|
Log-Analyse und Auswertung: Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistryWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.08.2014, 11:13 | #1 |
| Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistry Hallo zusammen, Habe mir bei der Suche nach Treibern "SpeedUpMyComputer / FixMyRegistry" runtergeladen und installiert. Nun habe ich versucht die Programme zu löschen aber es geht leider nicht. Wenn ich SpeedUpMyComputer deinstalliere, installiert es sich automatisch das FixMyRegistry Und wenn ich FixMyRegistry deinstalliere installiert es automatisch das SpeedUpMyComputer. ---------- Ich bin gleich zu diesem Board geganen -- also keine eigenen Versuche unternommen. Denn mein Norton-Virenscanner ist seit einiger Zeit ausgeschaltet (Subscription nicht verlängert). Die Vorbereitungschritte habe ich für die Hilfe-Anfrage durchgeführt, wie in der Checkliste beschrieben -- die logfile-Texte sind unten angehängt. Bemerkung: ich werde mein Bertriebssystem von Win XP auf Win 8.1 upgraden. Muss aber die vorhandenen Dateien migrieren, die jetzt mit dieser Malware befallen sind. Somit kann ich die Harddisk nicht einfach formtieren. Bitte um Hilfe. Herzlichen Danke im vorraus FRST Zitat Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014 01 Ran by Administrator (administrator) on DEBRECEN on 10-08-2014 08:00:57 Running from C:\Documents and Settings\Administrator\Desktop Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe () C:\Program Files\LPT\srpts.exe (Speedchecker) C:\Program Files\Internet Speed Checker\554c9551-b337-43c8-ab01-4f36dcfd520a.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\4.4.0.12\ccsvchst.exe (PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (EIZO NANAO CORPORATION) C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe () C:\WINDOWS\SMINST\Scheduler.exe () C:\Program Files\LPT\srptsl.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files\LPT\srptm.exe (EIZO NANAO CORPORATION) C:\Program Files\EIZO\UniColor Pro\ucpro.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (TomTom) C:\Program Files\TomTom HOME 2\HOMERunner.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (EIZO NANAO CORPORATION) C:\Program Files\EIZO\EIZO EasyPIX\EasyPIX.exe (EIZO NANAO CORPORATION) C:\Program Files\EIZO\ScreenSlicer\ESCSlicer.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\4.4.0.12\ccsvchst.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\WINDOWS\system32\MDM.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Speedchecker) C:\Program Files\Internet Speed Checker\Internet Speed Checker-bg.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [UnoColor Pro] => C:\Program Files\EIZO\UniColor Pro\ucpro.exe [2712872 2009-04-10] (EIZO NANAO CORPORATION) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\HOMERunner.exe [202088 2008-05-06] (TomTom) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [RegistryBooster] => "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734312 2014-07-30] (Google) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [UpdateMyDrivers] => C:\Program Files\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [SpeedUpMyComputer] => C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [FixMyRegistry] => C:\Program Files\SmartTweak\FixMyRegistry\FixMyRegistry.exe [1886840 2014-05-26] () HKU\S-1-5-21-965756728-169831054-4282204201-500\...\MountPoints2: {2f3e41f9-a9a0-11df-87ef-002481ed8efc} - L:\InstallTomTomHOME.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EIZO EasyPIX.lnk ShortcutTarget: EIZO EasyPIX.lnk -> C:\Program Files\EIZO\EIZO EasyPIX\EasyPIX.exe (EIZO NANAO CORPORATION) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\WINDOWS\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\ESCSlicer.exe1_87A06423E78E426E924121140A36B659.exe (Macrovision Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\4.4.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\4.4.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\4.4.0.12\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M6BEDEE3C-740E-4CD8-A4E2-2C05120885E4&SearchSource=55&CUI=&UM=6&UP=SP0FA9283F-FC7D-41B0-A746-103D378C5529&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgwpcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ch&c=91&bd=all&pf=cmws HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgwpcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M6BEDEE3C-740E-4CD8-A4E2-2C05120885E4&SearchSource=58&CUI=&UM=6&UP=SP0FA9283F-FC7D-41B0-A746-103D378C5529&q={searchTerms}&SSPV= SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgwpcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M6BEDEE3C-740E-4CD8-A4E2-2C05120885E4&SearchSource=58&CUI=&UM=6&UP=SP0FA9283F-FC7D-41B0-A746-103D378C5529&q={searchTerms}&SSPV= BHO: Internet Speed Checker -> {11111111-1111-1111-1111-110611171152} -> C:\Program Files\Internet Speed Checker\Internet Speed Checker-bho.dll (Speedchecker) BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation) BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\4.4.0.12\IPSBHO.DLL (Symantec Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256340086406 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-10-23] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-24] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn FF Extension: Norton IPS - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn [2011-01-25] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn_2010_9_0_6 FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn_2010_9_0_6 [2014-08-10] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [114688 2008-09-24] (Broadcom Corporation) [File not signed] S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-10] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-10] (globalUpdate) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-10-23] (Sun Microsystems, Inc.) R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [32776 2014-07-21] () R2 N360; C:\Program Files\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-04] (Symantec Corporation) S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks) [File not signed] R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [623640 2009-02-06] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-09] (Adaptec, Inc.) [File not signed] R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [100368 2011-08-08] (Advanced Micro Devices) R2 BASFND; C:\Program Files\Broadcom\MgmtAgent\BASFND.sys [10480 2008-12-04] (Broadcom Corporation) [File not signed] R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120823.005\BHDrvx86.sys [995488 2012-08-23] (Symantec Corporation) S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [89600 2008-10-29] (Broadcom Corporation) [File not signed] R1 ccHP; C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-04] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-27] (Symantec Corporation) S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2008-04-14] (Intel(R) Corporation) S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2008-04-14] (Intel(R) Corporation) S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2008-04-14] (Intel(R) Corporation) S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2008-04-14] (Intel(R) Corporation) S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2008-04-14] (Intel(R) Corporation) S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2008-04-14] (Intel(R) Corporation) S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2008-04-14] (Intel(R) Corporation) S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2008-04-14] (Intel(R) Corporation) S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2008-04-14] (Intel(R) Corporation) S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2008-04-14] (Intel(R) Corporation) S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2008-04-14] (Intel(R) Corporation) S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2008-04-14] (Intel(R) Corporation) S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2008-04-14] (Intel(R) Corporation) S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2008-04-14] (Intel(R) Corporation) S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2008-04-14] (Intel(R) Corporation) S3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120825.001\IDSxpx86.sys [373216 2012-08-24] (Symantec Corporation) S3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120828.002\NAVENG.SYS [92704 2012-08-27] (Symantec Corporation) S3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120828.002\NAVEX15.SYS [1601184 2012-08-27] (Symantec Corporation) S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation) S3 SRTSP; C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-22] (Symantec Corporation) R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-22] (Symantec Corporation) R0 SymDS; C:\WINDOWS\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2010-02-04] (Symantec Corporation) R0 SymEFA; C:\WINDOWS\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-22] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2011-01-25] (Symantec Corporation) R1 SymIRON; C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-29] (Symantec Corporation) S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) [File not signed] R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS [362360 2011-08-22] (Symantec Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 08:00 - 2014-08-10 08:01 - 00019549 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt 2014-08-10 08:00 - 2014-08-10 08:00 - 00000000 ____D () C:\FRST 2014-08-10 07:59 - 2014-08-10 07:59 - 01084928 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe 2014-08-10 07:56 - 2014-08-10 07:57 - 00000488 _____ () C:\Documents and Settings\Administrator\Desktop\defogger_disable.log 2014-08-10 07:56 - 2014-08-10 07:56 - 00000000 _____ () C:\Documents and Settings\Administrator\defogger_reenable 2014-08-10 07:50 - 2014-08-10 07:50 - 00050477 _____ () C:\Documents and Settings\Administrator\Desktop\Defogger.exe 2014-08-10 06:17 - 2014-08-10 06:17 - 00000865 _____ () C:\Documents and Settings\Administrator\Desktop\FixMyRegistry.lnk 2014-08-10 06:13 - 2014-08-10 06:17 - 00000000 ____D () C:\Program Files\SmartTweak 2014-08-10 05:44 - 2014-08-10 05:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RegClean 2014-08-10 05:08 - 2014-08-10 06:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Speed Checker 2014-08-10 05:08 - 2014-08-10 05:44 - 00003824 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-11.job 2014-08-10 05:08 - 2014-08-10 05:44 - 00002120 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-4.job 2014-08-10 05:08 - 2014-08-10 05:44 - 00001634 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-1.job 2014-08-10 05:08 - 2014-08-10 05:44 - 00001488 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-5.job 2014-08-10 05:08 - 2014-08-10 05:44 - 00001380 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-2.job 2014-08-10 05:08 - 2014-08-10 05:44 - 00001322 _____ () C:\WINDOWS\Tasks\554c9551-b337-43c8-ab01-4f36dcfd520a.job 2014-08-10 05:08 - 2014-08-10 05:44 - 00000944 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-08-10 05:08 - 2014-08-10 05:13 - 00000948 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files\Internet Speed Checker 2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files\globalUpdate 2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\globalUpdate 2014-08-10 05:02 - 2014-08-10 05:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache 2014-08-10 05:02 - 2014-08-10 05:02 - 00000000 ____D () C:\Program Files\SoftwareUpdater 2014-08-10 05:02 - 2014-08-10 05:02 - 00000000 ____D () C:\Program Files\LPT 2014-08-10 05:01 - 2014-08-10 05:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan 2014-08-10 05:01 - 2014-08-10 05:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\QuickScan 2014-08-10 04:58 - 2014-08-10 04:58 - 00637192 _____ (Free Driver Scout) C:\Documents and Settings\Administrator\Desktop\free-driver-scout.exe 2014-08-10 02:22 - 2014-08-10 02:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ATI 2014-08-10 02:16 - 2014-08-10 02:16 - 00000000 ____D () C:\Program Files\AMD APP 2014-08-10 02:16 - 2014-08-10 02:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Pro Control Center 2014-08-10 02:15 - 2014-08-10 02:15 - 00017654 _____ () C:\WINDOWS\system32\CCCInstall_201408100215415156.log 2014-08-10 02:15 - 2014-08-10 02:15 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-08-10 02:14 - 2014-08-10 02:14 - 00000000 ____D () C:\Program Files\ATI 2014-08-10 02:14 - 2012-05-24 05:50 - 00956160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\ativvamv.dll 2014-08-10 02:14 - 2012-05-24 04:44 - 00205720 _____ () C:\WINDOWS\system32\atiapfxx.blb 2014-08-10 02:14 - 2012-05-24 04:42 - 00159744 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2014-08-10 02:14 - 2011-08-08 22:58 - 00100368 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdXP3.sys 2014-08-10 01:19 - 2014-08-10 06:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\SmartTweak Software 2014-08-10 01:18 - 2014-08-10 01:18 - 03363688 _____ () C:\Documents and Settings\Administrator\Desktop\UpdateMyDrivers.exe 2014-08-09 21:19 - 2014-08-09 21:26 - 00000000 ____D () C:\Program Files\PCPitstop 2014-08-09 21:19 - 2014-08-09 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCPitstop 2014-08-09 11:51 - 2014-08-09 11:51 - 00000000 ____D () C:\Documents and Settings\pg\My Documents\ACER 2014-08-08 15:54 - 2014-08-08 15:54 - 00000761 _____ () C:\Documents and Settings\Administrator\Start Menu\SnagIt32.lnk 2014-08-08 14:09 - 2014-08-10 05:45 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Google Drive 2014-08-08 14:09 - 2014-08-08 14:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Google Drive 2014-08-08 14:07 - 2014-08-08 14:07 - 00001767 _____ () C:\Documents and Settings\All Users\Desktop\Google Slides.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00001765 _____ () C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00001755 _____ () C:\Documents and Settings\All Users\Desktop\Google Docs.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive 2014-08-02 13:59 - 2014-08-02 14:00 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\MAC EXAMPLES 2014-08-02 11:56 - 2014-08-02 12:51 - 05326417 _____ (Phil Harvey) C:\WINDOWS\exiftool.exe 2014-08-02 08:32 - 2014-08-02 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\SnagIt Catalog 2014-08-02 08:11 - 2014-08-02 08:11 - 00000000 ____D () C:\Program Files\ExifTool 2014-08-02 07:53 - 2014-08-02 08:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Luffi 2014-08-02 07:52 - 2014-08-02 07:56 - 00000000 ____D () C:\Program Files\Luffi 2014-08-02 06:24 - 2014-08-02 06:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\FileViewPro 2014-08-02 06:23 - 2014-08-02 06:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IsolatedStorage 2014-08-02 06:23 - 2014-08-02 06:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IsolatedStorage 2014-08-02 06:13 - 2014-08-02 06:13 - 00000000 ____D () C:\Spacekace 2014-08-01 21:45 - 2014-08-01 21:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Help 2014-08-01 21:45 - 2014-08-01 21:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Help 2014-08-01 17:42 - 2014-08-01 17:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Windows Search 2014-08-01 16:46 - 2014-08-01 16:46 - 00526936 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-08-01 16:14 - 2014-08-01 16:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Hewlett-Packard 2014-08-01 15:53 - 2014-08-01 16:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP 2014-08-01 10:30 - 2014-08-10 05:44 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-08-01 10:30 - 2014-08-08 15:31 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 08:01 - 2014-08-10 08:00 - 00019549 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt 2014-08-10 08:01 - 2010-08-26 18:32 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{F9E0D393-B7AA-4CF4-9C2A-849F2A0791C9}.job 2014-08-10 08:01 - 2009-10-24 06:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp 2014-08-10 08:00 - 2014-08-10 08:00 - 00000000 ____D () C:\FRST 2014-08-10 07:59 - 2014-08-10 07:59 - 01084928 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe 2014-08-10 07:57 - 2014-08-10 07:56 - 00000488 _____ () C:\Documents and Settings\Administrator\Desktop\defogger_disable.log 2014-08-10 07:56 - 2014-08-10 07:56 - 00000000 _____ () C:\Documents and Settings\Administrator\defogger_reenable 2014-08-10 07:56 - 2009-10-24 06:55 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-08-10 07:53 - 2012-06-25 13:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-10 07:50 - 2014-08-10 07:50 - 00050477 _____ () C:\Documents and Settings\Administrator\Desktop\Defogger.exe 2014-08-10 07:49 - 2011-12-15 12:42 - 00001112 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-10 07:34 - 2009-04-06 16:00 - 01695766 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-10 06:20 - 2014-08-10 05:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Speed Checker 2014-08-10 06:17 - 2014-08-10 06:17 - 00000865 _____ () C:\Documents and Settings\Administrator\Desktop\FixMyRegistry.lnk 2014-08-10 06:17 - 2014-08-10 06:13 - 00000000 ____D () C:\Program Files\SmartTweak 2014-08-10 06:17 - 2014-08-10 01:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\SmartTweak Software 2014-08-10 05:48 - 2009-04-06 15:51 - 00555864 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-10 05:45 - 2014-08-08 14:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Google Drive 2014-08-10 05:44 - 2014-08-10 05:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RegClean 2014-08-10 05:44 - 2014-08-10 05:08 - 00003824 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-11.job 2014-08-10 05:44 - 2014-08-10 05:08 - 00002120 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-4.job 2014-08-10 05:44 - 2014-08-10 05:08 - 00001634 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-1.job 2014-08-10 05:44 - 2014-08-10 05:08 - 00001488 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-5.job 2014-08-10 05:44 - 2014-08-10 05:08 - 00001380 _____ () C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-2.job 2014-08-10 05:44 - 2014-08-10 05:08 - 00001322 _____ () C:\WINDOWS\Tasks\554c9551-b337-43c8-ab01-4f36dcfd520a.job 2014-08-10 05:44 - 2014-08-10 05:08 - 00000944 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-08-10 05:44 - 2014-08-01 10:30 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-08-10 05:44 - 2012-06-25 13:08 - 00118784 _____ (SoftThinks) C:\WINDOWS\system32\chg.exe 2014-08-10 05:44 - 2011-12-15 12:42 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-10 05:44 - 2009-10-30 12:12 - 00000000 ____D () C:\WINDOWS\SMINST 2014-08-10 05:44 - 2009-10-24 06:53 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-10 05:44 - 2009-10-24 06:53 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-08-10 05:44 - 2009-10-24 06:53 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-08-10 05:44 - 2009-04-06 16:00 - 00855797 _____ () C:\WINDOWS\setupapi.log 2014-08-10 05:43 - 2009-05-20 13:44 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-10 05:42 - 2009-10-24 06:52 - 00032462 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-10 05:42 - 2009-10-23 13:33 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2014-08-10 05:42 - 2009-05-20 13:40 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-08-10 05:31 - 2010-10-10 22:32 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\07_IT 2014-08-10 05:13 - 2014-08-10 05:08 - 00000948 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-08-10 05:09 - 2014-08-10 05:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache 2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files\Internet Speed Checker 2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Program Files\globalUpdate 2014-08-10 05:08 - 2014-08-10 05:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\globalUpdate 2014-08-10 05:02 - 2014-08-10 05:02 - 00000000 ____D () C:\Program Files\SoftwareUpdater 2014-08-10 05:02 - 2014-08-10 05:02 - 00000000 ____D () C:\Program Files\LPT 2014-08-10 05:01 - 2014-08-10 05:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan 2014-08-10 05:01 - 2014-08-10 05:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\QuickScan 2014-08-10 04:58 - 2014-08-10 04:58 - 00637192 _____ (Free Driver Scout) C:\Documents and Settings\Administrator\Desktop\free-driver-scout.exe 2014-08-10 04:50 - 2009-10-24 06:55 - 00000000 ____D () C:\WINDOWS\Help 2014-08-10 02:22 - 2014-08-10 02:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ATI 2014-08-10 02:16 - 2014-08-10 02:16 - 00000000 ____D () C:\Program Files\AMD APP 2014-08-10 02:16 - 2014-08-10 02:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Pro Control Center 2014-08-10 02:16 - 2009-10-23 23:02 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-08-10 02:15 - 2014-08-10 02:15 - 00017654 _____ () C:\WINDOWS\system32\CCCInstall_201408100215415156.log 2014-08-10 02:15 - 2014-08-10 02:15 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-08-10 02:15 - 2009-10-24 06:59 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2014-08-10 02:14 - 2014-08-10 02:14 - 00000000 ____D () C:\Program Files\ATI 2014-08-10 02:10 - 2009-10-23 13:29 - 00000000 ____D () C:\AMD 2014-08-10 01:18 - 2014-08-10 01:18 - 03363688 _____ () C:\Documents and Settings\Administrator\Desktop\UpdateMyDrivers.exe 2014-08-09 21:26 - 2014-08-09 21:19 - 00000000 ____D () C:\Program Files\PCPitstop 2014-08-09 21:19 - 2014-08-09 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCPitstop 2014-08-09 11:59 - 2010-03-21 13:35 - 00000178 ___SH () C:\Documents and Settings\user1.DEBRECEN\ntuser.ini 2014-08-09 11:59 - 2010-03-21 13:35 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\Local Settings\Temp 2014-08-09 11:51 - 2014-08-09 11:51 - 00000000 ____D () C:\Documents and Settings\pg\My Documents\ACER 2014-08-09 11:50 - 2010-10-09 01:28 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT 2014-08-09 01:34 - 2011-12-30 13:05 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\Local Settings\Application Data\Google 2014-08-09 01:32 - 2009-10-24 01:06 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt 2014-08-08 16:24 - 2009-10-30 13:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-08-08 15:54 - 2014-08-08 15:54 - 00000761 _____ () C:\Documents and Settings\Administrator\Start Menu\SnagIt32.lnk 2014-08-08 15:31 - 2014-08-01 10:30 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-08-08 14:09 - 2014-08-08 14:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Google Drive 2014-08-08 14:07 - 2014-08-08 14:07 - 00001767 _____ () C:\Documents and Settings\All Users\Desktop\Google Slides.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00001765 _____ () C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00001755 _____ () C:\Documents and Settings\All Users\Desktop\Google Docs.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive 2014-08-08 14:07 - 2009-10-30 13:24 - 00000000 ____D () C:\Program Files\Google 2014-08-06 00:48 - 2009-10-23 22:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PDFC 2014-08-03 20:09 - 2011-02-21 01:50 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\01_Analysis 2014-08-02 14:02 - 2011-04-10 00:41 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Job 2014-08-02 14:02 - 2010-03-21 23:06 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\Jobsearch 2014-08-02 14:00 - 2014-08-02 13:59 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\MAC EXAMPLES 2014-08-02 12:51 - 2014-08-02 11:56 - 05326417 _____ (Phil Harvey) C:\WINDOWS\exiftool.exe 2014-08-02 08:32 - 2014-08-02 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\SnagIt Catalog 2014-08-02 08:11 - 2014-08-02 08:11 - 00000000 ____D () C:\Program Files\ExifTool 2014-08-02 08:11 - 2014-08-02 07:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Luffi 2014-08-02 07:56 - 2014-08-02 07:52 - 00000000 ____D () C:\Program Files\Luffi 2014-08-02 06:24 - 2014-08-02 06:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\FileViewPro 2014-08-02 06:23 - 2014-08-02 06:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IsolatedStorage 2014-08-02 06:23 - 2014-08-02 06:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IsolatedStorage 2014-08-02 06:13 - 2014-08-02 06:13 - 00000000 ____D () C:\Spacekace 2014-08-01 21:45 - 2014-08-01 21:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Help 2014-08-01 21:45 - 2014-08-01 21:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Help 2014-08-01 17:50 - 2009-10-24 06:53 - 00004288 _____ () C:\WINDOWS\wmsetup.log 2014-08-01 17:50 - 2009-10-24 06:52 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk 2014-08-01 17:42 - 2014-08-01 17:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Windows Search 2014-08-01 16:46 - 2014-08-01 16:46 - 00526936 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-08-01 16:14 - 2014-08-01 16:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Hewlett-Packard 2014-08-01 16:12 - 2014-08-01 15:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP 2014-08-01 16:12 - 2009-10-23 22:03 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-08-01 15:53 - 2009-10-23 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP Cool Tools 2014-08-01 15:17 - 2011-12-15 12:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Google 2014-08-01 12:19 - 2010-09-07 00:33 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\00_Admin 2014-08-01 10:31 - 2011-12-15 12:41 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2014-08-01 08:44 - 2010-09-19 14:24 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\02_Trading 2014-07-11 21:06 - 2014-03-31 01:20 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\IBM 2014-07-11 21:02 - 2013-09-06 11:56 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-11 21:00 - 2009-10-24 01:51 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-11 21:00 - 2009-10-24 01:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-07-11 20:53 - 2012-06-25 13:27 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-07-11 20:53 - 2012-06-25 13:27 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\6_Offer_11.exe C:\Documents and Settings\Administrator\Local Settings\Temp\AtiCimUn.exe C:\Documents and Settings\Administrator\Local Settings\Temp\DownloadManager.exe C:\Documents and Settings\Administrator\Local Settings\Temp\FixMyRegistry.exe C:\Documents and Settings\Administrator\Local Settings\Temp\nsb47.exe C:\Documents and Settings\Administrator\Local Settings\Temp\nsl2E.exe C:\Documents and Settings\Administrator\Local Settings\Temp\nsp2A.exe C:\Documents and Settings\Administrator\Local Settings\Temp\SearchProtectINT.exe C:\Documents and Settings\Administrator\Local Settings\Temp\sfa_inst.exe C:\Documents and Settings\Administrator\Local Settings\Temp\SpeedUpMyComputer.exe C:\Documents and Settings\user1.DEBRECEN\Local Settings\Temp\vqhk35cq.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition Zitat Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:9-08-2014 01 Ran by Administrator at 2014-08-10 08:01:22 Running from C:\Documents and Settings\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden AMD AVIVO Codecs (Version: 10.0.0.40103 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{6D02AB7E-3B50-C6FE-F1CF-66F763D64E30}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Avery Wizard 5.0 (HKLM\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery) BadCopy Pro (HKLM\...\BadCopy Pro) (Version: - ) Broadcom Management Programs (HKLM\...\{C3CB6145-2F42-4C1C-B938-E254C8B5F48B}) (Version: 11.75.09 - Broadcom Corporation) Canon CanoScan Toolbox 4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version: - ) Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden Catalyst Pro Control Center (Version: 2012.0523.2258.39384 - Ihr Firmenname) Hidden CCC Help Chinese Standard (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help English (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help French (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help German (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden ccc-utility (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden ColorNavigator (HKLM\...\{D5312328-0583-4E88-95EF-DE92A01797C2}) (Version: 5.2.3 - EIZO NANAO CORPORATION) CutePDF (Evaluation) (HKLM\...\CutePDF (Evaluation)) (Version: - ) CutePDF Writer 2.3 (HKLM\...\CutePDF Writer Installation) (Version: - ) dvdisaster-0.72.3 (HKLM\...\dvdisaster_is1) (Version: - dvdisaster project) EIZO EasyPIX Software (HKLM\...\{E9DF3B08-7541-42E3-AF57-BBF039D1DEE4}) (Version: 1.0.6 - EIZO NANAO CORPORATION) EIZO ScreenSlicer (HKLM\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.0.1.1 - EIZO NANAO CORPORATION) FireGL driver for 3D Studio MAX/VIZ (HKLM\...\{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}) (Version: 6.14.10.5015 - ) FixMyRegistry (HKLM\...\FixMyRegistry) (Version: 38.1 - SmartTweak Software) <==== ATTENTION Google Drive (HKLM\...\{BF55F7D7-7791-41DD-91D7-8EA595CE548C}) (Version: 1.17.7224.1867 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HP Backup and Recovery Manager (HKLM\...\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}) (Version: 2.5C - Hewlett-Packard Company) HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.4.0002 - HPQ) HP Performance Advisor (HKLM\...\{8E3138D3-686D-4F77-A807-CFF5CAEC98D7}) (Version: 1.7.6530 - Hewlett-Packard Company) HP Performance Tuning Framework (HKLM\...\{03BFDA4C-5233-4EB6-8BD7-8D0AE3044757}) (Version: 2.28.3117 - Hewlett-Packard) HydraVision (Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden Internet Speed Checker (HKLM\...\Internet Speed Checker) (Version: 1.34.7.29 - Speedchecker) IsoBuster 3.2 (HKLM\...\IsoBuster_is1) (Version: 3.2 - Smart Projects) Java(TM) 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.) LPT System Updater Service (HKLM\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION Luffi - Let's use freeware! Fun included ;) (v. 2.3.238) (HKLM\...\Luffi) (Version: 1.0.238.0 - Das Luffi Team) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft VM for Java (HKLM\...\MsJavaVM) (Version: - ) Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version: - ) Norton 360 (HKLM\...\N360) (Version: 4.4.0.12 - Symantec Corporation) PDF Complete (HKLM\...\PDF Complete) (Version: 3.5.85 - PDF Complete, Inc.) Skins (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden TomTom HOME (HKLM\...\TomTom HOME) (Version: 2.3.1.92 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) UniColor Pro (HKLM\...\{07D4FAFC-5D2C-49B0-9A9C-5726E5559381}) (Version: 1.3.0 - EIZO) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft) Update for Windows Internet Explorer 8 (KB973874) (HKLM\...\KB973874-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Driver Package - ColorVision Inc (Spyder) USB (08/07/2006 1.0.0.2) (HKLM\...\3F4E49464F141105CA373E77D00E57404393778F) (Version: 08/07/2006 1.0.0.2 - ColorVision Inc) Windows Driver Package - Datacolor (Spyder3) USB (09/10/2007 1.0.0.3) (HKLM\...\2F24D930929D08C29A697E2C2E0574EC1CCCAE1D) (Version: 09/10/2007 1.0.0.3 - Datacolor) Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06) (HKLM\...\A106663FD3361BDFACB045D83EBA03858EB1E411) (Version: 03/13/2008 2.04.06 - FTDI) Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06) (HKLM\...\F2F24872454C7CAEAABD8BB063F70FBEFF01989D) (Version: 03/13/2008 2.04.06 - FTDI) Windows Driver Package - X-Rite (colormunki) XRiteDevices (08/21/2006 2.40.0.1315) (HKLM\...\975DA77B1E3D07FC79378569A82F13404D027518) (Version: 08/21/2006 2.40.0.1315 - X-Rite) Windows Driver Package - X-Rite (i1) XRiteDevices (08/21/2006 2.40.0.1315) (HKLM\...\4BCA7532847C66A175AD419E8ED0CB00EA9F9A4A) (Version: 08/21/2006 2.40.0.1315 - X-Rite) Windows Driver Package - X-Rite (i1) XRiteDevices (08/21/2006 2.40.0.1315) (HKLM\...\4E0F9F38E610D91FA71E1E43F274568B68C54028) (Version: 08/21/2006 2.40.0.1315 - X-Rite) Windows Driver Package - X-Rite (i1display) XRiteDevices (08/21/2006 2.0.0.0) (HKLM\...\BE6334FA182AB4DD51AECFD703C81D6B65B2BBF3) (Version: 08/21/2006 2.0.0.0 - X-Rite) Windows Driver Package - X-Rite (X-Rite) USB (01/10/2007 3.1.0.0) (HKLM\...\79EC760EF05657EC2806CC712767C4C3FCE76693) (Version: 01/10/2007 3.1.0.0 - X-Rite) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-965756728-169831054-4282204201-500_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation) ==================== Restore Points ========================= 29-05-2014 21:20:42 System Checkpoint 29-05-2014 22:11:42 Software Distribution Service 3.0 11-06-2014 20:07:54 Software Distribution Service 3.0 11-07-2014 19:00:16 Software Distribution Service 3.0 01-08-2014 04:48:51 System Checkpoint 01-08-2014 13:53:01 Removed HP Performance Tuning Framework 01-08-2014 13:53:07 Installed HP Performance Tuning Framework 01-08-2014 14:12:14 Installed HP Performance Advisor 03-08-2014 18:56:49 System Checkpoint 05-08-2014 23:13:13 System Checkpoint 07-08-2014 17:34:59 System Checkpoint 08-08-2014 18:09:39 System Checkpoint 09-08-2014 21:12:29 System Checkpoint 10-08-2014 00:15:15 Removed ATI Catalyst Control Center 10-08-2014 03:02:34 Free Driver Scout 10-08-2014 03:05:38 Free Driver Scout 10-08-2014 03:39:40 Removed Shopop 10-08-2014 04:16:13 Removed Microsoft Silverlight ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-10-24 06:53 - 2008-04-14 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\554c9551-b337-43c8-ab01-4f36dcfd520a.job => C:\Program Files\Internet Speed Checker\554c9551-b337-43c8-ab01-4f36dcfd520a.exe Task: C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-1.job => C:\Program Files\Internet Speed Checker\Internet Speed Checker-codedownloader.exe Task: C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-11.job => C:\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-11.exe Task: C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-2.job => C:\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-2.exe Task: C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-4.job => C:\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-4.exe Task: C:\WINDOWS\Tasks\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-5.job => C:\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-5.