [60edf9bdef9bc4726d406300ce34a957],
Exploit.Drop.GS, C:\Documents and Settings\Helge\Local Settings\Temp\sysrestore.exe, In Quarantäne, [f5584373f496bd793e3afe54828220e0],
PUP.Optional.Multiplug.A, C:\Documents and Settings\All Users\Application Data\{db50cd3a-b2de-58e8-db50-0cd3ab2d34ea}\superpc_soft_partner.dat, In Quarantäne, [6ae37b3bbbcf7abcae81ceb190750df3],
PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleUpdateHelper.msi, In Quarantäne, [05482690375325112fea9333f40fa957],
PUP.Optional.CrossRider.A, C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14bbabbbd996048b4c88f224d45aa4f3");), Ersetzt,[bb92b8feb9d183b35326d2a170968080]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end) Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.7 (06.01.2015:1)
OS: Microsoft Windows XP x86
Ran by Helge on 03.06.2015 at 6:37:53,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Documents and Settings\Helge\Application Data\mozilla\firefox\profiles\vkq9fj3q.default\prefs.js
user_pref(extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.__ICM_LITE__blacklist_domain.value, %7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2
user_pref(extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.__ICM_LITE__fifty_test_rules.value, %7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C
user_pref(extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%
user_pref(extensions.crossrider.bic, 14bbabbbd996048b4c88f224d45aa4f3);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
Emptied folder: C:\Documents and Settings\Helge\Application Data\mozilla\firefox\profiles\vkq9fj3q.default\minidumps [4 files]
~~~ Chrome
[C:\Documents and Settings\Helge\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Documents and Settings\Helge\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Documents and Settings\Helge\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Documents and Settings\Helge\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.06.2015 at 6:41:11,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Microsoft Windows XP Service Pack 3
Program started at: 06/03/2015 06:42:41 AM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Documents and Settings\Helge\Start Menu\
Searching C:\Documents and Settings\All Users\Start Menu\
Searching C:\Documents and Settings\Helge\Application Data\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Documents and Settings\All Users\Desktop\
Searching C:\Documents and Settings\Helge\Desktop\
Searching C:\Documents and Settings\All Users\Desktop\
0 bad shortcuts found.
Program finished at: 06/03/2015 06:42:41 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s) Und die beiden letzten Log-Dateien :) Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Helge (administrator) on HANSA on 03-06-2015 06:43:51
Running from C:\Documents and Settings\Helge\Desktop
Loaded Profiles: Helge (Available Profiles: Helge)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1028096 2009-08-08] (Synaptics, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16858112 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2009-08-08] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [999424 2008-01-09] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [1101824 2008-01-09] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [12288 2003-04-17] ()
HKLM\...\Run: [SmsIrProcess] => C:\Program Files\Siano Mobile Silicon\SMS\SmsIrProcess.exe [90112 2014-04-27] (Siano Mobile Silicon)
HKLM\...\Run: [iTunesHelper] => C:\creezy\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [Spotify Web Helper] => C:\SpotifyWebHelper.exe [2021944 2015-06-02] (Spotify Ltd)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\MountPoints2: {cedb9ff6-6c91-11e2-a41d-001f3b23b875} - G:\PMCsetup.exe
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk [2016-03-05]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe (ArcSoft, Inc.)
