Golfplayer85 | 28.10.2015 21:47 | Hallo, soll ich das am XP stehende Word - Notes mit dem Inhalt löschen ?
das andere mache ich gleich
Ich habe bis jetzt noch nichts auf dem Rechner gemacht und auch das Internet abgeschaltet was auf dem PC einen eigenen hebel hat zu aus/ einschalten ; steht auf aus.
Wie soll ich das neue Frst log machen, womit das starten?
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
Ran by Mang (administrator) on OTTO (28-10-2015 21:20:34)
Running from E:\
Loaded Profiles: Mang & Administrator (Available Profiles: Mang & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\DVDRAMSV.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TDispVol.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\Toshiba.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Generic) C:\WINDOWS\system32\ufdsvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Intel Corporation) C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TFncKy] => TFncKy.exe
HKLM\...\Run: [TDispVol] => C:\WINDOWS\system32\TDispVol.exe [73728 2005-03-12] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945 2005-12-16] (Synaptics, Inc.)
HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [352256 2006-01-05] (TOSHIBA)
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [82009 2005-12-16] (Synaptics, Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-15] (Agere Systems)
HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [282624 2005-06-01] (TOSHIBA Corporation)
HKLM\...\Run: [Pinger] => c:\toshiba\ivp\ism\pinger.exe [151552 2005-03-18] (TOSHIBA Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2005-12-05] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2005-11-28] (Intel Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-04] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [333120 2008-10-09] (BillP Studios)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-03-02] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [401491 2004-02-03] (Microsoft Corporation)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [IncrediMail] => C:\Program Files\IncrediMail\bin\IncMail.exe [367016 2013-08-13] (IncrediMail, Ltd.)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\MountPoints2: {61ac6e6f-a7fa-11de-8aca-0018de53a3d3} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\MountPoints2: {ae0efffa-6a92-11e5-8e66-0018de53a3d3} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\wpgldfsh.scr [4396544 2004-08-10] (Microsoft Corporation)
HKU\S-1-5-21-2802971340-371014867-2627472942-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2802971340-371014867-2627472942-500\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\S-1-5-21-2802971340-371014867-2627472942-500\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16680 2008-01-22] (Nero AG)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2015-07-19] (Google Inc.)
HKU\S-1-5-18\...\Run: [Google+ Auto Backup] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-04] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012-06-28]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\Mang\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk [2013-12-06]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Mang\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk [2013-10-03]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.toshiba.com/search
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.toshiba.com/search
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.toshiba.com/search
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://orf.at
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://orf.at/
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://orf.at
HKU\S-1-5-21-2802971340-371014867-2627472942-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-2802971340-371014867-2627472942-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.outfox.tv?referid=180" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL =
SearchScopes: HKU\S-1-5-21-2802971340-371014867-2627472942-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-2802971340-371014867-2627472942-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-2802971340-371014867-2627472942-1005 -> {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-2802971340-371014867-2627472942-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15] (Safer Networking Limited)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-19] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-17] (Sun Microsystems, Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-17] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-17] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2802971340-371014867-2627472942-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll [2004-02-03] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mang\Application Data\Mozilla\Firefox\Profiles\dkoeyld7.default
FF Homepage: hxxp://orf.at
hxxp://orf.at
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-02-17] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-03-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-03-02] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll [2006-08-16] (Yahoo! Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2007-05-11] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-17] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-02] [not signed]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-18] (TOSHIBA CORPORATION) [File not signed]
R2 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsushita Electric Industrial Co., Ltd.) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753 2005-11-28] (Intel Corporation) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S2 gupdate1c9b07f485552ba; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-07] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-17] (Sun Microsystems, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 MMIndexer; C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe [137216 1997-07-29] (Microsoft Corporation) [File not signed]
S4 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164 2005-11-28] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-11-28] (Intel Corporation ) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [40960 2005-07-13] () [File not signed]
R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [35328 2005-12-20] (TOSHIBA Corp.) [File not signed]
R2 UFDSVC; C:\WINDOWS\system32\ufdsvc.exe [69632 2006-02-15] (Generic) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-04] (Microsoft Corporation)
S4 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2006-12-23] (Meetinghouse Data Communications) [File not signed]
R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1122656 2005-11-15] (Agere Systems) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-26] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-13] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S2 Ca50xav; C:\WINDOWS\System32\Drivers\Ca50xav.sys [515803 2002-10-21] (Digital Camera)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171008 2005-01-28] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R1 meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsushita Electric Industrial Co.,Ltd.) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 MR97310_USB_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310c.sys [129875 2002-12-13] (Mars Semiconductor Corp.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2005-11-28] (Intel Corporation) [File not signed]
S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [52384 2004-03-26] (MCCI)
S3 slabser; C:\WINDOWS\System32\DRIVERS\slabser.sys [84512 2004-03-26] (MCCI)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-04-11] (Avira GmbH)
R3 SynTP; C:\WINDOWS\System32\DRIVERS\SynTP.sys [191936 2005-12-16] (Synaptics, Inc.) [File not signed]
R3 tbiosdrv; C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys [9472 2005-08-25] ()
R3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [162560 2005-11-30] (Texas Instruments) [File not signed]
S3 tosrfec; C:\WINDOWS\System32\DRIVERS\tosrfec.sys [9344 2005-09-09] (TOSHIBA Corporation) [File not signed]
R3 TVALD; C:\WINDOWS\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation) [File not signed]
R3 Tvs; C:\WINDOWS\System32\DRIVERS\Tvs.sys [43392 2005-11-30] (TOSHIBA Corporation) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [565248 2009-02-27] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [522880 2009-02-27] (eMPIA Technology, Inc.)