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F9E0D393-B7AA-4CF4-9C2A-849F2A0791C9}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-09 21:23 - 2004-12-14 09:54 - 00081920 _____ () C:\WINDOWS\system32\cpwmon2k.dll 2014-07-21 18:49 - 2014-07-21 18:49 - 00032776 _____ () C:\Program Files\LPT\srpts.exe 2014-07-21 18:49 - 2014-07-21 18:59 - 00043016 _____ () C:\Program Files\LPT\srptc.dll 2014-07-21 18:48 - 2014-07-21 18:57 - 00018952 _____ () C:\Program Files\LPT\Smartbar.Common.dll 2014-05-08 13:21 - 2014-05-08 13:21 - 00301056 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU 2009-06-02 14:59 - 2009-06-02 14:59 - 00142336 _____ () C:\Program Files\EIZO\ColorNavigator\CNHid.dll 2009-04-23 10:41 - 2009-04-23 10:41 - 00055808 _____ () C:\Program Files\EIZO\ColorNavigator\CNVideo.dll 2009-05-29 16:24 - 2009-05-29 16:24 - 00046080 _____ () C:\Program Files\EIZO\ColorNavigator\HidUsage.dll 2009-04-02 16:23 - 2009-04-02 16:23 - 00006656 _____ () C:\Program Files\EIZO\ColorNavigator\DisplayAreaSetting.dll 2009-05-29 16:24 - 2009-05-29 16:24 - 00055296 _____ () C:\Program Files\EIZO\ColorNavigator\CMYKValidation.dll 2009-05-07 11:32 - 2009-05-07 11:32 - 00082944 _____ () C:\Program Files\EIZO\ColorNavigator\ColorProfile.dll 2009-04-02 16:23 - 2009-04-02 16:23 - 00165376 _____ () C:\Program Files\EIZO\ColorNavigator\libcolour.dll 2009-10-30 12:12 - 2006-07-10 11:53 - 00872448 _____ () C:\WINDOWS\SMINST\Scheduler.exe 2014-07-21 18:49 - 2014-07-21 18:59 - 00034824 _____ () C:\Program Files\LPT\srptsl.exe 2014-07-21 18:49 - 2014-07-21 18:59 - 00069128 _____ () C:\Program Files\LPT\srut.dll 2014-07-21 18:49 - 2014-07-21 18:59 - 00023048 _____ () C:\Program Files\LPT\srptm.exe 2014-07-21 18:49 - 2014-07-21 18:59 - 00081928 _____ () C:\Program Files\LPT\srpt.dll 2014-07-21 18:48 - 2014-07-21 18:59 - 00067080 _____ () C:\Program Files\LPT\sppsm.dll 2014-07-21 18:48 - 2014-07-21 18:59 - 00158216 _____ () C:\Program Files\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-07-21 18:48 - 2014-07-21 18:59 - 00027144 _____ () C:\Program Files\LPT\Smartbar.Personalization.Common.dll 2014-07-21 18:48 - 2014-07-21 18:59 - 00165896 _____ () C:\Program Files\LPT\Smartbar.Infrastructure.Utilities.dll 2014-07-21 18:49 - 2014-07-21 18:59 - 00046088 _____ () C:\Program Files\LPT\srbu.dll 2014-07-21 18:49 - 2014-07-21 18:59 - 00025096 _____ () C:\Program Files\LPT\srpdm.dll 2014-07-21 18:47 - 2014-07-21 18:57 - 00026632 _____ () C:\Program Files\LPT\ProxySettings.dll 2014-07-21 18:48 - 2014-07-21 18:59 - 00044040 _____ () C:\Program Files\LPT\Smartbar.Monetization.Proxy.ProxyService.dll 2014-07-21 18:47 - 2014-07-21 18:57 - 00052744 _____ () C:\Program Files\LPT\Proxy.Lib.dll 2014-07-21 18:49 - 2014-07-21 18:59 - 00027656 _____ () C:\Program Files\LPT\sreu.dll 2008-04-14 14:42 - 2013-01-02 08:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2008-04-14 14:41 - 2008-04-14 14:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2008-04-14 14:42 - 2008-04-14 14:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2010-03-16 12:22 - 2010-03-16 12:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll 2012-05-23 22:57 - 2012-05-23 22:57 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2008-07-16 10:14 - 2008-07-16 10:14 - 00163840 ____R () C:\Program Files\EIZO\EIZO EasyPIX\libcolour.dll 2008-09-05 10:08 - 2008-09-05 10:08 - 00282624 _____ () C:\Program Files\EIZO\EIZO EasyPIX\IccProfLib.dll 2014-08-10 05:44 - 2014-08-10 05:44 - 00098816 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32api.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00110080 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\pywintypes27.dll 2014-08-10 05:44 - 2014-08-10 05:44 - 00364544 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\pythoncom27.dll 2014-08-10 05:44 - 2014-08-10 05:44 - 00045568 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\_socket.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 01160704 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\_ssl.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00320512 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32com.shell.shell.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00713216 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\_hashlib.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 01175040 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\wx._core_.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00805888 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\wx._gdi_.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00811008 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\wx._windows_.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 01062400 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\wx._controls_.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00735232 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\wx._misc_.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00128512 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\_elementtree.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00127488 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\pyexpat.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00557056 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\pysqlite2._sqlite.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00007168 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\hashobjs_ext.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00087552 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\_ctypes.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00119808 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32file.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00108544 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32security.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00018432 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32event.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00038912 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32inet.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00070656 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\wx._html2.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00167936 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32gui.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00011264 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32crypt.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00027136 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\_multiprocessing.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00686080 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\unicodedata.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00122368 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\wx._wizard.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00010240 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\select.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00024064 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32pipe.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00025600 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32pdh.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00525640 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\windows._lib_cacheinvalidation.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00035840 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32process.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00017408 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32profile.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00022528 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\win32ts.pyd 2014-08-10 05:44 - 2014-08-10 05:44 - 00078336 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI34762\wx._animate.pyd 2014-08-10 05:08 - 2014-08-10 05:08 - 00392560 _____ () c:\program files\internet speed checker\Internet Speed Checker-buttonutil.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\WINDOWS\exiftool.exe:SummaryInformation AlternateDataStreams: C:\WINDOWS\exiftool.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/10/2014 05:08:08 AM) (Source: MsiInstaller) (EventID: 11309) (User: DEBRECEN) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL) Error: (08/10/2014 05:02:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application PCSUQuickScan.exe, version 0.0.0.0, faulting module PCSUQuickScan.exe, version 0.0.0.0, fault address 0x00006ee0. Processing media-specific event for [PCSUQuickScan.exe!ws!] Error: (08/10/2014 05:01:37 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (08/10/2014 05:01:37 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (08/10/2014 00:32:55 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/10/2014 00:32:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/10/2014 00:32:40 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/10/2014 00:32:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/09/2014 10:32:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0017a34f. Processing media-specific event for [iexplore.exe!ws!] Error: (08/09/2014 10:31:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0017a34f. Processing media-specific event for [iexplore.exe!ws!] System errors: ============= Error: (08/10/2014 05:44:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/10/2014 05:10:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/10/2014 02:22:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/10/2014 00:36:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/09/2014 08:24:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/09/2014 08:57:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/09/2014 01:34:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/08/2014 01:54:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/07/2014 06:38:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/06/2014 05:14:15 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\iaStor0 Microsoft Office Sessions: ========================= Error: (02/11/2012 02:53:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1028 seconds with 1020 seconds of active time. This session ended with a crash. Error: (01/22/2011 10:16:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30333 seconds with 1080 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 3567.21 MB Available physical RAM: 2620.71 MB Total Pagefile: 5448.47 MB Available Pagefile: 4232.89 MB Total Virtual: 2047.88 MB Available Virtual: 1935.08 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:453.3 GB) (Free:395.17 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive j: (HP_RECOVERY) (Fixed) (Total:12.46 GB) (Free:2.63 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 3B2B3B2B) Partition 1: (Active) - (Size=453 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Zitat Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-10 10:02:42 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 465.76GB Running: Gmer-19357.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwlyapob.sys ---- System - GMER 2.1 ---- SSDT 89829050 ZwAlertResumeThread SSDT 8985E050 ZwAlertThread SSDT 89748390 ZwAllocateVirtualMemory SSDT 89857050 ZwAssignProcessToJobObject SSDT 899B4128 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xAD070210] SSDT 89755008 ZwCreateMutant SSDT 898F9F38 ZwCreateSymbolicLinkObject SSDT 897E8C38 ZwCreateThread SSDT 89794050 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xAD070490] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xAD0709F0] SSDT 897695B8 ZwDuplicateObject SSDT 8974C1B0 ZwFreeVirtualMemory SSDT 89844050 ZwImpersonateAnonymousToken SSDT 897FF050 ZwImpersonateThread SSDT 8999A518 ZwLoadDriver SSDT 897EDF00 ZwMapViewOfSection SSDT 8977C050 ZwOpenEvent SSDT 89747100 ZwOpenProcess SSDT 8975E110 ZwOpenProcessToken SSDT 89852050 ZwOpenSection SSDT 89755310 ZwOpenThread SSDT 8979AD60 ZwProtectVirtualMemory SSDT 8988A050 ZwResumeThread SSDT 89854050 ZwSetContextThread SSDT 897B9F38 ZwSetInformationProcess SSDT 89865050 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xAD070C40] SSDT 89874050 ZwSuspendProcess SSDT 898E7790 ZwSuspendThread SSDT 8A7DA4F8 ZwTerminateProcess SSDT 89789050 ZwTerminateThread SSDT 89769DB0 ZwUnmapViewOfSection SSDT 8A824E88 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- ? SYMDS.SYS The system cannot find the file specified. ! ? SYMEFA.SYS The system cannot find the file specified. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB946D000, 0x2BCEC4, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[2172] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 004170D0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 00417140 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00416FC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 00416F10 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00417090 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00416F50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00417000 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 00416F80 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 00417040 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2380] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 00416ED0 C:\WINDOWS\SMINST\Scheduler.exe ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
10.08.2014, 11:53 | #2 |
/// TB-Ausbilder | Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistryMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
10.08.2014, 19:39 | #3 |
| Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistry Hallo Mathias, ich habe die 3 Schritte ausgführt, hier die Log Dateien:
__________________Bemerkung: - AdwCleaner: 3 Log-Dateien, mit Nummerierung R0, R1 und S0 - MBAM: ich musste 2 mal neu anfangen, deshalb 3 MBAM Log-Dateien AdwCleaner Nr. R0 Zitat Code:
ATTFilter # AdwCleaner v3.304 - Report created 10/08/2014 at 18:03:44 # Updated 08/08/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Administrator - DEBRECEN # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.304.exe # Option : Scan ***** [ Services ] ***** Service Found : globalUpdate Service Found : globalUpdatem Service Found : LPTSystemUpdater ***** [ Files / Folders ] ***** File Found : C:\Documents and Settings\Administrator\Desktop\FixMyRegistry.lnk Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\focusbase Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\globalUpdate Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Speed Checker Folder Found : C:\Documents and Settings\Administrator\Start Menu\Programs\SmartTweak Software Folder Found : C:\Documents and Settings\All Users\Application Data\RegClean Folder Found : C:\Documents and Settings\user1.DEBRECEN\Application Data\Uniblue Folder Found : C:\Program Files\globalUpdate Folder Found : C:\Program Files\Internet Speed Checker Folder Found : C:\Program Files\LPT Folder Found : C:\Program Files\SmartTweak Folder Found : C:\Program Files\SoftwareUpdater ***** [ Scheduled Tasks ] ***** Task Found : globalUpdateUpdateTaskMachineCore Task Found : globalUpdateUpdateTaskMachineUA Task Found : 554c9551-b337-43c8-ab01-4f36dcfd520a Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-1 Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-11 Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-2 Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-4 Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-5 ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Crossrider Key Found : HKCU\Software\GlobalUpdate Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Internet Speed Checker Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171152} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\SmartBar Key Found : HKCU\Software\smarttweak Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171152} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} Key Found : HKLM\Software\GlobalUpdate Key Found : HKLM\Software\InstalledBrowserExtensions Key Found : HKLM\Software\Internet Speed Checker Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FixMyRegistry Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Speed Checker Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCSU-SL_is1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611171152} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FixMyRegistry Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Speed Checker Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Key Found : HKLM\Software\Uniblue Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FixMyRegistry] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RegistryBooster] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedUpMyComputer] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M6BEDEE3C-740E-4CD8-A4E2-2C05120885E4&SearchSource=55&CUI=& UM=6&UP=SP0FA9283F-FC7D-41B0-A746-103D378C5529&SSPV= Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgw pcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgw pcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgw pcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgw pcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgw pcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} ************************* AdwCleaner[R0].txt - [12076 octets] - [10/08/2014 18:03:44] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12137 octets] ########## AdwCleaner Nr. R1 Zitat Code:
ATTFilter # AdwCleaner v3.304 - Report created 10/08/2014 at 18:05:04 # Updated 08/08/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Administrator - DEBRECEN # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.304.exe # Option : Scan ***** [ Services ] ***** Service Found : globalUpdate Service Found : globalUpdatem Service Found : LPTSystemUpdater ***** [ Files / Folders ] ***** File Found : C:\Documents and Settings\Administrator\Desktop\FixMyRegistry.lnk Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\focusbase Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\globalUpdate Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Speed Checker Folder Found : C:\Documents and Settings\Administrator\Start Menu\Programs\SmartTweak Software Folder Found : C:\Documents and Settings\All Users\Application Data\RegClean Folder Found : C:\Documents and Settings\user1.DEBRECEN\Application Data\Uniblue Folder Found : C:\Program Files\globalUpdate Folder Found : C:\Program Files\Internet Speed Checker Folder Found : C:\Program Files\LPT Folder Found : C:\Program Files\SmartTweak Folder Found : C:\Program Files\SoftwareUpdater ***** [ Scheduled Tasks ] ***** Task Found : globalUpdateUpdateTaskMachineCore Task Found : globalUpdateUpdateTaskMachineUA Task Found : 554c9551-b337-43c8-ab01-4f36dcfd520a Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-1 Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-11 Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-2 Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-4 Task Found : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-5 ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Crossrider Key Found : HKCU\Software\GlobalUpdate Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Internet Speed Checker Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171152} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\SmartBar Key Found : HKCU\Software\smarttweak Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171152} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} Key Found : HKLM\Software\GlobalUpdate Key Found : HKLM\Software\InstalledBrowserExtensions Key Found : HKLM\Software\Internet Speed Checker Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FixMyRegistry Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Speed Checker Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCSU-SL_is1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611171152} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FixMyRegistry Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Speed Checker Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Key Found : HKLM\Software\Uniblue Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FixMyRegistry] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RegistryBooster] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedUpMyComputer] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M6BEDEE3C-740E-4CD8-A4E2-2C05120885E4&SearchSource=55&CUI=&UM=6&UP=SP0FA9283F-FC7D-41B0-A746-103D378C5529&SSPV= Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgwpcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgwpcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgwpcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgwpcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fOykecGIjWN3egdV9YJOH6mcFiJX_KCumrNyq66ECJeEcgwpcgf5cK9RVodNcgOkQw-YYdJuWfieWVdkLXCOn3zwuLBdFNCnWo0nUD_OIBEq1uhMldvMnQ59RCA-vbK_rB9wjecLfYtPhg,,&q={searchTerms} ************************* AdwCleaner[R0].txt - [12218 octets] - [10/08/2014 18:03:44] AdwCleaner[R1].txt - [12137 octets] - [10/08/2014 18:05:04] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [12198 octets] ########## AdwCleaner Nr. S0 Zitat Code:
ATTFilter # AdwCleaner v3.304 - Report created 10/08/2014 at 18:05:27 # Updated 08/08/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Administrator - DEBRECEN # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.304.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : globalUpdate [#] Service Deleted : globalUpdatem Service Deleted : LPTSystemUpdater ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\RegClean Folder Deleted : C:\Program Files\globalUpdate Folder Deleted : C:\Program Files\LPT Folder Deleted : C:\Program Files\SmartTweak Folder Deleted : C:\Program Files\SoftwareUpdater Folder Deleted : C:\Program Files\Internet Speed Checker Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\globalUpdate Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Speed Checker Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\focusbase Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\SmartTweak Software Folder Deleted : C:\Documents and Settings\user1.DEBRECEN\Application Data\Uniblue File Deleted : C:\Documents and Settings\Administrator\Desktop\FixMyRegistry.lnk ***** [ Scheduled Tasks ] ***** Task Deleted : globalUpdateUpdateTaskMachineCore Task Deleted : globalUpdateUpdateTaskMachineUA Task Deleted : 554c9551-b337-43c8-ab01-4f36dcfd520a Task Deleted : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-1 Task Deleted : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-11 Task Deleted : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-2 Task Deleted : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-4 Task Deleted : 6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-5 ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FixMyRegistry] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RegistryBooster] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedUpMyComputer] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171152} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171152} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611171152} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : HKCU\Software\Crossrider Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\smarttweak Key Deleted : HKCU\Software\Internet Speed Checker Key Deleted : HKLM\Software\GlobalUpdate Key Deleted : HKLM\Software\InstalledBrowserExtensions Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\Software\Internet Speed Checker Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FixMyRegistry Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Speed Checker Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FixMyRegistry Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCSU-SL_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Speed Checker Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] ************************* AdwCleaner[R0].txt - [12218 octets] - [10/08/2014 18:03:44] AdwCleaner[R1].txt - [12279 octets] - [10/08/2014 18:05:04] AdwCleaner[S0].txt - [11070 octets] - [10/08/2014 18:05:27] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11131 octets] ########## MBAM Nr1 Zitat Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 10.08.2014 18:35:59, SYSTEM, DEBRECEN, Protection, Malware Protection, Starting, Protection, 10.08.2014 18:35:59, SYSTEM, DEBRECEN, Protection, Malware Protection, Started, Protection, 10.08.2014 18:35:59, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Starting, Protection, 10.08.2014 18:36:01, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Started, Update, 10.08.2014 18:36:02, SYSTEM, DEBRECEN, Manual, Rootkit Database, 2014.2.20.1, 2014.8.4.1, Update, 10.08.2014 18:36:15, SYSTEM, DEBRECEN, Manual, Malware Database, 2014.3.4.9, 2014.8.10.4, Protection, 10.08.2014 18:36:16, SYSTEM, DEBRECEN, Protection, Refresh, Starting, Protection, 10.08.2014 18:36:16, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Stopping, Protection, 10.08.2014 18:36:16, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Stopped, Protection, 10.08.2014 18:36:23, SYSTEM, DEBRECEN, Protection, Refresh, Success, Protection, 10.08.2014 18:36:24, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Starting, Protection, 10.08.2014 18:36:26, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Started, Protection, 10.08.2014 18:58:39, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Stopping, Protection, 10.08.2014 18:58:39, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Stopped, Protection, 10.08.2014 18:58:39, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Starting, Protection, 10.08.2014 18:58:43, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Started, Protection, 10.08.2014 19:01:07, SYSTEM, DEBRECEN, Protection, Malware Protection, Starting, Protection, 10.08.2014 19:01:07, SYSTEM, DEBRECEN, Protection, Malware Protection, Started, Protection, 10.08.2014 19:01:07, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Starting, Protection, 10.08.2014 19:01:13, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Started, Protection, 10.08.2014 19:05:02, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Stopping, Protection, 10.08.2014 19:05:03, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Stopped, Protection, 10.08.2014 19:05:03, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Starting, Protection, 10.08.2014 19:05:07, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Started, Protection, 10.08.2014 19:23:10, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Stopping, Protection, 10.08.2014 19:23:10, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Stopped, Protection, 10.08.2014 19:23:10, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Starting, Protection, 10.08.2014 19:23:15, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Started, Protection, 10.08.2014 19:25:25, SYSTEM, DEBRECEN, Protection, Malware Protection, Starting, Protection, 10.08.2014 19:25:26, SYSTEM, DEBRECEN, Protection, Malware Protection, Started, Protection, 10.08.2014 19:25:26, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Starting, Protection, 10.08.2014 19:25:54, SYSTEM, DEBRECEN, Protection, Malicious Website Protection, Started, (end) MBAM Nr. 2 Zitat Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.08.2014 Suchlauf-Zeit: 19:06:13 Logdatei: anti-maleware nr.2_19-06-13.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.10.04 Rootkit Datenbank: v2014.08.04.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows XP Service Pack 3 CPU: x86 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 434075 Verstrichene Zeit: 14 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 1 PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], Dateien: 17 PUP.Optional.SmartBar, C:\WINDOWS\Installer\MSI4C.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [9dfbd1f1b0cb4ee8cb72b17dd92748b8], PUP.Optional.SmartBar, C:\WINDOWS\Installer\MSI5A.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [4b4d5c66f388c76f98a5111d21dfe917], PUP.Optional.SmartBar, C:\WINDOWS\Installer\MSI75.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [8d0b15adec8f8caaeb52d35b43bda060], PUP.Optional.Conduit.A, C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5AV4AY66\spstub[1].exe, In Quarantäne, [dcbc39892f4cff371738bdd4e71a29d7], PUP.Optional.SearchProtect.A, C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NWIUQ7OU\SPSetup[1].exe, In Quarantäne, [e7b1774bd9a22a0ca06b77201de4e41c], PUP.Optional.SearchProtect.A, C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QCOSKRK9\SearchProtectGeneric2[1].exe, In Quarantäne, [b6e2d4ee1962d06623cebd7e629ed12f], PUP.Optional.FocusBase.A, C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X4FYPJDL\focusbaseSetup[1].exe, In Quarantäne, [267209b9f5864ee8e770cee829db03fd], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\GoogleCrashHandler.exe, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\GoogleUpdate.exe, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\GoogleUpdateBroker.exe, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\GoogleUpdateHelper.msi, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\GoogleUpdateOnDemand.exe, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\goopdate.dll, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\goopdateres_en.dll, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\npGoogleUpdate4.dll, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\psmachine.dll, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Administrator\Local Settings\Temp\comh.154443\psuser.dll, In Quarantäne, [0f89378b82f988ae4c28814ccb3715eb], Physische Sektoren: 0 (No malicious items detected) (end) MBAM Nr. 3 Zitat Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.08.2014 Suchlauf-Zeit: 18:39:22 Logdatei: anti-maleware nr.3_19-39-22.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.10.04 Rootkit Datenbank: v2014.08.04.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows XP Service Pack 3 CPU: x86 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgebrochen Durchsuchte Objekte: 35931 Verstrichene Zeit: 15 Min, 30 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 7 PUP.Optional.OutBrowse, C:\Documents and Settings\Administrator\Desktop\free-driver-scout.exe, In Quarantäne, [b23a6460c4b7d66013091d0109f743bd], PUP.Optional.OutBrowse, C:\Documents and Settings\Administrator\Local Settings\Temp\DownloadManager.exe, In Quarantäne, [c12ba51f770482b4b5676cb2748ccc34], PUP.Optional.Conduit.A, C:\Documents and Settings\Administrator\Local Settings\Temp\nsb47.exe, In Quarantäne, [0ae2497b1665e254d90b216b6998b24e], PUP.Optional.SearchProtect.A, C:\Documents and Settings\Administrator\Local Settings\Temp\nsk24.tmp, In Quarantäne, [09e3dce8364514225fac5047ba47649c], PUP.Optional.Conduit.A, C:\Documents and Settings\Administrator\Local Settings\Temp\nsl2E.exe, In Quarantäne, [8f5df9cb710a51e508dc632923deea16], PUP.Optional.Conduit.A, C:\Documents and Settings\Administrator\Local Settings\Temp\nsp2A.exe, In Quarantäne, [628af1d34f2cea4cb52f74189e6317e9], PUP.Optional.Conduit.A, C:\Documents and Settings\Administrator\Local Settings\Temp\SearchProtectINT.exe, In Quarantäne, [df0d368efd7ea3937bb135f27b86e818], Physische Sektoren: 0 (No malicious items detected) (end) FRST Zitat FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01 Ran by Administrator (administrator) on DEBRECEN on 10-08-2014 20:02:58 Running from C:\Documents and Settings\Administrator\Desktop Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\4.4.0.12\ccsvchst.exe (PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\4.4.0.12\ccsvchst.exe (EIZO NANAO CORPORATION) C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe () C:\WINDOWS\SMINST\Scheduler.exe (EIZO NANAO CORPORATION) C:\Program Files\EIZO\UniColor Pro\ucpro.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (TomTom) C:\Program Files\TomTom HOME 2\HOMERunner.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (EIZO NANAO CORPORATION) C:\Program Files\EIZO\EIZO EasyPIX\EasyPIX.exe (EIZO NANAO CORPORATION) C:\Program Files\EIZO\ScreenSlicer\ESCSlicer.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [UnoColor Pro] => C:\Program Files\EIZO\UniColor Pro\ucpro.exe [2712872 2009-04-10] (EIZO NANAO CORPORATION) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\HOMERunner.exe [202088 2008-05-06] (TomTom) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734312 2014-07-30] (Google) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [UpdateMyDrivers] => C:\Program Files\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-15] (Google Inc.) HKU\S-1-5-21-965756728-169831054-4282204201-500\...\MountPoints2: {2f3e41f9-a9a0-11df-87ef-002481ed8efc} - L:\InstallTomTomHOME.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EIZO EasyPIX.lnk ShortcutTarget: EIZO EasyPIX.lnk -> C:\Program Files\EIZO\EIZO EasyPIX\EasyPIX.exe (EIZO NANAO CORPORATION) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\WINDOWS\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\ESCSlicer.exe1_87A06423E78E426E924121140A36B659.exe (Macrovision Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\4.4.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\4.4.