InstallBrain5BA in C:\Windows\System\32\ = gesichert, MalSign.OpenCandy.7AF... C:\Documentsand Settin.... = gesichert, Trojaner : Crypt

Golfplayer85 · 26.10.2015, 23:04

Emsisoft Emergency Kit - Version 10.0
Last update: N/A
User account: OTTO\Mang

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 10/26/2015 10:42:50 PM
C:\Documents and Settings\Mang\Local Settings\Temp\APN-Stub detected: Application.Win32.WebToolbar (A)
C:\WINDOWS\TEMP\APN-Stub detected: Application.Win32.WebToolbar (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\SEARCH TOOLBAR detected: Adware.Win32.SearchBar (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\SEARCH TOOLBAR detected: Adware.Win32.SearchBar (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\SEARCH TOOLBAR detected: Adware.Win32.SearchBar (A)
Key: HKEY_USERS\S-1-5-21-2802971340-371014867-2627472942-1005\SOFTWARE\ASCENTIVE detected: Application.Win32.SpyStrike (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERBARBUTTON detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERBARBUTTON.1 detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERSETTINGSCONTROL detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERSETTINGSCONTROL.1 detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{09BD51AE-7E02-4916-9B12-647A92C02B7F} detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{72FE8681-0BFA-471B-9B2A-B37ED68DD09E} detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{83453071-3F9C-4AB0-BE30-EDA368D7976D} detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BD04DAE2-8C1B-4CC5-9E06-22DE05C2EDA0} detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{83453070-3F9C-4AB0-BE30-EDA368D7976D} detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{FE063DBA-4EC0-403E-8DD8-394C54984B2C} detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{83453071-3F9C-4AB0-BE30-EDA368D7976D} detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FE063DBB-4EC0-403E-8DD8-394C54984B2C} detected: Application.Win32.WebToolbar (A)
Value: HKEY_USERS\S-1-5-21-2802971340-371014867-2627472942-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2802971340-371014867-2627472942-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\SEARCH TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\SEARCH TOOLBAR detected: Application.InstallAd (A)

Scanned 79140
Found 22

schrauber · 27.10.2015, 19:44

Funde auch gelöscht?

Golfplayer85 · 27.10.2015, 23:43

ich gaube nicht, wie kann ich das nachsehen und dann tun
gruß Otto

war jetzt nochmal am XP und dort hatte ich 1. nochmal einen scan gemacht bzw.dort in die Quarantäne geschaut und alles gelöscht bis auf die ersten 2 Zeilen nicht , diese hier nicht:

C:\Documents and Settings\Mang\Local Settings\Temp\APN-Stub detected: Application.Win32.WebToolbar (A)
C:\WINDOWS\TEMP\APN-Stub detected: Application.Win32.WebToolbar (A)

außerdem habe ich am Desktop ( Notes ) (mit Word gemacht) mit dem gesamten Inhalt
der steht noch am Desktop , was soll ich jetzt mit dem machen , AUCH löschen ??!!

Otto

schrauber · 28.10.2015, 20:19

Passt schon, dann bitte noch ein frisches FRST Log. wie läuft der Rechner?

Golfplayer85 · 28.10.2015, 21:47

Hallo, soll ich das am XP stehende Word - Notes mit dem Inhalt löschen ?
das andere mache ich gleich

Ich habe bis jetzt noch nichts auf dem Rechner gemacht und auch das Internet abgeschaltet was auf dem PC einen eigenen hebel hat zu aus/ einschalten ; steht auf aus.
Wie soll ich das neue Frst log machen, womit das starten?