S3 USBCamera; C:\WINDOWS\System32\Drivers\Bulk50x.sys [10986 2002-07-25] (USB BULK)
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 ASFWHide; no ImagePath
S4 IntelIde; no ImagePath
S3 IO_Memory; no ImagePath
S1 PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 StarOpen; no ImagePath
S3 SVRPEDRV; no ImagePath
U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-02] (TOSHIBA Corporation) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-26 22:34 - 2015-10-27 23:24 - 00000000 ____D C:\EEK
2015-10-26 22:34 - 2015-10-26 22:34 - 00000655 _____ C:\Documents and Settings\Mang\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-26 09:24 - 2015-10-26 09:24 - 00000000 ____D C:\Program Files\ESET
2015-10-25 11:52 - 2015-10-25 11:52 - 00002826 _____ C:\Documents and Settings\Mang\Desktop\JRT.txt
2015-10-25 10:40 - 2015-10-25 10:46 - 00000000 ____D C:\AdwCleaner
2015-10-24 18:14 - 2015-10-24 18:14 - 00044716 _____ C:\Documents and Settings\Mang\Desktop\Desktop.txt
2015-10-24 16:55 - 2015-10-24 18:00 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-24 16:54 - 2015-10-24 16:54 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-24 16:54 - 2015-10-24 16:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-24 16:54 - 2015-10-24 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-24 16:54 - 2015-10-24 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-10-24 16:54 - 2015-10-05 08:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-24 16:54 - 2015-10-05 08:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-24 16:35 - 2015-10-24 16:35 - 00000935 _____ C:\Documents and Settings\Mang\Desktop\Revo Uninstaller.lnk
2015-10-24 16:34 - 2015-10-24 16:34 - 00000000 ____D C:\Program Files\VS Revo Group
2015-10-22 10:16 - 2015-10-22 10:21 - 00000019 _____ C:\WINDOWS\install.log
2015-10-22 10:16 - 2015-10-22 10:18 - 00000019 _____ C:\WINDOWS\PatchInstall1Debug.log
2015-10-21 22:12 - 2015-10-21 22:12 - 00000368 _____ C:\WINDOWS\nsw.log
2015-10-21 16:25 - 2015-10-21 16:25 - 00153084 _____ C:\wubildr
2015-10-21 16:25 - 2015-10-21 16:25 - 00008192 _____ C:\wubildr.mbr
2015-10-21 16:22 - 2015-10-21 16:22 - 00000000 ____D C:\ubuntu
2015-10-20 13:06 - 2015-10-28 21:20 - 00000000 ____D C:\FRST
2015-10-18 16:41 - 2015-10-18 16:41 - 00001919 _____ C:\WINDOWS\epplauncher.mif
2015-10-04 15:14 - 2015-10-04 15:14 - 00000000 ____D C:\Documents and Settings\Mang\Local Settings\Application Data\AvgSetupLog
2015-10-04 15:14 - 2015-10-04 15:14 - 00000000 ____D C:\Documents and Settings\Mang\Local Settings\Application Data\Avg
2015-10-04 13:45 - 2015-10-04 13:46 - 00000000 ____D C:\KVRT_Data
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-28 21:20 - 2006-12-23 02:12 - 00000000 ____D C:\Documents and Settings\Mang\Local Settings\Temp
2015-10-28 20:50 - 2014-01-21 15:35 - 00000488 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-10-28 20:48 - 2012-08-21 17:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-28 20:46 - 2006-02-15 16:37 - 01455184 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-28 20:43 - 2009-08-29 22:47 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-28 20:42 - 2007-01-20 18:13 - 00000014 ____H C:\cmsstorage.lst
2015-10-28 20:42 - 2007-01-20 18:13 - 00000000 ____H C:\WINDOWS\cmsstorage.lst
2015-10-28 20:36 - 2014-02-27 22:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-10-28 20:34 - 2014-02-08 00:44 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-10-28 20:34 - 2014-02-01 15:06 - 00263580 _____ C:\WINDOWS\setupapi.log
2015-10-28 20:34 - 2006-02-15 15:04 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-28 20:32 - 2014-03-02 17:55 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2802971340-371014867-2627472942-1005.job