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\4.4.0.12\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ch&c=91&bd=all&pf=cmws BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation) BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\4.4.0.12\IPSBHO.DLL (Symantec Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256340086406 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-10-23] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-24] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn FF Extension: Norton IPS - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn [2011-01-25] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn_2010_9_0_6 FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn_2010_9_0_6 [2014-08-10] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [114688 2008-09-24] (Broadcom Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-10-23] (Sun Microsystems, Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 N360; C:\Program Files\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-04] (Symantec Corporation) S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks) [File not signed] R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [623640 2009-02-06] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-09] (Adaptec, Inc.) [File not signed] R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [100368 2011-08-08] (Advanced Micro Devices) R2 BASFND; C:\Program Files\Broadcom\MgmtAgent\BASFND.sys [10480 2008-12-04] (Broadcom Corporation) [File not signed] R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120823.005\BHDrvx86.sys [995488 2012-08-23] (Symantec Corporation) S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [89600 2008-10-29] (Broadcom Corporation) [File not signed] R1 ccHP; C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-04] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-27] (Symantec Corporation) S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2008-04-14] (Intel(R) Corporation) S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2008-04-14] (Intel(R) Corporation) S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2008-04-14] (Intel(R) Corporation) S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2008-04-14] (Intel(R) Corporation) S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2008-04-14] (Intel(R) Corporation) S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2008-04-14] (Intel(R) Corporation) S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2008-04-14] (Intel(R) Corporation) S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2008-04-14] (Intel(R) Corporation) S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2008-04-14] (Intel(R) Corporation) S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2008-04-14] (Intel(R) Corporation) S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2008-04-14] (Intel(R) Corporation) S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2008-04-14] (Intel(R) Corporation) S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2008-04-14] (Intel(R) Corporation) S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2008-04-14] (Intel(R) Corporation) S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2008-04-14] (Intel(R) Corporation) S3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120825.001\IDSxpx86.sys [373216 2012-08-24] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-10] (Malwarebytes Corporation) S3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120828.002\NAVENG.SYS [92704 2012-08-27] (Symantec Corporation) S3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120828.002\NAVEX15.SYS [1601184 2012-08-27] (Symantec Corporation) S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation) S3 SRTSP; C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-22] (Symantec Corporation) R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-22] (Symantec Corporation) R0 SymDS; C:\WINDOWS\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2010-02-04] (Symantec Corporation) R0 SymEFA; C:\WINDOWS\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-22] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2011-01-25] (Symantec Corporation) R1 SymIRON; C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-29] (Symantec Corporation) S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) [File not signed] R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS [362360 2011-08-22] (Symantec Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 20:02 - 2014-08-10 20:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion 2014-08-10 19:44 - 2014-08-10 19:44 - 00001211 _____ () C:\Documents and Settings\Administrator\Desktop\anti-maleware nr.2_19-04-38.txt 2014-08-10 19:42 - 2014-08-10 19:42 - 00002218 _____ () C:\Documents and Settings\Administrator\Desktop\anti-maleware nr.4_19-39-22.txt 2014-08-10 19:40 - 2014-08-10 19:40 - 00004415 _____ () C:\Documents and Settings\Administrator\Desktop\anti-maleware nr.3_19-06-13.txt 2014-08-10 19:38 - 2014-08-10 19:38 - 00003293 _____ () C:\Documents and Settings\Administrator\Desktop\anti-maleware nr.1_19-35-59.txt 2014-08-10 18:55 - 2014-08-10 18:55 - 00002118 _____ () C:\Documents and Settings\Administrator\Desktop\malwar protololl 1.txt 2014-08-10 18:35 - 2014-08-10 19:26 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-10 18:35 - 2014-08-10 18:35 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-10 18:35 - 2014-08-10 18:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-10 18:35 - 2014-08-10 18:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-10 18:35 - 2014-08-10 18:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-08-10 18:35 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-10 18:35 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-08-10 18:31 - 2014-08-10 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-10 18:12 - 2014-08-10 18:12 - 00012218 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[R0].txt 2014-08-10 18:10 - 2014-08-10 18:10 - 00012279 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[R1].txt 2014-08-10 18:09 - 2014-08-10 18:09 - 00011212 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S0].txt 2014-08-10 18:08 - 2014-08-10 19:25 - 00118784 _____ (SoftThinks) C:\WINDOWS\system32\chg.exe 2014-08-10 18:03 - 2014-08-10 18:11 - 00000000 ____D () C:\AdwCleaner 2014-08-10 18:00 - 2014-08-10 18:00 - 01366203 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.304.exe 2014-08-10 10:02 - 2014-08-10 10:02 - 00006773 _____ () C:\Documents and Settings\Administrator\Desktop\Gmer.txt 2014-08-10 08:16 - 2014-08-10 10:24 - 00000239 _____ () C:\Documents and Settings\Administrator\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.url 2014-08-10 08:06 - 2014-08-10 08:06 - 00380416 _____ () C:\Documents and Settings\Administrator\Desktop\Gmer-19357.exe 2014-08-10 08:01 - 2014-08-10 08:01 - 00036618 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt 2014-08-10 08:00 - 2014-08-10 20:03 - 00016755 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt 2014-08-10 08:00 - 2014-08-10 20:03 - 00000000 ____D () C:\FRST 2014-08-10 07:59 - 2014-08-10 20:02 - 01091072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe 2014-08-10 07:56 - 2014-08-10 07:57 - 00000488 _____ () C:\Documents and Settings\Administrator\Desktop\defogger_disable.log 2014-08-10 07:56 - 2014-08-10 07:56 - 00000000 _____ () C:\Documents and Settings\Administrator\defogger_reenable 2014-08-10 07:50 - 2014-08-10 07:50 - 00050477 _____ () C:\Documents and Settings\Administrator\Desktop\Defogger.exe 2014-08-10 05:02 - 2014-08-10 05:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache 2014-08-10 05:01 - 2014-08-10 05:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan 2014-08-10 05:01 - 2014-08-10 05:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\QuickScan 2014-08-10 02:22 - 2014-08-10 02:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ATI 2014-08-10 02:16 - 2014-08-10 02:16 - 00000000 ____D () C:\Program Files\AMD APP 2014-08-10 02:16 - 2014-08-10 02:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Pro Control Center 2014-08-10 02:15 - 2014-08-10 02:15 - 00017654 _____ () C:\WINDOWS\system32\CCCInstall_201408100215415156.log 2014-08-10 02:15 - 2014-08-10 02:15 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-08-10 02:14 - 2014-08-10 02:14 - 00000000 ____D () C:\Program Files\ATI 2014-08-10 02:14 - 2012-05-24 05:50 - 00956160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\ativvamv.dll 2014-08-10 02:14 - 2012-05-24 04:44 - 00205720 _____ () C:\WINDOWS\system32\atiapfxx.blb 2014-08-10 02:14 - 2012-05-24 04:42 - 00159744 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2014-08-10 02:14 - 2011-08-08 22:58 - 00100368 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdXP3.sys 2014-08-10 01:18 - 2014-08-10 01:18 - 03363688 _____ () C:\Documents and Settings\Administrator\Desktop\UpdateMyDrivers.exe 2014-08-09 21:19 - 2014-08-09 21:26 - 00000000 ____D () C:\Program Files\PCPitstop 2014-08-09 21:19 - 2014-08-09 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCPitstop 2014-08-09 11:51 - 2014-08-09 11:51 - 00000000 ____D () C:\Documents and Settings\pg\My Documents\ACER 2014-08-08 15:54 - 2014-08-08 15:54 - 00000761 _____ () C:\Documents and Settings\Administrator\Start Menu\SnagIt32.lnk 2014-08-08 14:09 - 2014-08-10 19:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Google Drive 2014-08-08 14:09 - 2014-08-08 14:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Google Drive 2014-08-08 14:07 - 2014-08-08 14:07 - 00001767 _____ () C:\Documents and Settings\All Users\Desktop\Google Slides.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00001765 _____ () C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00001755 _____ () C:\Documents and Settings\All Users\Desktop\Google Docs.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive 2014-08-02 13:59 - 2014-08-02 14:00 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\MAC EXAMPLES 2014-08-02 11:56 - 2014-08-02 12:51 - 05326417 _____ (Phil Harvey) C:\WINDOWS\exiftool.exe 2014-08-02 08:32 - 2014-08-02 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\SnagIt Catalog 2014-08-02 08:11 - 2014-08-02 08:11 - 00000000 ____D () C:\Program Files\ExifTool 2014-08-02 07:53 - 2014-08-02 08:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Luffi 2014-08-02 07:52 - 2014-08-02 07:56 - 00000000 ____D () C:\Program Files\Luffi 2014-08-02 06:24 - 2014-08-02 06:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\FileViewPro 2014-08-02 06:23 - 2014-08-02 06:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IsolatedStorage 2014-08-02 06:23 - 2014-08-02 06:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IsolatedStorage 2014-08-02 06:13 - 2014-08-02 06:13 - 00000000 ____D () C:\Spacekace 2014-08-01 21:45 - 2014-08-01 21:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Help 2014-08-01 21:45 - 2014-08-01 21:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Help 2014-08-01 17:42 - 2014-08-01 17:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Windows Search 2014-08-01 16:46 - 2014-08-01 16:46 - 00526936 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-08-01 16:14 - 2014-08-01 16:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Hewlett-Packard 2014-08-01 15:53 - 2014-08-01 16:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP 2014-08-01 10:30 - 2014-08-10 19:25 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-08-01 10:30 - 2014-08-08 15:31 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 20:03 - 2014-08-10 08:00 - 00016755 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt 2014-08-10 20:03 - 2014-08-10 08:00 - 00000000 ____D () C:\FRST 2014-08-10 20:03 - 2009-10-24 06:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp 2014-08-10 20:02 - 2014-08-10 20:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion 2014-08-10 20:02 - 2014-08-10 07:59 - 01091072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe 2014-08-10 20:01 - 2010-08-26 18:32 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{F9E0D393-B7AA-4CF4-9C2A-849F2A0791C9}.job 2014-08-10 19:53 - 2012-06-25 13:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-10 19:49 - 2011-12-15 12:42 - 00001112 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-10 19:44 - 2014-08-10 19:44 - 00001211 _____ () C:\Documents and Settings\Administrator\Desktop\anti-maleware nr.2_19-04-38.txt 2014-08-10 19:42 - 2014-08-10 19:42 - 00002218 _____ () C:\Documents and Settings\Administrator\Desktop\anti-maleware nr.4_19-39-22.txt 2014-08-10 19:40 - 2014-08-10 19:40 - 00004415 _____ () C:\Documents and Settings\Administrator\Desktop\anti-maleware nr.3_19-06-13.txt 2014-08-10 19:38 - 2014-08-10 19:38 - 00003293 _____ () C:\Documents and Settings\Administrator\Desktop\anti-maleware nr.1_19-35-59.txt 2014-08-10 19:29 - 2009-04-06 15:51 - 00555864 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-10 19:27 - 2014-08-08 14:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Google Drive 2014-08-10 19:27 - 2009-04-06 16:00 - 01732628 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-10 19:27 - 2009-04-06 16:00 - 00908591 _____ () C:\WINDOWS\setupapi.log 2014-08-10 19:26 - 2014-08-10 18:35 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-10 19:26 - 2009-10-30 12:12 - 00000000 ____D () C:\WINDOWS\SMINST 2014-08-10 19:25 - 2014-08-10 18:08 - 00118784 _____ (SoftThinks) C:\WINDOWS\system32\chg.exe 2014-08-10 19:25 - 2014-08-01 10:30 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-08-10 19:25 - 2011-12-15 12:42 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-10 19:25 - 2009-10-24 06:53 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-10 19:25 - 2009-10-24 06:53 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-08-10 19:25 - 2009-10-24 06:53 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-08-10 19:24 - 2009-10-24 06:55 - 00000000 ____D () C:\WINDOWS\L2Schemas 2014-08-10 19:24 - 2009-05-20 13:44 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-10 19:23 - 2009-10-24 06:52 - 00032468 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-10 19:23 - 2009-10-23 13:33 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt 2014-08-10 19:23 - 2009-05-20 13:40 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-08-10 19:00 - 2011-04-23 19:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508272$ 2014-08-10 18:55 - 2014-08-10 18:55 - 00002118 _____ () C:\Documents and Settings\Administrator\Desktop\malwar protololl 1.txt 2014-08-10 18:35 - 2014-08-10 18:35 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-10 18:35 - 2014-08-10 18:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-10 18:35 - 2014-08-10 18:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-10 18:35 - 2014-08-10 18:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-08-10 18:31 - 2014-08-10 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-10 18:30 - 2010-10-10 22:32 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\07_IT 2014-08-10 18:12 - 2014-08-10 18:12 - 00012218 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[R0].txt 2014-08-10 18:11 - 2014-08-10 18:03 - 00000000 ____D () C:\AdwCleaner 2014-08-10 18:10 - 2014-08-10 18:10 - 00012279 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[R1].txt 2014-08-10 18:09 - 2014-08-10 18:09 - 00011212 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S0].txt 2014-08-10 18:00 - 2014-08-10 18:00 - 01366203 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.304.exe 2014-08-10 10:24 - 2014-08-10 08:16 - 00000239 _____ () C:\Documents and Settings\Administrator\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.url 2014-08-10 10:02 - 2014-08-10 10:02 - 00006773 _____ () C:\Documents and Settings\Administrator\Desktop\Gmer.txt 2014-08-10 08:06 - 2014-08-10 08:06 - 00380416 _____ () C:\Documents and Settings\Administrator\Desktop\Gmer-19357.exe 2014-08-10 08:01 - 2014-08-10 08:01 - 00036618 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt 2014-08-10 07:57 - 2014-08-10 07:56 - 00000488 _____ () C:\Documents and Settings\Administrator\Desktop\defogger_disable.log 2014-08-10 07:56 - 2014-08-10 07:56 - 00000000 _____ () C:\Documents and Settings\Administrator\defogger_reenable 2014-08-10 07:56 - 2009-10-24 06:55 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-08-10 07:50 - 2014-08-10 07:50 - 00050477 _____ () C:\Documents and Settings\Administrator\Desktop\Defogger.exe 2014-08-10 05:09 - 2014-08-10 05:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache 2014-08-10 05:01 - 2014-08-10 05:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan 2014-08-10 05:01 - 2014-08-10 05:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\QuickScan 2014-08-10 04:50 - 2009-10-24 06:55 - 00000000 ____D () C:\WINDOWS\Help 2014-08-10 02:22 - 2014-08-10 02:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ATI 2014-08-10 02:16 - 2014-08-10 02:16 - 00000000 ____D () C:\Program Files\AMD APP 2014-08-10 02:16 - 2014-08-10 02:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Pro Control Center 2014-08-10 02:16 - 2009-10-23 23:02 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-08-10 02:15 - 2014-08-10 02:15 - 00017654 _____ () C:\WINDOWS\system32\CCCInstall_201408100215415156.log 2014-08-10 02:15 - 2014-08-10 02:15 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-08-10 02:15 - 2009-10-24 06:59 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2014-08-10 02:14 - 2014-08-10 02:14 - 00000000 ____D () C:\Program Files\ATI 2014-08-10 02:10 - 2009-10-23 13:29 - 00000000 ____D () C:\AMD 2014-08-10 01:18 - 2014-08-10 01:18 - 03363688 _____ () C:\Documents and Settings\Administrator\Desktop\UpdateMyDrivers.exe 2014-08-09 21:26 - 2014-08-09 21:19 - 00000000 ____D () C:\Program Files\PCPitstop 2014-08-09 21:19 - 2014-08-09 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCPitstop 2014-08-09 11:59 - 2010-03-21 13:35 - 00000178 ___SH () C:\Documents and Settings\user1.DEBRECEN\ntuser.ini 2014-08-09 11:59 - 2010-03-21 13:35 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\Local Settings\Temp 2014-08-09 11:51 - 2014-08-09 11:51 - 00000000 ____D () C:\Documents and Settings\pg\My Documents\ACER 2014-08-09 11:50 - 2010-10-09 01:28 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT 2014-08-09 01:34 - 2011-12-30 13:05 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\Local Settings\Application Data\Google 2014-08-09 01:32 - 2009-10-24 01:06 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt 2014-08-08 16:24 - 2009-10-30 13:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-08-08 15:54 - 2014-08-08 15:54 - 00000761 _____ () C:\Documents and Settings\Administrator\Start Menu\SnagIt32.lnk 2014-08-08 15:31 - 2014-08-01 10:30 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-08-08 14:09 - 2014-08-08 14:09 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Google Drive 2014-08-08 14:07 - 2014-08-08 14:07 - 00001767 _____ () C:\Documents and Settings\All Users\Desktop\Google Slides.