Startup: C:\Documents and Settings\Helge\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-20]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\creezy\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-20]
Chrome:
=======
CHR HomePage: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll No File
CHR Profile: C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (avast! WebRep) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-09-02]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
S2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [823296 2008-01-09] (Intel Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [438272 2008-04-14] (Microsoft Corporation) [File not signed]
S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [159812 2008-06-18] (NVIDIA Corporation) [File not signed]
S2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2008-01-09] (Intel Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1187840 2008-01-09] (Intel Corporation ) [File not signed]
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2012-09-02] (Cisco Systems, Inc.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [107400 2015-05-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2015-05-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-02] (DT Soft Ltd)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2009-08-08] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2529280 2008-01-09] (Intel Corporation)
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6010752 2008-06-18] (NVIDIA Corporation) [File not signed]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-12] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-12] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2008-01-02] (Intel Corporation)
R3 smsbda; C:\WINDOWS\System32\drivers\smsbda.sys [71944 2014-03-23] (Siano)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
S3 cpuz134; \??\C:\DOCUME~1\Helge\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-05 07:59 - 2016-03-05 07:59 - 00001675 _____ () C:\Documents and Settings\Helge\Desktop\ArcSoft TV 5.0.lnk
2016-03-05 07:59 - 2016-03-05 07:59 - 00000000 ____D () C:\Program Files\ArcSoft
2016-03-05 07:59 - 2016-03-05 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft TV
2016-03-05 07:59 - 2005-07-16 03:35 - 00245408 _____ (Microsoft Corporation) C:\WINDOWS\system32\unicows.dll
2016-03-05 07:56 - 2016-03-05 07:56 - 00000000 ____D () C:\Program Files\Siano Mobile Silicon
2016-03-05 07:56 - 2016-03-05 07:56 - 00000000 ____D () C:\Program Files\Common Files\Siano Mobile Silicon
2016-03-05 07:56 - 2014-03-23 17:32 - 00071944 _____ (Siano) C:\WINDOWS\system32\Drivers\smsbda.sys
2016-03-05 07:56 - 2014-03-23 17:32 - 00021768 _____ (Siano) C:\WINDOWS\system32\smsprops.dll
2016-03-04 15:26 - 2016-03-04 15:26 - 00009642 _____ () C:\WINDOWS\KB2868038.log
2016-03-04 15:26 - 2016-03-04 15:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2016-03-04 15:25 - 2016-03-04 15:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2016-03-04 15:25 - 2016-03-04 15:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2016-03-04 15:24 - 2016-03-04 15:25 - 00008561 _____ () C:\WINDOWS\KB2803821-v2.log
2016-03-04 15:24 - 2016-03-04 15:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2016-03-04 15:23 - 2016-03-04 15:23 - 00008474 _____ () C:\WINDOWS\KB2909210-IE8.log
2016-03-04 15:23 - 2016-03-04 15:23 - 00006743 _____ () C:\WINDOWS\KB2510531-IE8.log
2016-03-04 15:23 - 2016-03-04 15:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2016-03-04 15:23 - 2015-02-10 22:23 - 00000000 ____D () C:\WINDOWS\ie8updates
2016-03-04 15:23 - 2015-02-10 22:02 - 00019174 _____ () C:\WINDOWS\KB2936068-IE8.log
2016-03-04 15:19 - 2016-03-04 15:19 - 00004470 _____ () C:\WINDOWS\KB2914368.log
2016-03-04 15:19 - 2016-03-04 15:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2016-03-04 14:42 - 2008-04-14 06:42 - 00363520 _____ () C:\WINDOWS\system32\PsisDecd.dll
2016-03-04 14:42 - 2008-04-14 06:42 - 00363520 _____ () C:\WINDOWS\system32\dllcache\psisdecd.dll
2016-03-04 14:42 - 2008-04-14 06:42 - 00056832 _____ () C:\WINDOWS\system32\MSDvbNP.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00056832 _____ () C:\WINDOWS\system32\dllcache\msdvbnp.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00033280 _____ () C:\WINDOWS\system32\PsisRndr.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00033280 _____ () C:\WINDOWS\system32\dllcache\psisrndr.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdaPlgIn.ax
2016-03-04 14:42 - 2008-04-14 01:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MPE.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BdaSup.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2016-03-04 14:40 - 2016-03-05 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ArcSoft