2015-10-28 20:32 - 2014-02-01 15:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-10-28 20:32 - 2014-02-01 15:00 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-28 20:32 - 2010-03-08 01:09 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2802971340-371014867-2627472942-1005.job
2015-10-28 20:31 - 2011-01-07 19:08 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-28 20:31 - 2006-02-15 16:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-27 23:38 - 2006-12-23 02:12 - 00000278 ___SH C:\Documents and Settings\Mang\ntuser.ini
2015-10-27 23:38 - 2006-02-15 16:42 - 00032594 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-25 11:22 - 2010-03-08 01:09 - 00000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2802971340-371014867-2627472942-1005.job
2015-10-25 11:02 - 2006-02-15 08:30 - 00617682 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-24 17:46 - 2008-08-03 01:57 - 00000000 ____D C:\Program Files\myBabylon
2015-10-24 17:46 - 2006-02-16 15:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB894553$
2015-10-24 17:43 - 2008-12-27 16:07 - 00000000 ____D C:\Program Files\WeFi
2015-10-23 19:49 - 2006-02-16 17:59 - 00137200 ____C C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-10-23 19:46 - 2006-02-15 08:29 - 00436552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-22 15:00 - 2008-03-16 16:21 - 00000384 ____H C:\WINDOWS\Tasks\{700D1BF3-5389-4C8C-95C2-B0384496ADCF}_OTTO_Mang.job
2015-10-22 14:17 - 2009-07-23 21:25 - 00000000 ____D C:\Documents and Settings\Mang\Application Data\Skype
2015-10-22 12:34 - 2015-07-19 12:29 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-10-22 10:24 - 2006-02-15 17:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-22 10:23 - 2007-01-01 18:13 - 00000000 ____D C:\Program Files\Pinnacle
2015-10-22 10:18 - 2007-02-06 17:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2015-10-22 10:09 - 2014-01-28 22:26 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-10-22 10:07 - 2014-03-21 02:53 - 00000000 ____D C:\Edda Bilder u. MANTEL, 2014-03-20
2015-10-21 16:25 - 2006-02-15 15:05 - 00000236 __RSH C:\boot.ini
2015-10-18 17:40 - 2006-12-23 02:12 - 00000000 ____D C:\Documents and Settings\Mang
==================== Files in the root of some directories =======
2008-03-14 18:44 - 2008-03-14 18:44 - 0002528 ____C () C:\Documents and Settings\Mang\Application Data\$_hpcst$.hpc
2014-04-25 03:34 - 2014-04-25 03:34 - 0000288 _____ () C:\Documents and Settings\Mang\Application Data\.backup.dm
2006-12-28 15:44 - 2006-12-28 15:47 - 0000158 ____C () C:\Documents and Settings\Mang\Application Data\wklnhst.dat
2006-12-23 20:05 - 2014-07-02 20:27 - 0055808 ____C () C:\Documents and Settings\Mang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-12-23 02:12 - 2006-12-30 04:23 - 0000127 ____C () C:\Documents and Settings\Mang\Local Settings\Application Data\fusioncache.dat
Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\uninst.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\ymdc.exe
C:\Documents and Settings\Default User\Local Settings\Temp\uninst.dll
C:\Documents and Settings\Default User\Local Settings\Temp\ymdc.exe
C:\Documents and Settings\Mang\Local Settings\Temp\3kjgerj_.dll
C:\Documents and Settings\Mang\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Mang\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Mang\Local Settings\Temp\MotoCast_Installer_1.2.7.exe
C:\Documents and Settings\Mang\Local Settings\Temp\pyl5.tmp.exe
C:\Documents and Settings\Mang\Local Settings\Temp\pyl8.tmp.exe
C:\Documents and Settings\Mang\Local Settings\Temp\pylC.tmp.exe
C:\Documents and Settings\Mang\Local Settings\Temp\rnsetup0.exe
C:\Documents and Settings\Mang\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Mang\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Mang\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Mang\Local Settings\Temp\vlc-2.1.3-win32.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================ --- --- ---
--- --- --- |