| supertrine | 16.02.2015 11:34 |
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by windows at 2015-01-25 01:07:40
Running from C:\Documents and Settings\windows\Local Settings\Temporary Internet Files\Content.IE5\ST97GZA2
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CCleaner Packages (HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\CCleaner Packages) (Version: - ) <==== ATTENTION
Generic Wireless LAN Driver (HKLM\...\{7CC7C026-F81D-4405-9639-B157B7480D73}) (Version: 1.01.0005T - Generic)
Google Chrome (HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth (HKLM\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Inbox Storage (HKLM\...\{8E262F9D-DDEA-4F30-85CD-FD5C28613894}_is1) (Version: 1.0.0.32 - Xacti, LLC)
iTunes (HKLM\...\{FAE36873-1941-4076-A9A5-48812B5EA0B7}) (Version: 10.1.0.56 - Apple Inc.)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - )
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5464 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SiS VGA Utilities (HKLM\...\SiS VGA Driver) (Version: - )
SiSAGP driver (HKLM\...\{DC226AC9-0314-496C-BE6A-B6A132628466}) (Version: 1.22 - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.601 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606980848-57989841-1177238915-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
==================== Restore Points =========================
13-10-2014 18:39:44 First Restore Point
13-10-2014 20:36:19 First Restore Point
13-10-2014 20:36:37 First Restore Point
06-01-2015 11:43:45 System Checkpoint
07-01-2015 09:45:17 Removed Kaspersky Anti-Virus.
09-01-2015 10:18:03 System Checkpoint
10-01-2015 00:51:43 Removed Adobe Community Help
10-01-2015 00:52:50 Removed Java(TM) 6 Update 22
10-01-2015 00:55:26 Removed QuickTime
10-01-2015 09:17:48 Software Distribution Service 3.0
11-01-2015 21:23:12 Software Distribution Service 3.0
12-01-2015 21:43:50 System Checkpoint
15-01-2015 00:58:52 Software Distribution Service 3.0
15-01-2015 16:45:15 Installed %1 %2.
15-01-2015 16:54:01 Restore Point before Corrupt Patch Registry keys
19-01-2015 23:23:38 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 09:00 - 2008-04-14 09:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003Core.job => C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003UA.job => C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (whitelisted) =============
2008-04-14 09:00 - 2008-04-14 09:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 09:00 - 2008-04-14 09:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-07-12 20:09 - 2013-01-02 07:48 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2015-01-18 01:20 - 2014-03-26 07:20 - 00493568 _____ () C:\Program Files\Inbox Storage\sqlite3.dll
2011-01-17 16:19 - 2011-02-15 20:30 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk => C:\WINDOWS\pss\Utility Tray.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SMSERIAL => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1606980848-57989841-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1606980848-57989841-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1606980848-57989841-1177238915-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1606980848-57989841-1177238915-1002 - Limited - Disabled)
windows (S-1-5-21-1606980848-57989841-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\windows
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/24/2015 00:54:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/19/2015 09:00:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 39.0.2171.95, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/19/2015 08:53:50 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1180947459.
Error: (01/19/2015 08:53:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/18/2015 10:47:43 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1180947459.
Error: (01/18/2015 10:47:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (01/24/2015 11:51:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Error: (01/24/2015 11:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (01/24/2015 11:47:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (01/24/2015 11:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (01/24/2015 11:47:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (01/24/2015 01:27:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (01/24/2015 01:27:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (01/24/2015 01:27:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (01/24/2015 01:02:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (01/24/2015 01:02:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 570 @ 2.26GHz
Percentage of memory in use: 82%
Total physical RAM: 765.1 MB
Available physical RAM: 134.47 MB
Total Pagefile: 1873.05 MB
Available Pagefile: 1204.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:129.86 GB) (Free:52.39 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 51EC51EC)
Partition 1: (Active) - (Size=129.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19.2 GB) - (Type=05)
==================== End Of Log ============================
--- --- ---
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by windows (administrator) on WINDOWS-2BA645A on 25-01-2015 01:05:35
Running from C:\Documents and Settings\windows\Local Settings\Temporary Internet Files\Content.IE5\ST97GZA2
Loaded Profiles: windows (Available profiles: windows & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Ares Development Group) C:\Program Files\Ares\Ares.exe
(Inbox.com, Inc.) C:\Program Files\Inbox Storage\InboxStorage.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\windows\Local Settings\Temporary Internet Files\Content.IE5\ST97GZA2\FRST[2].exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-11-17] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16384000 2007-08-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SiSPower] => Rundll32.exe SiSPower.dll,ModeAgent
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2010-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [ares] => C:\Program Files\Ares\Ares.exe [1015808 2010-10-27] (Ares Development Group)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [Google Update] => C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2015-01-07] (Google Inc.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\Run: [Inbox Storage] => C:\Program Files\Inbox Storage\InboxStorage.exe [4107176 2014-03-26] (Inbox.com, Inc.)