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00001765 _____ () C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00001755 _____ () C:\Documents and Settings\All Users\Desktop\Google Docs.lnk 2014-08-08 14:07 - 2014-08-08 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive 2014-08-08 14:07 - 2009-10-30 13:24 - 00000000 ____D () C:\Program Files\Google 2014-08-06 00:48 - 2009-10-23 22:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PDFC 2014-08-03 20:09 - 2011-02-21 01:50 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\01_Analysis 2014-08-02 14:02 - 2011-04-10 00:41 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Job 2014-08-02 14:02 - 2010-03-21 23:06 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\Jobsearch 2014-08-02 14:00 - 2014-08-02 13:59 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\MAC EXAMPLES 2014-08-02 12:51 - 2014-08-02 11:56 - 05326417 _____ (Phil Harvey) C:\WINDOWS\exiftool.exe 2014-08-02 08:32 - 2014-08-02 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\SnagIt Catalog 2014-08-02 08:11 - 2014-08-02 08:11 - 00000000 ____D () C:\Program Files\ExifTool 2014-08-02 08:11 - 2014-08-02 07:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Luffi 2014-08-02 07:56 - 2014-08-02 07:52 - 00000000 ____D () C:\Program Files\Luffi 2014-08-02 06:24 - 2014-08-02 06:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\FileViewPro 2014-08-02 06:23 - 2014-08-02 06:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IsolatedStorage 2014-08-02 06:23 - 2014-08-02 06:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IsolatedStorage 2014-08-02 06:13 - 2014-08-02 06:13 - 00000000 ____D () C:\Spacekace 2014-08-01 21:45 - 2014-08-01 21:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Help 2014-08-01 21:45 - 2014-08-01 21:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Help 2014-08-01 17:50 - 2009-10-24 06:53 - 00004288 _____ () C:\WINDOWS\wmsetup.log 2014-08-01 17:50 - 2009-10-24 06:52 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk 2014-08-01 17:42 - 2014-08-01 17:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Windows Search 2014-08-01 16:46 - 2014-08-01 16:46 - 00526936 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-08-01 16:14 - 2014-08-01 16:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Hewlett-Packard 2014-08-01 16:12 - 2014-08-01 15:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP 2014-08-01 16:12 - 2009-10-23 22:03 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-08-01 15:53 - 2009-10-23 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP Cool Tools 2014-08-01 15:17 - 2011-12-15 12:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Google 2014-08-01 12:19 - 2010-09-07 00:33 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\00_Admin 2014-08-01 10:31 - 2011-12-15 12:41 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2014-08-01 08:44 - 2010-09-19 14:24 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\02_Trading 2014-07-11 21:06 - 2014-03-31 01:20 - 00000000 ____D () C:\Documents and Settings\user1.DEBRECEN\My Documents\IBM 2014-07-11 21:02 - 2013-09-06 11:56 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-11 21:00 - 2009-10-24 01:51 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-11 21:00 - 2009-10-24 01:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-07-11 20:53 - 2012-06-25 13:27 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-07-11 20:53 - 2012-06-25 13:27 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\6_Offer_11.exe C:\Documents and Settings\Administrator\Local Settings\Temp\AtiCimUn.exe C:\Documents and Settings\Administrator\Local Settings\Temp\FixMyRegistry.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\Administrator\Local Settings\Temp\sfa_inst.exe C:\Documents and Settings\Administrator\Local Settings\Temp\SpeedUpMyComputer.exe C:\Documents and Settings\user1.DEBRECEN\Local Settings\Temp\vqhk35cq.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition Zitat Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01 Ran by Administrator at 2014-08-10 20:03:37 Running from C:\Documents and Settings\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden AMD AVIVO Codecs (Version: 10.0.0.40103 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{6D02AB7E-3B50-C6FE-F1CF-66F763D64E30}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Avery Wizard 5.0 (HKLM\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery) BadCopy Pro (HKLM\...\BadCopy Pro) (Version: - ) Broadcom Management Programs (HKLM\...\{C3CB6145-2F42-4C1C-B938-E254C8B5F48B}) (Version: 11.75.09 - Broadcom Corporation) Canon CanoScan Toolbox 4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version: - ) Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden Catalyst Pro Control Center (Version: 2012.0523.2258.39384 - Ihr Firmenname) Hidden CCC Help Chinese Standard (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help English (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help French (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help German (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (Version: 2012.0523.2257.39384 - Advanced Micro Devices, Inc.) Hidden ccc-utility (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden ColorNavigator (HKLM\...\{D5312328-0583-4E88-95EF-DE92A01797C2}) (Version: 5.2.3 - EIZO NANAO CORPORATION) CutePDF (Evaluation) (HKLM\...\CutePDF (Evaluation)) (Version: - ) CutePDF Writer 2.3 (HKLM\...\CutePDF Writer Installation) (Version: - ) dvdisaster-0.72.3 (HKLM\...\dvdisaster_is1) (Version: - dvdisaster project) EIZO EasyPIX Software (HKLM\...\{E9DF3B08-7541-42E3-AF57-BBF039D1DEE4}) (Version: 1.0.6 - EIZO NANAO CORPORATION) EIZO ScreenSlicer (HKLM\...\{292A177D-723F-4537-9985-BC8BFCD8B63D}) (Version: 1.0.1.1 - EIZO NANAO CORPORATION) FireGL driver for 3D Studio MAX/VIZ (HKLM\...\{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}) (Version: 6.14.10.5015 - ) Google Drive (HKLM\...\{BF55F7D7-7791-41DD-91D7-8EA595CE548C}) (Version: 1.17.7224.1867 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HP Backup and Recovery Manager (HKLM\...\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}) (Version: 2.5C - Hewlett-Packard Company) HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.4.0002 - HPQ) HP Performance Advisor (HKLM\...\{8E3138D3-686D-4F77-A807-CFF5CAEC98D7}) (Version: 1.7.6530 - Hewlett-Packard Company) HP Performance Tuning Framework (HKLM\...\{03BFDA4C-5233-4EB6-8BD7-8D0AE3044757}) (Version: 2.28.3117 - Hewlett-Packard) HydraVision (Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden IsoBuster 3.2 (HKLM\...\IsoBuster_is1) (Version: 3.2 - Smart Projects) Java(TM) 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.) Luffi - Let's use freeware! Fun included ;) (v. 2.3.238) (HKLM\...\Luffi) (Version: 1.0.238.0 - Das Luffi Team) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft VM for Java (HKLM\...\MsJavaVM) (Version: - ) Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version: - ) Norton 360 (HKLM\...\N360) (Version: 4.4.0.12 - Symantec Corporation) PDF Complete (HKLM\...\PDF Complete) (Version: 3.5.85 - PDF Complete, Inc.) Skins (Version: 2012.0523.2258.39384 - Advanced Micro Devices, Inc.) Hidden TomTom HOME (HKLM\...\TomTom HOME) (Version: 2.3.1.92 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) UniColor Pro (HKLM\...\{07D4FAFC-5D2C-49B0-9A9C-5726E5559381}) (Version: 1.3.0 - EIZO) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft) Update for Windows Internet Explorer 8 (KB973874) (HKLM\...\KB973874-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Driver Package - ColorVision Inc (Spyder) USB (08/07/2006 1.0.0.2) (HKLM\...\3F4E49464F141105CA373E77D00E57404393778F) (Version: 08/07/2006 1.0.0.2 - ColorVision Inc) Windows Driver Package - Datacolor (Spyder3) USB (09/10/2007 1.0.0.3) (HKLM\...\2F24D930929D08C29A697E2C2E0574EC1CCCAE1D) (Version: 09/10/2007 1.0.0.3 - Datacolor) Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06) (HKLM\...\A106663FD3361BDFACB045D83EBA03858EB1E411) (Version: 03/13/2008 2.04.06 - FTDI) Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06) (HKLM\...\F2F24872454C7CAEAABD8BB063F70FBEFF01989D) (Version: 03/13/2008 2.04.06 - FTDI) Windows Driver Package - X-Rite (colormunki) XRiteDevices (08/21/2006 2.40.0.1315) (HKLM\...\975DA77B1E3D07FC79378569A82F13404D027518) (Version: 08/21/2006 2.40.0.1315 - X-Rite) Windows Driver Package - X-Rite (i1) XRiteDevices (08/21/2006 2.40.0.1315) (HKLM\...\4BCA7532847C66A175AD419E8ED0CB00EA9F9A4A) (Version: 08/21/2006 2.40.0.1315 - X-Rite) Windows Driver Package - X-Rite (i1) XRiteDevices (08/21/2006 2.40.0.1315) (HKLM\...\4E0F9F38E610D91FA71E1E43F274568B68C54028) (Version: 08/21/2006 2.40.0.1315 - X-Rite) Windows Driver Package - X-Rite (i1display) XRiteDevices (08/21/2006 2.0.0.0) (HKLM\...\BE6334FA182AB4DD51AECFD703C81D6B65B2BBF3) (Version: 08/21/2006 2.0.0.0 - X-Rite) Windows Driver Package - X-Rite (X-Rite) USB (01/10/2007 3.1.0.0) (HKLM\...\79EC760EF05657EC2806CC712767C4C3FCE76693) (Version: 01/10/2007 3.1.0.0 - X-Rite) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-965756728-169831054-4282204201-500_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation) ==================== Restore Points ========================= 29-05-2014 21:20:42 System Checkpoint 29-05-2014 22:11:42 Software Distribution Service 3.0 11-06-2014 20:07:54 Software Distribution Service 3.0 11-07-2014 19:00:16 Software Distribution Service 3.0 01-08-2014 04:48:51 System Checkpoint 01-08-2014 13:53:01 Removed HP Performance Tuning Framework 01-08-2014 13:53:07 Installed HP Performance Tuning Framework 01-08-2014 14:12:14 Installed HP Performance Advisor 03-08-2014 18:56:49 System Checkpoint 05-08-2014 23:13:13 System Checkpoint 07-08-2014 17:34:59 System Checkpoint 08-08-2014 18:09:39 System Checkpoint 09-08-2014 21:12:29 System Checkpoint 10-08-2014 00:15:15 Removed ATI Catalyst Control Center 10-08-2014 03:02:34 Free Driver Scout 10-08-2014 03:05:38 Free Driver Scout 10-08-2014 03:39:40 Removed Shopop 10-08-2014 04:16:13 Removed Microsoft Silverlight ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-10-24 06:53 - 2008-04-14 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F9E0D393-B7AA-4CF4-9C2A-849F2A0791C9}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-09 21:23 - 2004-12-14 09:54 - 00081920 _____ () C:\WINDOWS\system32\cpwmon2k.dll 2014-05-08 13:21 - 2014-05-08 13:21 - 00301056 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU 2009-06-02 14:59 - 2009-06-02 14:59 - 00142336 _____ () C:\Program Files\EIZO\ColorNavigator\CNHid.dll 2009-04-23 10:41 - 2009-04-23 10:41 - 00055808 _____ () C:\Program Files\EIZO\ColorNavigator\CNVideo.dll 2009-05-29 16:24 - 2009-05-29 16:24 - 00046080 _____ () C:\Program Files\EIZO\ColorNavigator\HidUsage.dll 2009-04-02 16:23 - 2009-04-02 16:23 - 00006656 _____ () C:\Program Files\EIZO\ColorNavigator\DisplayAreaSetting.dll 2009-05-29 16:24 - 2009-05-29 16:24 - 00055296 _____ () C:\Program Files\EIZO\ColorNavigator\CMYKValidation.dll 2009-05-07 11:32 - 2009-05-07 11:32 - 00082944 _____ () C:\Program Files\EIZO\ColorNavigator\ColorProfile.dll 2009-04-02 16:23 - 2009-04-02 16:23 - 00165376 _____ () C:\Program Files\EIZO\ColorNavigator\libcolour.dll 2009-10-30 12:12 - 2006-07-10 11:53 - 00872448 _____ () C:\WINDOWS\SMINST\Scheduler.exe 2008-04-14 14:42 - 2013-01-02 08:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2008-04-14 14:41 - 2008-04-14 14:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2008-04-14 14:42 - 2008-04-14 14:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2010-03-16 12:22 - 2010-03-16 12:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll 2012-05-23 22:57 - 2012-05-23 22:57 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-08-10 19:26 - 2014-08-10 19:26 - 00098816 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32api.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00110080 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\pywintypes27.dll 2014-08-10 19:26 - 2014-08-10 19:26 - 00364544 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\pythoncom27.dll 2014-08-10 19:26 - 2014-08-10 19:26 - 00045568 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\_socket.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 01160704 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\_ssl.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00320512 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32com.shell.shell.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00713216 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\_hashlib.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 01175040 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\wx._core_.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00805888 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\wx._gdi_.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00811008 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\wx._windows_.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 01062400 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\wx._controls_.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00735232 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\wx._misc_.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00128512 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\_elementtree.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00127488 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\pyexpat.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00557056 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\pysqlite2._sqlite.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00007168 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\hashobjs_ext.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00087552 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\_ctypes.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00119808 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32file.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00108544 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32security.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00018432 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32event.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00038912 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32inet.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00070656 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\wx._html2.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00167936 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32gui.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00011264 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32crypt.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00027136 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\_multiprocessing.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00686080 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\unicodedata.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00122368 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\wx._wizard.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00010240 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\select.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00024064 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32pipe.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00025600 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32pdh.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00525640 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\windows._lib_cacheinvalidation.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00035840 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32process.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00017408 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32profile.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00022528 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\win32ts.pyd 2014-08-10 19:26 - 2014-08-10 19:26 - 00078336 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\_MEI12522\wx._animate.pyd 2008-07-16 10:14 - 2008-07-16 10:14 - 00163840 ____R () C:\Program Files\EIZO\EIZO EasyPIX\libcolour.dll 2008-09-05 10:08 - 2008-09-05 10:08 - 00282624 _____ () C:\Program Files\EIZO\EIZO EasyPIX\IccProfLib.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\WINDOWS\exiftool.exe:SummaryInformation AlternateDataStreams: C:\WINDOWS\exiftool.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/10/2014 05:08:08 AM) (Source: MsiInstaller) (EventID: 11309) (User: DEBRECEN) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL) Error: (08/10/2014 05:02:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application PCSUQuickScan.exe, version 0.0.0.0, faulting module PCSUQuickScan.exe, version 0.0.0.0, fault address 0x00006ee0. Processing media-specific event for [PCSUQuickScan.exe!ws!] Error: (08/10/2014 05:01:37 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (08/10/2014 05:01:37 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (08/10/2014 00:32:55 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/10/2014 00:32:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/10/2014 00:32:40 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/10/2014 00:32:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/09/2014 10:32:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0017a34f. Processing media-specific event for [iexplore.exe!ws!] Error: (08/09/2014 10:31:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0017a34f. Processing media-specific event for [iexplore.exe!ws!] System errors: ============= Error: (08/10/2014 07:26:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (08/10/2014 07:25:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (08/10/2014 07:25:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: atapi i8042prt Error: (08/10/2014 07:24:49 PM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (08/10/2014 07:01:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: atapi i8042prt Error: (08/10/2014 06:08:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/10/2014 02:10:35 PM) (Source: 0) (EventID: 9) (User: ) Description: \Device\Ide\iaStor0 Error: (08/10/2014 10:19:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/10/2014 10:19:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the N360 service. Error: (08/10/2014 10:19:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the N360 service. Microsoft Office Sessions: ========================= Error: (02/11/2012 02:53:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1028 seconds with 1020 seconds of active time. This session ended with a crash. Error: (01/22/2011 10:16:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30333 seconds with 1080 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 3567.21 MB Available physical RAM: 2714.68 MB Total Pagefile: 5448.3 MB Available Pagefile: 4285.48 MB Total Virtual: 2047.88 MB Available Virtual: 1933.71 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:453.3 GB) (Free:395.14 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive j: (HP_RECOVERY) (Fixed) (Total:12.46 GB) (Free:2.63 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 3B2B3B2B) Partition 1: (Active) - (Size=453 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