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
Ran by Mang (administrator) on OTTO (28-10-2015 21:20:34)
Running from E:\
Loaded Profiles: Mang & Administrator (Available Profiles: Mang & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\DVDRAMSV.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TDispVol.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\Toshiba.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Generic) C:\WINDOWS\system32\ufdsvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Intel Corporation) C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TFncKy] => TFncKy.exe
HKLM\...\Run: [TDispVol] => C:\WINDOWS\system32\TDispVol.exe [73728 2005-03-12] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945 2005-12-16] (Synaptics, Inc.)
HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [352256 2006-01-05] (TOSHIBA)
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [82009 2005-12-16] (Synaptics, Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-15] (Agere Systems)
HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [282624 2005-06-01] (TOSHIBA Corporation)
HKLM\...\Run: [Pinger] => c:\toshiba\ivp\ism\pinger.exe [151552 2005-03-18] (TOSHIBA Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2005-12-05] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2005-11-28] (Intel Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-04] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [333120 2008-10-09] (BillP Studios)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-03-02] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [401491 2004-02-03] (Microsoft Corporation)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [IncrediMail] => C:\Program Files\IncrediMail\bin\IncMail.exe [367016 2013-08-13] (IncrediMail, Ltd.)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\MountPoints2: {61ac6e6f-a7fa-11de-8aca-0018de53a3d3} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\...\MountPoints2: {ae0efffa-6a92-11e5-8e66-0018de53a3d3} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\wpgldfsh.scr [4396544 2004-08-10] (Microsoft Corporation)
HKU\S-1-5-21-2802971340-371014867-2627472942-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2802971340-371014867-2627472942-500\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\S-1-5-21-2802971340-371014867-2627472942-500\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16680 2008-01-22] (Nero AG)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2015-07-19] (Google Inc.)
HKU\S-1-5-18\...\Run: [Google+ Auto Backup] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-04] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012-06-28]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\Mang\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk [2013-12-06]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Mang\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk [2013-10-03]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.toshiba.com/search
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.toshiba.com/search
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.toshiba.com/search
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://orf.at
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://orf.at/
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2802971340-371014867-2627472942-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://orf.at
HKU\S-1-5-21-2802971340-371014867-2627472942-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-2802971340-371014867-2627472942-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.outfox.tv?referid=180" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = 
SearchScopes: HKU\S-1-5-21-2802971340-371014867-2627472942-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-2802971340-371014867-2627472942-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-2802971340-371014867-2627472942-1005 -> {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-2802971340-371014867-2627472942-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15] (Safer Networking Limited)
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-19] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-17] (Sun Microsystems, Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-17] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-17] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2802971340-371014867-2627472942-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll [2004-02-03] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mang\Application Data\Mozilla\Firefox\Profiles\dkoeyld7.default
FF Homepage: hxxp://orf.at
hxxp://orf.at
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-02-17] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-03-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-03-02] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll [2006-08-16] (Yahoo! Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2007-05-11] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-17] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-02] [not signed]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-18] (TOSHIBA CORPORATION) [File not signed]