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {172a75ba-2e3d-11e0-a0ea-001e330204b1} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {30ddf53a-06f7-11e0-a064-0016441f7a07} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1606980848-57989841-1177238915-1003\...\MountPoints2: {6ab95dc0-45a9-11e0-a13e-001e330204b1} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
Startup: C:\Documents and Settings\windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1606980848-57989841-1177238915-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
SearchScopes: HKU\S-1-5-21-1606980848-57989841-1177238915-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.153.32.129 213.153.32.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1606980848-57989841-1177238915-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1606980848-57989841-1177238915-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-12-11]
FF Extension: No Name - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [Not Found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
FF Extension: No Name - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default\extensions\engine@conduit.com [Not Found]
FF Extension: No Name - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [Not Found]
FF Extension: No Name - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [Not Found]
FF Extension: No Name - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [Not Found]
FF Extension: No Name - C:\Documents and Settings\windows\Application Data\Mozilla\Firefox\Profiles\bouagziu.default\extensions\faststartff@gmail.com [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1420844763&from=cor&uid=FUJITSUXMHZ2160BHXG2_K62KT8A28NMGT8A28NMGX"
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-30]
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-01-15]
CHR Extension: (MapsGalaxy) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcpildhclihlpljpfpojindpglggkpd [2014-10-13]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-07]
CHR Extension: (My Logon Manager) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhibgpjnkkfaiepmjglnhppopjpknhak [2015-01-19]
CHR Extension: (Allin1Convert) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncheegbloelpifhkekmpljcbekcmbpig [2015-01-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-26]
CHR HKLM\...\Chrome\Extension: [avast! WebRep] - C:\Program Files\AVAST Software\Avast\Setup\WebRep\aswWebRep.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22]
StartMenuInternet: chrome.exe - C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-15] (Enigma Software Group USA, LLC.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [547072 2007-06-21] (Atheros Communications, Inc.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-01-15] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [321536 2007-08-03] (Silicon Integrated Systems Corporation)
R3 SiSGbeXP; C:\WINDOWS\System32\DRIVERS\SiSGbeXP.sys [43264 2007-10-15] (Silicon Integrated Systems Corp.)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [18688 2007-08-03] (Silicon Integrated Systems Corporation)
S3 cpuz134; \??\C:\DOCUME~1\windows\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U1 WS2IFSL; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-24 23:47 - 2015-01-24 23:49 - 00000079 _____ () C:\WINDOWS\wininit.ini
2015-01-24 01:11 - 2015-01-25 01:05 - 00000000 ____D () C:\FRST
2015-01-19 21:29 - 2015-01-19 21:29 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-19 21:29 - 2015-01-19 21:29 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-19 21:29 - 2015-01-19 21:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-19 21:29 - 2015-01-19 21:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2015-01-18 02:06 - 2015-01-18 02:08 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\6F6744F8.sys
2015-01-18 01:39 - 2015-01-18 01:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-01-18 01:23 - 2015-01-18 01:23 - 00000000 ____D () C:\Documents and Settings\windows\My Documents\Inbox Storage
2015-01-18 01:21 - 2015-01-25 01:03 - 00000000 ____D () C:\Documents and Settings\windows\Application Data\Inbox Storage
2015-01-18 01:20 - 2015-01-18 01:21 - 00000000 ____D () C:\Program Files\Inbox Storage