11.08.2014, 09:30 | #4 |
/// TB-Ausbilder | Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistry Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [UpdateMyDrivers] => C:\Program Files\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss Reboot: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck und:
Schritt 4 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Bitte poste mit deiner nächsten Antwort
|
11.08.2014, 13:51 | #5 |
| Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistry Hallo Mathias, ich habe die 4 Schritte ausgführt, anbei die 4 Log-files: Fixlog Zitat Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:10-08-2014 01 Ran by Administrator at 2014-08-11 11:10:08 Run:1 Running from C:\Documents and Settings\Administrator\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKU\S-1-5-21-965756728-169831054-4282204201-500\...\Run: [UpdateMyDrivers] => C:\Program Files\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss Reboot: end ***************** HKU\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Windows\CurrentVersion\Run\\UpdateMyDrivers => value deleted successfully. The system needed a reboot. ==== End of Fixlog ==== Zitat Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=5b9314aea858714c95e847b33925231e # engine=19596 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-08-11 10:54:06 # local_time=2014-08-11 12:54:06 (+0100, W. Europe Daylight Time) # country="Switzerland" # lang=1031 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode_1='' # compatibility_mode=3589 16777213 100 86 86760156 171122741 0 0 # scanned=88650 # found=40 # cleaned=0 # scan_time=3282 sh=5657DFACD2609DFB4FB376ABB2C6E798C5D385C7 ft=1 fh=3db1547b0ac5e8dc vn="Variante von Win32/Toolbar.CrossRider.AG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\554c9551-b337-43c8-ab01-4f36dcfd520a.exe.vir" sh=88C24F5C7636DCBA515835D67E7C8616851ED5E9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\5e5d09b0-ce83-4e3c-9b2c-6b02c95e8e5a.crx.vir" sh=4DB13C833CA5AA2696A1F6D93245A3304B49806D ft=1 fh=e0d02f20612ea76c vn="Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-11.exe.vir" sh=AFD1C1B776ECAFC587BC417090C1319650C2B692 ft=1 fh=1d517e1a4634e738 vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-2.exe.vir" sh=286214A6B25675ED6B7296C9F43850647987BCC9 ft=1 fh=4dc0c1bbbea16baa vn="Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-4.exe.vir" sh=D3D971E7E4AA17477D22522829A120B2763CE848 ft=1 fh=0669b4173f70328a vn="Variante von Win32/Toolbar.CrossRider.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3-5.exe.vir" sh=DFD473210F3CEDA728D558ACC0EA53579A7AC354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3.crx.vir" sh=D84A35D2D5CC6BE967BE7C9B5C296640CFD99261 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\6909362e-abd2-4ce6-b4b9-a74fe9ce80d3.xpi.vir" sh=7735F999776ECD00DD1FB45B7ACE9878F9058B76 ft=1 fh=1d24a3ad778ed453 vn="Variante von Win32/Toolbar.CrossRider.AL evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\Internet Speed Checker-bg.exe.vir" sh=E432AEFC72CCF83A2C1E5BF6658A8671B712414F ft=1 fh=c990e3a29e0e57cb vn="Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\Internet Speed Checker-bho.dll.vir" sh=64638C06B506D1444A53878920B1DBB06888CEC2 ft=1 fh=980aa30758784c94 vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\Internet Speed Checker-buttonutil.dll.vir" sh=4FEAB6AD479250FD611E0A892BB2B9BEA8BB82B3 ft=1 fh=e543a0dcda004c83 vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\Internet Speed Checker-buttonutil.exe.vir" sh=3A6DBF584AB5DFD90E03F41980877B944D7AD25A ft=1 fh=fc984c298447d04d vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Internet Speed Checker\Internet Speed Checker-codedownloader.exe.vir" sh=E66AF81ECF344320AB33D9493D99012502B6D7A8 ft=1 fh=0e2d42d0e1be0954 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\sppsm.dll.vir" sh=B3E80BD7D9A417D3EFF3AD0ED2CCBDCDC5DF5846 ft=1 fh=bb4ab7dbed606f52 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\spusm.dll.vir" sh=746835BAEE6A44D212525520BD9E4D2D662FA560 ft=1 fh=7a6773966e668ece vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbu.dll.vir" sh=7CF3E5831311D8BC468B709379BF0112E8745CDA ft=1 fh=37b232fbf48f85a1 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srptc.dll.vir" sh=8F09720095821ACA3C4ABD9794AEBED18B01DC0E ft=1 fh=8a7157444494089b vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Administrator\Desktop\USB-Stick\registrybooster.exe" sh=CBAB031B3935A09A20845C238EC54F5475D6A89B ft=1 fh=f86cce18bc0d2819 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Administrator\Desktop\USB-Stick\RegistryReviverSetup.exe" sh=EE611FF711A1DCFD4B9E41686FE741292DFC39A2 ft=1 fh=c10e7aca31bdd62d vn="Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temp\sfa_inst.exe" sh=B797EF195F46438DE86724489D47673EB667DC9C ft=1 fh=e3f3fedfd968b4f0 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\24SMAV65\pcspeedup20140716[1].exe" sh=7A1A9E1B6AD0D793C748242B3E133D28F2EA4CAE ft=1 fh=3e339cab813d40b8 vn="Variante von Win32/Injector.BIZV Trojaner" ac=I fn="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3CNBN39U\shopop2220714[1].exe" sh=8F09720095821ACA3C4ABD9794AEBED18B01DC0E ft=1 fh=8a7157444494089b vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\registrybooster.exe" sh=CBAB031B3935A09A20845C238EC54F5475D6A89B ft=1 fh=f86cce18bc0d2819 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\RegistryReviverSetup.exe" sh=1AB152E190D9FA506D4D33D2D135ED3C65BA1646 ft=1 fh=9795cc6be88add21 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Administrator\My Documents\07_IT\isobuste mir2\isobuster_all_lang.exe" sh=1AB152E190D9FA506D4D33D2D135ED3C65BA1646 ft=1 fh=9795cc6be88add21 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Administrator\My Documents\07_IT\isobuster\isobuster_all_lang.exe" sh=A62D023D15D1917BDD5002889CC279E4656D92AF ft=1 fh=b49072af51c4fd6a vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Administrator\My Documents\07_IT\WinZip\WinZip175.exe" sh=CB3ED72F9D324697088278234D4F22EB22BCD4DB ft=1 fh=f4be94f94f707b78 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\dl-openfreely-base.exe" sh=8F09720095821ACA3C4ABD9794AEBED18B01DC0E ft=1 fh=8a7157444494089b vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\registrybooster.exe" sh=CBAB031B3935A09A20845C238EC54F5475D6A89B ft=1 fh=f86cce18bc0d2819 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\RegistryReviverSetup.exe" sh=33E40582F857704C66794A3701919FD4D21D37CD ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\91f6ea.msi" sh=792732B910B853401144DDFDB5F09F4601BD9B10 ft=1 fh=09c096f08a58a634 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\MSI4C.tmp-\sppsm.dll" sh=9B5CB9BFC61A4C1BE410AA408BB62929957F3695 ft=1 fh=1a8afe5751a30e18 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\MSI4C.tmp-\spusm.dll" sh=AB3AC22814E5AA28E986740EA275D1F9A366E8FD ft=1 fh=cfb93842f7d63e02 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\MSI4C.tmp-\srptc.dll" sh=792732B910B853401144DDFDB5F09F4601BD9B10 ft=1 fh=09c096f08a58a634 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\MSI5A.tmp-\sppsm.dll" sh=9B5CB9BFC61A4C1BE410AA408BB62929957F3695 ft=1 fh=1a8afe5751a30e18 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\MSI5A.tmp-\spusm.dll" sh=7380520125D289909CA398AE401AA6D5676F81D5 ft=1 fh=e94db147b021709c vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\MSI5A.tmp-\srbs.dll" sh=36AD796C52A4FD2DE77D58C627C615CAA74483E7 ft=1 fh=33a5280913389ab9 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\MSI5A.tmp-\srbu.dll" sh=AB3AC22814E5AA28E986740EA275D1F9A366E8FD ft=1 fh=cfb93842f7d63e02 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\MSI5A.tmp-\srptc.dll" sh=AB3AC22814E5AA28E986740EA275D1F9A366E8FD ft=1 fh=cfb93842f7d63e02 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Installer\MSI75.tmp-\srptc.dll" SecurityCheck Zitat Code:
ATTFilter Results of screen317's Security Check version 0.99.86 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Please wait while WMIC is being installed.d i s p l a y N a m e ECHO is off. N o r t o n ECHO is off. 3 6 0 ECHO is off. Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Windows Driver Package - Datacolor (Spyder3) USB (09/10/2007 1.0.0.3) Windows Driver Package - ColorVision Inc (Spyder) USB (08/07/2006 1.0.0.2) Microsoft VM for Java Java(TM) 6 Update 13 Java version out of Date! Adobe Reader 10.1.10 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` SystemLook Zitat Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 13:14 on 11/08/2014 by Administrator Administrator - Elevation successful ========== regfind ========== Searching for "globalUpdate" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32] @="C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Program Files\globalUpdate\Update\GoogleUpdate.exe"="globalUpdate Update" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Program Files\globalUpdate\Update\GoogleUpdate.exe"="globalUpdate Update" Searching for "RegClean" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{934FDD8D-9B5B-4f69-975C-36325AAE8A0D}] @="N360 RegClean Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{934FDD8D-9B5B-4f69-975C-36325AAE8A0D}\ProgID] @="RegClean.N360.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{934FDD8D-9B5B-4f69-975C-36325AAE8A0D}\VersionIndependentProgID] @="RegClean.N360" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegClean.N360] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegClean.N360] @="N360 RegClean Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegClean.N360\CurVer] @="RegClean.N360.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegClean.N360.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegClean.N360.1] @="N360 RegClean Class" Searching for "SmartTweak" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SmartTweak Software] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FixMyRegistry.exe] @="C:\Program Files\SmartTweak\FixMyRegistry\FixMyRegistry.exe" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SmartTweak Software] Searching for "Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C182AF0-6856-4A50-8840-18D9C3B8D872}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{200335FD-575A-4F55-AC76-9E200E165F}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{253dd070-b470-4e2c-bb34-5592f2b62c62}] "AppName"="Internet Speed Checker-buttonutil.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{253dd070-b470-4e2c-bb34-5592f2b62c62}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F4E485A-EA28-4ED2-948F-3F5C699BEF}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2feb16ce-9e76-47e5-be44-3226a38edec5}] "AppName"="Internet Speed Checker-bg.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2feb16ce-9e76-47e5-be44-3226a38edec5}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B2D421E-9F88-44D0-A418-C090D6ABF52}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C1A7D10-8974-4C21-98DA-DDC18CCFF661}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562E1F45-DDB6-447A-9014-B5C9911F7CD6}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BC98194-D74F-4040-998-AB3818F4E047}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C2B785D-64D6-4EC1-BBA-6D67EEADF76}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67C5D81A-E2FF-419C-B23-F4ACED258286}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DA4A13E-BA40-4241-8D58-67DACE12808F}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e4edcae-bafe-4568-9b7c-78adabdfad2c}] "AppName"="Internet Speed Checker-codedownloader.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e4edcae-bafe-4568-9b7c-78adabdfad2c}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{712EFD6B-6297-420C-AFEB-EC3BBAA7D220}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74FF81D9-85DA-4214-BF12-C9755B7EBA9B}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D4B8D43-46F6-4AF8-8A1C-5C4BC63F4D46}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85945377-DE01-45EC-AAB5-A2A3B84699C8}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89433F79-2573-4DD8-944C-B4EC612335FB}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9ECBD320-BB0C-478D-98AF-22FADFC2D5F9}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A44ED76F-4776-4B87-9444-5F22CE38969A}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2B9D429-DCD8-4025-B2FD-A6C3FF2533C4}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C545AC67-AD0C-42B3-B7B8-4DABE6EF8F11}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2DC942A-5EAA-47F0-8EF8-16569B9565}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB43E8E5-3735-4C4C-9847-5EA174D4CC60}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB2868A1-12D3-47FF-8160-3A70DE5FD7A}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F21E11BB-3973-4F55-8BC3-440C8A78CF0}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD5E0AE0-7621-4E92-BFE3-6472894A4E2E}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452}\1.0\0\win32] @="C:\Program Files\Internet Speed Checker\Internet Speed Checker-bho.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452}\1.0\HELPDIR] @="C:\Program Files\Internet Speed Checker" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{253dd070-b470-4e2c-bb34-5592f2b62c62}] "AppName"="Internet Speed Checker-buttonutil.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{253dd070-b470-4e2c-bb34-5592f2b62c62}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2feb16ce-9e76-47e5-be44-3226a38edec5}] "AppName"="Internet Speed Checker-bg.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2feb16ce-9e76-47e5-be44-3226a38edec5}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e4edcae-bafe-4568-9b7c-78adabdfad2c}] "AppName"="Internet Speed Checker-codedownloader.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e4edcae-bafe-4568-9b7c-78adabdfad2c}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C182AF0-6856-4A50-8840-18D9C3B8D872}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{200335FD-575A-4F55-AC76-9E200E165F}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{253dd070-b470-4e2c-bb34-5592f2b62c62}] "AppName"="Internet Speed Checker-buttonutil.exe" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{253dd070-b470-4e2c-bb34-5592f2b62c62}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F4E485A-EA28-4ED2-948F-3F5C699BEF}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2feb16ce-9e76-47e5-be44-3226a38edec5}] "AppName"="Internet Speed Checker-bg.exe" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2feb16ce-9e76-47e5-be44-3226a38edec5}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B2D421E-9F88-44D0-A418-C090D6ABF52}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C1A7D10-8974-4C21-98DA-DDC18CCFF661}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{562E1F45-DDB6-447A-9014-B5C9911F7CD6}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BC98194-D74F-4040-998-AB3818F4E047}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C2B785D-64D6-4EC1-BBA-6D67EEADF76}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67C5D81A-E2FF-419C-B23-F4ACED258286}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DA4A13E-BA40-4241-8D58-67DACE12808F}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e4edcae-bafe-4568-9b7c-78adabdfad2c}] "AppName"="Internet Speed Checker-codedownloader.exe" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6e4edcae-bafe-4568-9b7c-78adabdfad2c}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{712EFD6B-6297-420C-AFEB-EC3BBAA7D220}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74FF81D9-85DA-4214-BF12-C9755B7EBA9B}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D4B8D43-46F6-4AF8-8A1C-5C4BC63F4D46}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85945377-DE01-45EC-AAB5-A2A3B84699C8}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89433F79-2573-4DD8-944C-B4EC612335FB}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9ECBD320-BB0C-478D-98AF-22FADFC2D5F9}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A44ED76F-4776-4B87-9444-5F22CE38969A}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2B9D429-DCD8-4025-B2FD-A6C3FF2533C4}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C545AC67-AD0C-42B3-B7B8-4DABE6EF8F11}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2DC942A-5EAA-47F0-8EF8-16569B9565}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB43E8E5-3735-4C4C-9847-5EA174D4CC60}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB2868A1-12D3-47FF-8160-3A70DE5FD7A}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F21E11BB-3973-4F55-8BC3-440C8A78CF0}] "AppPath"="C:\Program Files\Internet Speed Checker" [HKEY_USERS\S-1-5-21-965756728-169831054-4282204201-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD5E0AE0-7621-4E92-BFE3-6472894A4E2E}] "AppPath"="C:\Program Files\Internet Speed Checker" Searching for "SoftwareUpdater" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\SoftwareUpdater\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50842306D3AC99249B064E424DFD87BA\Features] "SoftwareUpdater"="ProductFeature" Searching for "FixMyRegistry" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FixMyRegistry.