R2 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsushita Electric Industrial Co., Ltd.) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753 2005-11-28] (Intel Corporation) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S2 gupdate1c9b07f485552ba; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-07] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-17] (Sun Microsystems, Inc.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 MMIndexer; C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe [137216 1997-07-29] (Microsoft Corporation) [File not signed]
S4 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164 2005-11-28] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-11-28] (Intel Corporation ) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [40960 2005-07-13] () [File not signed]
R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [35328 2005-12-20] (TOSHIBA Corp.) [File not signed]
R2 UFDSVC; C:\WINDOWS\system32\ufdsvc.exe [69632 2006-02-15] (Generic) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-04] (Microsoft Corporation)
S4 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2006-12-23] (Meetinghouse Data Communications) [File not signed]
R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1122656 2005-11-15] (Agere Systems) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-26] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-13] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S2 Ca50xav; C:\WINDOWS\System32\Drivers\Ca50xav.sys [515803 2002-10-21] (Digital Camera)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171008 2005-01-28] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R1 meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsushita Electric Industrial Co.,Ltd.) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 MR97310_USB_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310c.sys [129875 2002-12-13] (Mars Semiconductor Corp.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2005-11-28] (Intel Corporation) [File not signed]
S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [52384 2004-03-26] (MCCI)
S3 slabser; C:\WINDOWS\System32\DRIVERS\slabser.sys [84512 2004-03-26] (MCCI)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-04-11] (Avira GmbH)
R3 SynTP; C:\WINDOWS\System32\DRIVERS\SynTP.sys [191936 2005-12-16] (Synaptics, Inc.) [File not signed]
R3 tbiosdrv; C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys [9472 2005-08-25] ()
R3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [162560 2005-11-30] (Texas Instruments) [File not signed]
S3 tosrfec; C:\WINDOWS\System32\DRIVERS\tosrfec.sys [9344 2005-09-09] (TOSHIBA Corporation) [File not signed]
R3 TVALD; C:\WINDOWS\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation) [File not signed]
R3 Tvs; C:\WINDOWS\System32\DRIVERS\Tvs.sys [43392 2005-11-30] (TOSHIBA Corporation) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [565248 2009-02-27] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [522880 2009-02-27] (eMPIA Technology, Inc.)
S3 USBCamera; C:\WINDOWS\System32\Drivers\Bulk50x.sys [10986 2002-07-25] (USB BULK)
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 ASFWHide; no ImagePath
S4 IntelIde; no ImagePath
S3 IO_Memory; no ImagePath
S1 PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 StarOpen; no ImagePath
S3 SVRPEDRV; no ImagePath
U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-02] (TOSHIBA Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-26 22:34 - 2015-10-27 23:24 - 00000000 ____D C:\EEK
2015-10-26 22:34 - 2015-10-26 22:34 - 00000655 _____ C:\Documents and Settings\Mang\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-26 09:24 - 2015-10-26 09:24 - 00000000 ____D C:\Program Files\ESET
2015-10-25 11:52 - 2015-10-25 11:52 - 00002826 _____ C:\Documents and Settings\Mang\Desktop\JRT.txt
2015-10-25 10:40 - 2015-10-25 10:46 - 00000000 ____D C:\AdwCleaner
2015-10-24 18:14 - 2015-10-24 18:14 - 00044716 _____ C:\Documents and Settings\Mang\Desktop\Desktop.txt
2015-10-24 16:55 - 2015-10-24 18:00 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-24 16:54 - 2015-10-24 16:54 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-24 16:54 - 2015-10-24 16:54 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-10-24 16:54 - 2015-10-24 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-24 16:54 - 2015-10-24 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-10-24 16:54 - 2015-10-05 08:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-24 16:54 - 2015-10-05 08:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-24 16:35 - 2015-10-24 16:35 - 00000935 _____ C:\Documents and Settings\Mang\Desktop\Revo Uninstaller.lnk
2015-10-24 16:34 - 2015-10-24 16:34 - 00000000 ____D C:\Program Files\VS Revo Group
2015-10-22 10:16 - 2015-10-22 10:21 - 00000019 _____ C:\WINDOWS\install.log
2015-10-22 10:16 - 2015-10-22 10:18 - 00000019 _____ C:\WINDOWS\PatchInstall1Debug.log
2015-10-21 22:12 - 2015-10-21 22:12 - 00000368 _____ C:\WINDOWS\nsw.log
2015-10-21 16:25 - 2015-10-21 16:25 - 00153084 _____ C:\wubildr
2015-10-21 16:25 - 2015-10-21 16:25 - 00008192 _____ C:\wubildr.mbr
2015-10-21 16:22 - 2015-10-21 16:22 - 00000000 ____D C:\ubuntu
2015-10-20 13:06 - 2015-10-28 21:20 - 00000000 ____D C:\FRST
2015-10-18 16:41 - 2015-10-18 16:41 - 00001919 _____ C:\WINDOWS\epplauncher.mif
2015-10-04 15:14 - 2015-10-04 15:14 - 00000000 ____D C:\Documents and Settings\Mang\Local Settings\Application Data\AvgSetupLog
2015-10-04 15:14 - 2015-10-04 15:14 - 00000000 ____D C:\Documents and Settings\Mang\Local Settings\Application Data\Avg
2015-10-04 13:45 - 2015-10-04 13:46 - 00000000 ____D C:\KVRT_Data