2016-03-04 14:40 - 2016-03-04 14:40 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\ArcSoft
2016-03-04 14:40 - 2005-02-23 15:58 - 00011776 _____ (Arcsoft, Inc.) C:\WINDOWS\system32\Drivers\afc.sys
2015-06-03 06:43 - 2015-06-03 06:44 - 00016592 _____ () C:\Documents and Settings\Helge\Desktop\FRST.txt
2015-06-03 06:42 - 2015-06-03 06:42 - 00001992 _____ () C:\Documents and Settings\Helge\Desktop\sc-cleaner.txt
2015-06-03 06:41 - 2015-06-03 06:41 - 00002087 _____ () C:\Documents and Settings\Helge\Desktop\JRT.txt
2015-06-03 06:37 - 2015-06-03 06:37 - 00000000 ____D () C:\RegBackup
2015-06-03 06:36 - 2015-06-03 06:36 - 00010010 _____ () C:\Documents and Settings\Helge\Desktop\mbam.txt
2015-06-03 05:09 - 2015-06-03 06:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-06-03 04:55 - 2015-06-03 06:35 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 04:55 - 2015-06-03 04:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-06-03 04:55 - 2015-06-03 04:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-03 04:55 - 2015-06-03 04:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-03 04:55 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-03 04:55 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-03 04:50 - 2015-06-03 04:50 - 00012481 _____ () C:\Documents and Settings\Helge\Desktop\AdwCleaner[S0].txt
2015-06-03 04:44 - 2015-06-03 04:44 - 00463688 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Helge\Desktop\sc-cleaner.exe
2015-06-03 04:43 - 2015-06-03 04:44 - 02947766 _____ (Thisisu) C:\Documents and Settings\Helge\Desktop\JRT.exe
2015-06-02 00:25 - 2015-06-02 00:25 - 00000008 _____ () C:\WINDOWS\system32\nvModes.dat
2015-06-01 21:16 - 2015-06-01 21:16 - 04197016 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Helge\Desktop\tdsskiller.exe
2015-06-01 21:11 - 2015-06-03 06:43 - 00000000 ____D () C:\FRST
2015-06-01 21:10 - 2015-06-01 21:10 - 01147392 _____ (Farbar) C:\Documents and Settings\Helge\Desktop\FRST.exe
2015-06-01 18:37 - 2015-06-03 04:53 - 00000000 ____D () C:\AdwCleaner
2015-06-01 18:36 - 2015-06-01 18:36 - 02231296 _____ () C:\Documents and Settings\Helge\Desktop\AdwCleaner.exe
2015-06-01 03:10 - 2015-06-01 03:10 - 00000000 ____D () C:\Documents and Settings\Helge\Desktop\New Folder
2015-05-20 23:44 - 2015-06-03 06:26 - 00000000 ___RD () C:\Documents and Settings\Helge\My Documents\Dropbox
2015-05-20 23:43 - 2015-05-20 23:43 - 00000000 ____D () C:\Program Files\Dropbox
2015-05-20 23:43 - 2015-05-20 23:43 - 00000000 ____D () C:\Documents and Settings\Helge\Start Menu\Programs\Dropbox
2015-05-20 23:41 - 2015-06-03 06:26 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\Dropbox
2015-05-15 10:51 - 2015-06-02 03:10 - 41287224 _____ () C:\libcef.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 10457856 _____ () C:\icudtl.dat
2015-05-15 10:51 - 2015-06-02 03:10 - 07323192 _____ (Spotify Ltd) C:\Spotify.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 04253463 _____ () C:\devtools_resources.pak
2015-05-15 10:51 - 2015-06-02 03:10 - 03457592 _____ (Microsoft Corporation) C:\d3dcompiler_47.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 02106424 _____ (Microsoft Corporation) C:\d3dcompiler_43.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 02021944 _____ (Spotify Ltd) C:\SpotifyWebHelper.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 02018406 _____ () C:\cef.pak
2015-05-15 10:51 - 2015-06-02 03:10 - 01488440 _____ () C:\libGLESv2.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 00968248 _____ (The Chromium Authors) C:\ffmpegsumo.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 00777272 _____ (Spotify Ltd) C:\SpotifyCrashService.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 00598403 _____ () C:\cef_200_percent.pak
2015-05-15 10:51 - 2015-06-02 03:10 - 00444515 _____ () C:\cef_100_percent.pak
2015-05-15 10:51 - 2015-06-02 03:10 - 00124472 _____ (Spotify Ltd) C:\SpotifyLauncher.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 00079928 _____ () C:\libEGL.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 00073272 _____ () C:\wow_helper.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 00000020 _____ () C:\inst_ver.dat
2015-05-15 10:51 - 2015-06-02 03:10 - 00000000 ____D () C:\locales
2015-05-15 10:51 - 2015-05-15 10:51 - 00000000 ____D () C:\pdf.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-05 07:58 - 2012-10-10 20:12 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2016-03-05 07:58 - 2012-09-03 21:22 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2016-03-05 07:52 - 2013-01-11 19:17 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