2015-01-18 01:20 - 2015-01-18 01:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Storage
2015-01-18 01:20 - 2011-06-21 11:24 - 00032768 _____ () C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2015-01-18 00:49 - 2015-01-18 00:49 - 00000000 ____D () C:\Documents and Settings\windows\Desktop\travelpics copy folder
2015-01-17 23:14 - 2015-01-17 23:27 - 00000000 ____D () C:\Documents and Settings\windows\Local Settings\Application Data\NPE
2015-01-15 17:15 - 2015-01-25 01:02 - 00008647 _____ () C:\WINDOWS\setupapi.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00013345 _____ () C:\WINDOWS\iis6.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00012973 _____ () C:\WINDOWS\FaxSetup.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00009833 _____ () C:\WINDOWS\ocgen.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00007412 _____ () C:\WINDOWS\tsoc.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00004580 _____ () C:\WINDOWS\comsetup.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00003069 _____ () C:\WINDOWS\ntdtcsetup.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00002675 _____ () C:\WINDOWS\netfxocm.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00001917 _____ () C:\WINDOWS\imsins.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00001144 _____ () C:\WINDOWS\MedCtrOC.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00000811 _____ () C:\WINDOWS\ocmsn.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00000788 _____ () C:\WINDOWS\msgsocm.log
2015-01-15 16:46 - 2015-01-19 22:44 - 00000622 _____ () C:\WINDOWS\tabletoc.log
2015-01-15 16:46 - 2015-01-19 22:43 - 00003756 _____ () C:\WINDOWS\msmqinst.log
2015-01-15 16:46 - 2015-01-15 16:46 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-01-15 16:46 - 2015-01-15 16:46 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-15 16:46 - 2015-01-15 16:46 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-01-15 16:45 - 2015-01-15 17:11 - 00001084 _____ () C:\WINDOWS\spupdsvc.log
2015-01-15 16:45 - 2015-01-15 17:07 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-01-15 16:45 - 2015-01-15 16:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2015-01-15 16:45 - 2015-01-15 16:45 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell
2015-01-15 16:44 - 2015-01-15 16:46 - 00030775 _____ () C:\WINDOWS\KB926139-v2.log
2015-01-15 16:44 - 2015-01-15 16:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$
2015-01-15 15:19 - 2015-01-15 15:19 - 00000000 ____D () C:\AdwCleaner
2015-01-15 14:57 - 2015-01-15 14:57 - 00000917 _____ () C:\Documents and Settings\windows\Desktop\Revo Uninstaller.lnk
2015-01-15 14:57 - 2015-01-15 14:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-15 13:01 - 2015-01-24 23:50 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-15 13:01 - 2015-01-24 23:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-01-15 13:01 - 2015-01-15 13:31 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-01-15 12:15 - 2015-01-15 12:15 - 00000000 ____D () C:\Documents and Settings\windows\Application Data\Nico Mak Computing
2015-01-15 12:15 - 2015-01-15 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Nico Mak Computing
2015-01-15 12:15 - 2013-03-15 17:01 - 00016384 _____ () C:\WINDOWS\system32\wsusnative32.exe
2015-01-15 11:47 - 2015-01-15 11:47 - 00000935 _____ () C:\Documents and Settings\windows\Desktop\SpyHunter.lnk
2015-01-15 11:47 - 2015-01-15 11:47 - 00000000 ____D () C:\sh4ldr
2015-01-15 11:47 - 2015-01-15 11:47 - 00000000 ____D () C:\Documents and Settings\windows\Start Menu\Programs\SpyHunter
2015-01-15 11:47 - 2015-01-15 11:47 - 00000000 ____D () C:\Documents and Settings\windows\Application Data\Enigma Software Group
2015-01-15 11:45 - 2015-01-15 11:45 - 00019984 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-01-15 11:45 - 2015-01-15 11:45 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-10 00:25 - 2015-01-10 00:25 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-01-10 00:25 - 2015-01-10 00:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-01-10 00:13 - 2015-01-10 00:13 - 00061952 ____H () C:\WINDOWS\system32\mlfcache.dat
2015-01-10 00:13 - 2015-01-10 00:13 - 00000000 ____D () C:\Documents and Settings\windows\Local Settings\Application Data\StormFall