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FixMyRegistry.exe] @="C:\Program Files\SmartTweak\FixMyRegistry\FixMyRegistry.exe" Searching for " " [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0] "ProcessorNameString"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1] "ProcessorNameString"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2] "ProcessorNameString"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3] "ProcessorNameString"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4] "ProcessorNameString"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5] "ProcessorNameString"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6] "ProcessorNameString"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7] "ProcessorNameString"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\MSPMSP\KBDeviceList] "SanDiskIMb"="E-USB Fl;ash ; " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_0] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_1] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_2] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_3] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_4] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_5] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_6] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_7] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters] "UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters] "NoFlushDevice"="QUANTUM_LPS525A SCR-730 " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters] "PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters] "NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters] "NoPowerDownDevice"="RD-DRC001-M CS-R37 0 " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters] "AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_0] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_1] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_2] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_3] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_4] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_5] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_6] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_7] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters] "UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters] "NoFlushDevice"="QUANTUM_LPS525A SCR-730 " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters] "PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters] "NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters] "NoPowerDownDevice"="RD-DRC001-M CS-R37 0 " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi\Parameters] "AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_0] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_1] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_2] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_3] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_4] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_5] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_6] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_26\_7] "FriendlyName"="Intel(R) Xeon(R) CPU W3520 @ 2.67GHz" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters] "UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB) SAMSUNG WNR-31601A (1.6GB) IBM-DTCA-24090 TC6OAA2A IBM-DTCA-24090 TC6IAA2A IBM-DPLA-25120 PL8OAA2A IBM-DPLA-25120 PL8IAA2A IBM-DPLA-25120 PL8IAA4A IBM-DTCA-23240 TC5OAA2A IBM-DTCA-23240 TC5IAA2A IBM-DPLA-24480 PL7OAA2A IBM-DPLA-24480 PL7IAA2A" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters] "NoFlushDevice"="QUANTUM_LPS525A SCR-730 " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters] "PioOnlyDevice"=" Conner Peripherals 425MB - CFS425A MATSHITA CR-581 FX600S CD-44E QUANTUM TRB850A QUANTUM MARVERICK 540A MAXTOR MXT-540 AT Maxtor 71260 AT Maxtor 7850 AV Maxtor 7540 AV Maxtor 7213 AT Maxtor 7345 Maxtor 7245 AT Maxtor 7245 Maxtor 7211AU Maxtor 7171 AT CD-316E SAMSUNG_SCR-2430 CR-2801TE" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters] "NonRemovableMedia"="Kingston Technology DataPak 340 SunDisk SDP5A-10 SunDisk SDCFB-10 SunDisk SDP3B-20 SunDisk SDP3B-175 SunDisk SDP5-2.5 Calluna Technology CT260MC BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1 ATA_FLASH Mitsubishi ATA Card LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK 8M 8K" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters] "NoPowerDownDevice"="RD-DRC001-M CS-R37 0 " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters] "AutoEjectZipDevice"="IOMEGA ZIP 100 ATAPI 23.D IOMEGA ZIP 100 ATAPI 21.D IOMEGA ZIP 100 ATAPI 20.D IOMEGA ZIP 100 ATAPI 91.D IOMEGA ZIP 100 B.29 IOMEGA ZIP 100 B.22 " -= EOF =- |
11.08.2014, 16:03 | #6 |
/// TB-Ausbilder | Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistry Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start C:\Documents and Settings\Administrator\Desktop\USB-Stick\registrybooster.exe C:\Documents and Settings\Administrator\Desktop\USB-Stick\RegistryReviverSetup.exe C:\Documents and Settings\Administrator\Local Settings\Temp\sfa_inst.exe C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\registrybooster.exe C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\RegistryReviverSetup.exe C:\Documents and Settings\Administrator\My Documents\07_IT\isobuste mir2\isobuster_all_lang.exe C:\Documents and Settings\Administrator\My Documents\07_IT\isobuster\isobuster_all_lang.exe C:\Documents and Settings\Administrator\My Documents\07_IT\WinZip\WinZip175.exe C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\dl-openfreely-base.exe C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\registrybooster.exe C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\RegistryReviverSetup.exe C:\WINDOWS\Installer\91f6ea.msi C:\WINDOWS\Installer\MSI4C.tmp- C:\WINDOWS\Installer\MSI5A.tmp- C:\WINDOWS\Installer\MSI75.tmp- DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SmartTweak Software DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FixMyRegistry.exe DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452} EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Lesestoff: Windows XP Auf deinem Rechner läuft noch Windows XP. Microsoft hat dieses Betriebssystem bereits 2001 veröffentlicht und stellt den Support endgültig ab April 2014 ein, d.h. ab Mai 2014 gibt es keine weiteren Updates mehr und danach gefundene Lücken werden nicht mehr durch Updates/Hotfixes geschlossen werden können. Mit Windows XP nach April 2014 zu surfen wird damit ein großes Sicherheitsrisiko. Du solltest dir jetzt unbedingt Gedanken machen, möglichst schnell auf ein aktuelleres Betriebssystem umzusteigen. Außerdem bitte noch die folgenden Schritte durchführen: PC wird immer langsamer - was tun? Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren. Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren. Deinstalliere die folgenden Programme von deinem Rechner:
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf. Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
13.08.2014, 12:26 | #7 |
/// TB-Ausbilder | Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistry Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
15.08.2014, 01:05 | #8 |
| Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistry Hallo Mathias, ich habe den Schritt "Reste Entfernen" & 3 letzten Schritte durchgeführt. Komme wohl etwas spät mit meiner Antwort zurück -musste dringend 2 andere Themen abarbeiten. Sorry! Bemerkung: - habe FRST nochmals installiert, um ein FixLog-file zu erstellen, da DelFix das eigentl. FixLog glöscht hat. - DelFix habe ich nochmals laufen lassen, um das FRST zu löschen. ((das tönt ziemlich blöde, aber ich will diesen Thread für mich & Kollegen aufbewahren, um zu zeigen, wie viel Arbeite drinne stecken um MalWare zu entfernen)) Bemerkung Schritt 3: ich bin überaus dankbar für die Angaben bzgl. Anti-Viren-Progr. & zusätzl. Schutz & Performance, etc. Secunia-Online-SW werde ich auf den Win-XP installieren um zu schauen wie verwundbar der PC ist. Nächste Woche installiere ich Win 8.1 (Harddisk wird formatiert) und werde mir dann die empfohlenen Progr. installieren --> LETZTE FRAGE: genügt mir Avast! oder Microsoft Security Essentials oder muss ich mir eines der bekannten VirenProgr. kaufen, Norton etc.? ...und nun ein riesen Dankeschön! Ich werde spenden. Ich glaube, ihr wisst nicht, welch gross Hilfe ihr den Leuten seit! Unglaublich! Ich bin oft im Internet unterwegs, solche Boards sind sehr selten! Überall wird man nur abgezogen -- v.a. wenn man etwas Zusatzinformationen haben will -- bzgl. Free-Ware &Hilfe ist "File Pony" ne echte Alternative! Vielen DANK! Reste Entfernen FixLog, mit FRST (nochmals installiert, nachdem DelFix das vorherige FixLog-file gelöscht hatte) Zitat Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:14-08-2014 02 Ran by Administrator at 2014-08-15 00:40:28 Run:1 Running from C:\Documents and Settings\Administrator\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start C:\Documents and Settings\Administrator\Desktop\USB-Stick\registrybooster.exe C:\Documents and Settings\Administrator\Desktop\USB-Stick\RegistryReviverSetup.exe C:\Documents and Settings\Administrator\Local Settings\Temp\sfa_inst.exe C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\registrybooster.exe C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\RegistryReviverSetup.exe C:\Documents and Settings\Administrator\My Documents\07_IT\isobuste mir2\isobuster_all_lang.exe C:\Documents and Settings\Administrator\My Documents\07_IT\isobuster\isobuster_all_lang.exe C:\Documents and Settings\Administrator\My Documents\07_IT\WinZip\WinZip175.exe C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\dl-openfreely-base.exe C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\registrybooster.exe C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\RegistryReviverSetup.exe C:\WINDOWS\Installer\91f6ea.msi C:\WINDOWS\Installer\MSI4C.tmp- C:\WINDOWS\Installer\MSI5A.tmp- C:\WINDOWS\Installer\MSI75.tmp- DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SmartTweak Software DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FixMyRegistry.exe DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452} EmptyTemp: end ***************** "C:\Documents and Settings\Administrator\Desktop\USB-Stick\registrybooster.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Desktop\USB-Stick\RegistryReviverSetup.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\sfa_inst.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\registrybooster.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\RegistryReviverSetup.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\My Documents\07_IT\isobuste mir2\isobuster_all_lang.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\My Documents\07_IT\isobuster\isobuster_all_lang.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\My Documents\07_IT\WinZip\WinZip175.exe" => File/Directory not found. "C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\dl-openfreely-base.exe" => File/Directory not found. "C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\registrybooster.exe" => File/Directory not found. "C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\RegistryReviverSetup.exe" => File/Directory not found. "C:\WINDOWS\Installer\91f6ea.msi" => File/Directory not found. "C:\WINDOWS\Installer\MSI4C.tmp-" => File/Directory not found. "C:\WINDOWS\Installer\MSI5A.tmp-" => File/Directory not found. "C:\WINDOWS\Installer\MSI75.tmp-" => File/Directory not found. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} => Key not found. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SmartTweak Software => Key not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FixMyRegistry.exe => Key not found. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452} => Key not found. EmptyTemp: => Removed 56 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Ursprüngliche DelFix-Log (weiter unten das zweite DelFix, steht viel weniger drinne) Zitat Code:
ATTFilter # DelFix v10.8 - Logfile created 14/08/2014 at 18:31:36 # Updated 29/07/2014 by Xplode # Username : Administrator - DEBRECEN # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion Deleted : C:\Documents and Settings\Administrator\Desktop\Addition.txt Deleted : C:\Documents and Settings\Administrator\Desktop\AdwCleaner[R0].txt Deleted : C:\Documents and Settings\Administrator\Desktop\AdwCleaner[R1].txt Deleted : C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S0].txt Deleted : C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.304.exe Deleted : C:\Documents and Settings\Administrator\Desktop\Defogger.exe Deleted : C:\Documents and Settings\Administrator\Desktop\defogger_disable.log Deleted : C:\Documents and Settings\Administrator\Desktop\defogger_enable.log Deleted : C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_deu.exe Deleted : C:\Documents and Settings\Administrator\Desktop\Fixlog.txt Deleted : C:\Documents and Settings\Administrator\Desktop\FRST.exe Deleted : C:\Documents and Settings\Administrator\Desktop\FRST.txt Deleted : C:\Documents and Settings\Administrator\Desktop\log ESET.txt Deleted : C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe Deleted : C:\Documents and Settings\Administrator\Desktop\SystemLook.exe Deleted : C:\Documents and Settings\Administrator\Desktop\SystemLook.txt Deleted : HKLM\SOFTWARE\AdwCleaner ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #130 [System Checkpoint | 05/29/2014 21:20:42] Deleted : RP #131 [Software Distribution Service 3.0 | 05/29/2014 22:11:42] Deleted : RP #132 [Software Distribution Service 3.0 | 06/11/2014 20:07:54] Deleted : RP #133 [Software Distribution Service 3.0 | 07/11/2014 19:00:16] Deleted : RP #134 [System Checkpoint | 08/01/2014 04:48:51] Deleted : RP #135 [Removed HP Performance Tuning Framework | 08/01/2014 13:53:01] Deleted : RP #136 [Installed HP Performance Tuning Framework | 08/01/2014 13:53:07] Deleted : RP #137 [Installed HP Performance Advisor | 08/01/2014 14:12:14] Deleted : RP #138 [System Checkpoint | 08/03/2014 18:56:49] Deleted : RP #139 [System Checkpoint | 08/05/2014 23:13:13] Deleted : RP #140 [System Checkpoint | 08/07/2014 17:34:59] Deleted : RP #141 [System Checkpoint | 08/08/2014 18:09:39] Deleted : RP #142 [System Checkpoint | 08/09/2014 21:12:29] Deleted : RP #143 [Removed ATI Catalyst Control Center | 08/10/2014 00:15:15] Deleted : RP #144 [Free Driver Scout | 08/10/2014 03:02:34] Deleted : RP #145 [Free Driver Scout | 08/10/2014 03:05:38] Deleted : RP #146 [Removed Shopop | 08/10/2014 03:39:40] Deleted : RP #147 [Removed Microsoft Silverlight | 08/10/2014 04:16:13] Deleted : RP #148 [System Checkpoint | 08/11/2014 11:32:39] Deleted : RP #149 [System Checkpoint | 08/12/2014 11:44:35] Deleted : RP #150 [Removed Java(TM) 6 Update 13 | 08/14/2014 15:27:44] Deleted : RP #151 [Removed Java(TM) 6 Update 13 | 08/14/2014 16:12:40] Deleted : RP #152 [Installed Java 7 Update 67 | 08/14/2014 16:17:26] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Zitat Code:
ATTFilter # DelFix v10.8 - Logfile created 15/08/2014 at 01:06:37 # Updated 29/07/2014 by Xplode # Username : Administrator - DEBRECEN # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) ~ Removing disinfection tools ... ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #130 [System Checkpoint | 08/14/2014 23:01:13] Deleted : RP #131 [Software Distribution Service 3.0 | 08/14/2014 23:01:13] Deleted : RP #132 [Software Distribution Service 3.0 | 08/14/2014 23:01:14] Deleted : RP #133 [Software Distribution Service 3.0 | 08/14/2014 23:01:14] Deleted : RP #134 [System Checkpoint | 08/14/2014 23:01:14] Deleted : RP #135 [Removed HP Performance Tuning Framework | 08/14/2014 23:01:14] Deleted : RP #136 [Installed HP Performance Tuning Framework | 08/14/2014 23:01:14] Deleted : RP #137 [Installed HP Performance Advisor | 08/14/2014 23:01:14] Deleted : RP #138 [System Checkpoint | 08/14/2014 23:01:14] Deleted : RP #139 [System Checkpoint | 08/14/2014 23:01:14] Deleted : RP #140 [System Checkpoint | 08/14/2014 23:01:14] Deleted : RP #141 [System Checkpoint | 08/14/2014 23:01:14] Deleted : RP #142 [System Checkpoint | 08/14/2014 23:01:14] Deleted : RP #143 [Removed ATI Catalyst Control Center | 08/14/2014 23:01:14] Deleted : RP #144 [Free Driver Scout | 08/14/2014 23:01:15] Deleted : RP #145 [Free Driver Scout | 08/14/2014 23:01:15] Deleted : RP #146 [Removed Shopop | 08/14/2014 23:01:15] Deleted : RP #147 [Removed Microsoft Silverlight | 08/14/2014 23:01:15] Deleted : RP #148 [System Checkpoint | 08/14/2014 23:01:15] Deleted : RP #149 [System Checkpoint | 08/14/2014 23:01:15] Deleted : RP #150 [Removed Java(TM) 6 Update 13 | 08/14/2014 23:01:15] Deleted : RP #151 [Removed Java(TM) 6 Update 13 | 08/14/2014 23:01:15] Deleted : RP #152 [Installed Java 7 Update 67 | 08/14/2014 23:01:15] Deleted : RP #153 [End of disinfection | 08/14/2014 23:01:16] Deleted : RP #154 [End of disinfection | 08/14/2014 23:01:19] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## |