2016-03-05 07:52 - 2013-01-11 19:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2016-03-04 15:25 - 2014-05-31 15:24 - 00012818 _____ () C:\WINDOWS\KB2893294.log
2016-03-04 15:24 - 2014-05-31 15:24 - 00012318 _____ () C:\WINDOWS\KB2892075.log
2016-03-04 15:23 - 2013-04-08 17:33 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2016-03-04 15:23 - 2012-09-02 01:15 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2016-02-27 07:02 - 2014-07-07 19:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Diablo
2015-06-03 06:44 - 2012-09-01 22:39 - 00000000 ____D () C:\Documents and Settings\Helge\Local Settings\Temp
2015-06-03 06:38 - 2012-09-01 20:43 - 01467305 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-03 06:34 - 2012-09-01 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-06-03 06:28 - 2012-09-01 21:32 - 00521886 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-03 06:25 - 2012-09-02 00:05 - 00000507 _____ () C:\WINDOWS\system32\nvapps.xml
2015-06-03 06:24 - 2012-09-01 21:35 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-06-03 06:24 - 2012-09-01 21:35 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-06-03 06:24 - 2004-08-12 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-06-03 06:23 - 2015-02-10 22:35 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-03 06:23 - 2013-08-19 19:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2015-06-03 06:23 - 2012-09-02 00:14 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 06:23 - 2012-09-01 22:36 - 00032642 _____ () C:\WINDOWS\SchedLgU.Txt
2015-06-03 06:23 - 2012-09-01 22:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-03 06:22 - 2015-02-24 10:36 - 00000000 ____D () C:\Program Files\5e96cb34-cc43-4cfe-a72c-e7fd8275f4c8
2015-06-03 06:22 - 2012-09-01 22:39 - 00000178 ___SH () C:\Documents and Settings\Helge\ntuser.ini
2015-06-03 06:22 - 2012-09-01 22:39 - 00000000 ____D () C:\Documents and Settings\Helge
2015-06-03 05:50 - 2012-09-02 00:14 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 17:34 - 2015-02-10 21:05 - 00000000 ____D () C:\Documents and Settings\Helge\Local Settings\Application Data\Spotify
2015-06-02 13:55 - 2015-02-10 21:04 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\Spotify
2015-05-31 14:49 - 2012-09-01 22:38 - 00000000 __SHD () C:\WINDOWS\CSC
2015-05-24 15:21 - 2015-03-20 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-05-24 15:21 - 2012-09-01 22:36 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-05-24 15:19 - 2015-03-20 00:51 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-24 15:19 - 2015-03-20 00:51 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-24 15:19 - 2015-03-20 00:51 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-05-21 15:04 - 2013-04-03 16:58 - 00464547 _____ () C:\WINDOWS\setupapi.log
2015-05-15 11:05 - 2012-09-01 21:31 - 00123728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 16:14 - 2015-02-10 21:05 - 00001860 _____ () C:\Documents and Settings\Helge\Start Menu\Programs\Spotify.lnk
2015-05-13 12:39 - 2012-09-02 00:07 - 00020440 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-13 12:16 - 2015-03-20 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
==================== Files in the root of some directories =======
2015-02-27 11:43 - 2015-03-20 01:08 - 0000110 _____ () C:\Documents and Settings\Helge\Application Data\WB.CFG
2012-09-03 21:41 - 2015-03-26 04:52 - 0035328 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-09 08:29 - 2015-03-09 08:29 - 0274045 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\dsi1.dat
2015-03-09 08:29 - 2015-03-09 08:29 - 0161916 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\dsi2.dat
2012-09-02 00:24 - 2012-09-02 00:24 - 0007199 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\HWVendorDetection.log
Some files in TEMP:
====================
C:\Documents and Settings\Helge\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Helge\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Helge\Local Settings\Temp\binkw32.dll
C:\Documents and Settings\Helge\Local Settings\Temp\d2l_Install.exe
C:\Documents and Settings\Helge\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\Helge\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdert68.dll
C:\Documents and Settings\Helge\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Helge\Local Settings\Temp\ReimagePackage.exe
C:\Documents and Settings\Helge\Local Settings\Temp\ReiSysUpdate.exe
C:\Documents and Settings\Helge\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Helge\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Helge\Local Settings\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of log ============================ Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Helge at 2015-06-03 06:44:39