2015-01-07 10:22 - 2015-01-24 00:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 01:06 - 2010-12-09 04:24 - 00000000 ____D () C:\Documents and Settings\windows\Local Settings\Temp
2015-01-25 01:05 - 2010-12-09 03:48 - 01913794 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-25 00:28 - 2010-12-09 00:12 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003UA.job
2015-01-25 00:28 - 2010-12-08 23:57 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 23:59 - 2014-09-10 22:49 - 00000000 ____D () C:\Documents and Settings\windows\Desktop\travelpics
2015-01-24 23:58 - 2008-04-14 09:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-24 23:57 - 2014-09-30 16:35 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-24 23:57 - 2011-01-21 11:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-24 23:57 - 2011-01-21 11:05 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-24 23:57 - 2010-12-09 04:24 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-24 23:57 - 2010-12-08 23:57 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 23:56 - 2011-01-21 11:05 - 00032590 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-24 23:56 - 2010-12-09 04:24 - 00000178 ___SH () C:\Documents and Settings\windows\ntuser.ini
2015-01-19 21:28 - 2011-01-02 19:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-18 10:36 - 2010-12-10 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2015-01-18 10:28 - 2010-12-09 00:12 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-57989841-1177238915-1003Core.job
2015-01-18 01:06 - 2011-01-16 14:14 - 00000000 ____D () C:\Documents and Settings\windows\Application Data\U3
2015-01-18 00:45 - 2010-12-10 21:43 - 00034304 _____ () C:\Documents and Settings\windows\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-17 23:27 - 2010-12-08 19:32 - 00000211 _____ () C:\boot.ini
2015-01-17 23:12 - 2014-09-26 21:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-01-17 14:06 - 2010-12-24 22:30 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-15 15:49 - 2010-12-09 04:24 - 00000000 ____D () C:\Documents and Settings\windows
2015-01-15 13:20 - 2010-12-09 04:25 - 00000803 _____ () C:\Documents and Settings\windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-15 13:05 - 2010-12-09 04:24 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-15 12:03 - 2014-09-26 21:00 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-01-15 02:02 - 2011-01-20 12:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-01-15 01:58 - 2010-12-08 19:35 - 00562470 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-15 01:50 - 2014-09-30 15:46 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-10 09:23 - 2010-12-20 13:58 - 00000000 ____D () C:\Documents and Settings\windows\Application Data\Skype
2015-01-10 00:53 - 2010-12-11 15:14 - 00000000 ____D () C:\Program Files\Java
2015-01-10 00:51 - 2010-12-12 21:32 - 00000000 ____D () C:\Program Files\Adobe
2015-01-10 00:34 - 2010-12-12 21:29 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-10 00:34 - 2010-12-12 21:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2015-01-10 00:27 - 2010-12-10 14:58 - 00000000 ____D () C:\Documents and Settings\windows\Application Data\uTorrent
2015-01-10 00:25 - 2011-01-20 12:17 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-09 10:01 - 2014-09-30 16:35 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-07 10:08 - 2014-10-13 20:41 - 00404834 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-01-07 10:08 - 2014-10-13 20:41 - 00404834 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1606980848-57989841-1177238915-1003-0.dat
2015-01-07 09:47 - 2014-10-13 18:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-01-07 09:43 - 2010-12-09 00:19 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-31 13:15 - 2011-01-21 00:38 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2010-12-10 21:43 - 2015-01-18 00:45 - 0034304 _____ () C:\Documents and Settings\windows\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
entschuldige die sehr späte Antwort, u.a. siehst du die FRST 32 Logdateien.
Vielen vielen Dank! |
FRST 32-Bit | FRST 64-Bit
So funktioniert es:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
dann auf 
und dann auf 
.