Running from C:\Documents and Settings\Helge\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1343024091-562591055-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1343024091-562591055-1801674531-1005 - Limited - Enabled)
Guest (S-1-5-21-1343024091-562591055-1801674531-501 - Limited - Disabled)
Helge (S-1-5-21-1343024091-562591055-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Helge
HelpAssistant (S-1-5-21-1343024091-562591055-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1343024091-562591055-1801674531-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TV 5.0 (HKLM\...\{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}) (Version: 5.0.28.218 - ArcSoft, Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM\...\Battle.net) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Command & Conquer Renegade (HKLM\...\Renegade) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Diablo (HKLM\...\Diablo) (Version: - )
Dropbox (HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Far Cry (Version: 1.00.0000 - Ihr Firmenname) Hidden
Frontschweine (HKLM\...\Hogs Of War) (Version: 1.0 - Infogrames)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0.0 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
mCore (Version: 11.50.0000 - Intel Corporation) Hidden
mDriver (Version: 11.50.0000 - Intel) Hidden
mDrWiFi (Version: 11.50.0000 - Intel Corporation) Hidden
mHelp (Version: 11.50.0000 - Intel) Hidden
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 11.50.0000 - Intel Corporation) Hidden
mLogView (Version: 11.50.0000 - Intel Corporation) Hidden
mMHouse (Version: 11.50.0000 - Intel Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
mPfMgr (Version: 11.50.0000 - Intel Corporation) Hidden
mPfWiz (Version: 11.50.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 11.50.0000 - Intel Corporation) Hidden
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MUI Help Package - DEU (Version: - Microsoft Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mZConfig (Version: 11.50.0000 - Intel Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Prey (HKLM\...\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}) (Version: 1.0 - Human Head Studios)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Sid Meier's Colonization 1.0 (HKLM\...\Sid Meier's Colonization) (Version: 1.0 - 2K Games)
SMS (HKLM\...\InstallShield_{CA86CD92-22BB-4BBE-A6A5-BF1B4BAD791A}) (Version: 5.1.59 - Siano Mobile Silicon)
SMS (Version: 5.1.59 - Siano Mobile Silicon) Hidden
Spotify (HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
Titan Quest (HKLM\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
VirtualDJ Home FREE (HKLM\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (nur entfernen) (HKLM\...\Winamp) (Version: - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
30-01-2016 11:14:46 System Checkpoint
02-02-2016 11:17:01 System Checkpoint
15-02-2016 11:17:54 System Checkpoint
20-02-2016 11:14:49 System Checkpoint
22-02-2016 11:16:20 System Checkpoint
23-02-2016 11:16:31 System Checkpoint
27-02-2016 05:46:25 System Checkpoint
28-02-2016 06:04:27 System Checkpoint
29-02-2016 06:40:39 System Checkpoint
01-03-2016 06:54:40 System Checkpoint
04-03-2016 14:39:52 Installiert ArcSoft TV
04-03-2016 14:40:53 Installed SMS
04-03-2016 14:42:33 Unsigned driver install
04-03-2016 14:47:50 Unsigned driver install
04-03-2016 14:50:49 Configured SMS
04-03-2016 14:53:31 Entfernt ArcSoft TV
04-03-2016 14:53:59 Configured SMS
04-03-2016 14:54:27 Installed SMS
04-03-2016 14:57:35 Installiert ArcSoft TV
04-03-2016 15:00:07 Unsigned driver install
04-03-2016 15:02:11 Unsigned driver install
04-03-2016 15:03:02 Entfernt ArcSoft TV
04-03-2016 15:03:29 Configured SMS
04-03-2016 15:04:11 Installed SMS
04-03-2016 15:04:47 Unsigned driver install
04-03-2016 15:06:36 Installiert ArcSoft TV
04-03-2016 15:10:54 Unsigned driver install
04-03-2016 15:19:46 Software Distribution Service 3.0
05-03-2016 07:54:23 Configured SMS
05-03-2016 07:55:34 Entfernt ArcSoft TV
05-03-2016 07:56:37 Installed SMS
05-03-2016 07:57:44 Unsigned driver install
05-03-2016 07:58:57 Installiert ArcSoft TV
15-09-2014 19:45:23 System Checkpoint
18-09-2014 19:54:17 System Checkpoint
23-09-2014 20:21:32 System Checkpoint
25-09-2014 20:43:43 System Checkpoint
30-09-2014 20:24:33 System Checkpoint
06-10-2014 21:47:10 System Checkpoint
08-10-2014 20:23:13 System Checkpoint
09-10-2014 20:46:48 System Checkpoint
15-10-2014 20:59:33 System Checkpoint
20-10-2014 19:54:04 System Checkpoint
21-10-2014 20:45:14 System Checkpoint
22-10-2014 21:20:50 System Checkpoint
27-10-2014 21:44:41 System Checkpoint
28-10-2014 21:53:16 System Checkpoint
30-10-2014 21:53:18 System Checkpoint
03-11-2014 21:47:25 System Checkpoint
06-11-2014 22:03:10 System Checkpoint
11-11-2014 21:23:59 System Checkpoint
13-11-2014 21:52:42 System Checkpoint
17-11-2014 21:46:31 System Checkpoint
18-11-2014 22:02:13 System Checkpoint
20-11-2014 21:48:34 System Checkpoint
24-11-2014 20:39:52 System Checkpoint
25-11-2014 22:51:23 System Checkpoint
27-11-2014 22:31:27 System Checkpoint
10-12-2014 21:06:43 System Checkpoint
06-01-2015 22:01:29 System Checkpoint
08-01-2015 21:25:06 System Checkpoint
12-01-2015 21:07:08 System Checkpoint
13-01-2015 22:03:21 System Checkpoint
15-01-2015 22:00:01 System Checkpoint
16-01-2015 22:04:35 System Checkpoint
30-01-2015 21:53:47 System Checkpoint
09-02-2015 22:30:01 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
09-02-2015 22:30:26 OpenOffice 4.1.1 wird installiert
10-02-2015 21:30:38 iTunes wird installiert
10-02-2015 22:02:18 Software Distribution Service 3.0
11-02-2015 04:31:12 Software Distribution Service 3.0
24-02-2015 10:34:56 Uniblue SpeedUpMyPC installation
24-02-2015 10:35:52 Uniblue DriverScanner installation
26-02-2015 17:43:20 Software Distribution Service 3.0
10-03-2015 21:19:27 Unsigned driver install
12-03-2015 12:42:40 System Checkpoint
20-03-2015 01:01:41 Avira Free Antivirus - 3/20/2015 0:01
20-03-2015 01:09:29 avast! Free Antivirus Setup
20-03-2015 01:13:00 Avira Free Antivirus - 3/20/2015 0:12
20-03-2015 01:18:09 Software Distribution Service 3.0
20-03-2015 01:59:57 Software Distribution Service 3.0
24-03-2015 22:00:01 System Checkpoint
25-03-2015 22:03:46 System Checkpoint
26-03-2015 20:23:38 Unsigned driver install
29-03-2015 03:32:04 System Checkpoint
30-03-2015 17:32:00 System Checkpoint
02-04-2015 13:03:00 System Checkpoint
03-04-2015 22:07:58 System Checkpoint
13-04-2015 12:21:25 System Checkpoint
13-05-2015 17:20:00 System Checkpoint
14-05-2015 21:39:59 System Checkpoint
21-05-2015 01:40:27 System Checkpoint
23-05-2015 00:36:32 System Checkpoint
24-05-2015 16:12:46 System Checkpoint
25-05-2015 16:28:21 System Checkpoint
27-05-2015 13:31:36 System Checkpoint
28-05-2015 20:38:20 System Checkpoint
29-05-2015 20:58:40 System Checkpoint
30-05-2015 21:08:26 System Checkpoint
01-06-2015 16:36:30 System Checkpoint
02-06-2015 17:28:14 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-12 14:00 - 2004-08-12 14:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (Whitelisted) ==============
2015-01-20 23:35 - 2015-01-20 23:35 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Helge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe] => Enabled:Far Cry
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Helge\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Dienst "Bonjour"
StandardProfile\AuthorizedApplications: [C:\creezy\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
==================== Faulty Device Manager Devices =============
Name: USB Device
Description: USB Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).
System errors:
=============
Error: (03/05/2016 08:12:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.
Error: (03/05/2016 08:12:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Error: (03/05/2016 07:57:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Error: (03/05/2016 07:57:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.
Reference error message: The operation completed successfully.
.
Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: Manifest Parse Error : XML document must have a top level element.
.
Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : XML document must have a top level element.
1" on line Manifest Parse Error : XML document must have a top level element.
2.
Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\ArcSoft\ArcSoft TV 5.0\EndPointCtrl.dll.
Reference error message: The operation completed successfully.
.
Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: Manifest Parse Error : XML document must have a top level element.
.
Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : XML document must have a top level element.
1" on line Manifest Parse Error : XML document must have a top level element.
2.
Microsoft Office:
=========================
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 31%
Total physical RAM: 3070.36 MB
Available physical RAM: 2110.64 MB
Total Pagefile: 4955.52 MB
Available Pagefile: 3921.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:298.08 GB) (Free:203.35 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: C3BA16E0)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End of log ============================ |