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-28 21:20 - 2006-12-23 02:12 - 00000000 ____D C:\Documents and Settings\Mang\Local Settings\Temp
2015-10-28 20:50 - 2014-01-21 15:35 - 00000488 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-10-28 20:48 - 2012-08-21 17:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-28 20:46 - 2006-02-15 16:37 - 01455184 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-28 20:43 - 2009-08-29 22:47 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-28 20:42 - 2007-01-20 18:13 - 00000014 ____H C:\cmsstorage.lst
2015-10-28 20:42 - 2007-01-20 18:13 - 00000000 ____H C:\WINDOWS\cmsstorage.lst
2015-10-28 20:36 - 2014-02-27 22:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-10-28 20:34 - 2014-02-08 00:44 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-10-28 20:34 - 2014-02-01 15:06 - 00263580 _____ C:\WINDOWS\setupapi.log
2015-10-28 20:34 - 2006-02-15 15:04 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-28 20:32 - 2014-03-02 17:55 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2802971340-371014867-2627472942-1005.job
2015-10-28 20:32 - 2014-02-01 15:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-10-28 20:32 - 2014-02-01 15:00 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-28 20:32 - 2010-03-08 01:09 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2802971340-371014867-2627472942-1005.job
2015-10-28 20:31 - 2011-01-07 19:08 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-28 20:31 - 2006-02-15 16:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-27 23:38 - 2006-12-23 02:12 - 00000278 ___SH C:\Documents and Settings\Mang\ntuser.ini
2015-10-27 23:38 - 2006-02-15 16:42 - 00032594 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-25 11:22 - 2010-03-08 01:09 - 00000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2802971340-371014867-2627472942-1005.job
2015-10-25 11:02 - 2006-02-15 08:30 - 00617682 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-24 17:46 - 2008-08-03 01:57 - 00000000 ____D C:\Program Files\myBabylon
2015-10-24 17:46 - 2006-02-16 15:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB894553$
2015-10-24 17:43 - 2008-12-27 16:07 - 00000000 ____D C:\Program Files\WeFi
2015-10-23 19:49 - 2006-02-16 17:59 - 00137200 ____C C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-10-23 19:46 - 2006-02-15 08:29 - 00436552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-22 15:00 - 2008-03-16 16:21 - 00000384 ____H C:\WINDOWS\Tasks\{700D1BF3-5389-4C8C-95C2-B0384496ADCF}_OTTO_Mang.job
2015-10-22 14:17 - 2009-07-23 21:25 - 00000000 ____D C:\Documents and Settings\Mang\Application Data\Skype
2015-10-22 12:34 - 2015-07-19 12:29 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-10-22 10:24 - 2006-02-15 17:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-22 10:23 - 2007-01-01 18:13 - 00000000 ____D C:\Program Files\Pinnacle
2015-10-22 10:18 - 2007-02-06 17:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2015-10-22 10:09 - 2014-01-28 22:26 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-10-22 10:07 - 2014-03-21 02:53 - 00000000 ____D C:\Edda Bilder u. MANTEL, 2014-03-20
2015-10-21 16:25 - 2006-02-15 15:05 - 00000236 __RSH C:\boot.ini
2015-10-18 17:40 - 2006-12-23 02:12 - 00000000 ____D C:\Documents and Settings\Mang

==================== Files in the root of some directories =======

2008-03-14 18:44 - 2008-03-14 18:44 - 0002528 ____C () C:\Documents and Settings\Mang\Application Data\$_hpcst$.hpc
2014-04-25 03:34 - 2014-04-25 03:34 - 0000288 _____ () C:\Documents and Settings\Mang\Application Data\.backup.dm
2006-12-28 15:44 - 2006-12-28 15:47 - 0000158 ____C () C:\Documents and Settings\Mang\Application Data\wklnhst.dat
2006-12-23 20:05 - 2014-07-02 20:27 - 0055808 ____C () C:\Documents and Settings\Mang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-12-23 02:12 - 2006-12-30 04:23 - 0000127 ____C () C:\Documents and Settings\Mang\Local Settings\Application Data\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\uninst.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\ymdc.exe
C:\Documents and Settings\Default User\Local Settings\Temp\uninst.dll
C:\Documents and Settings\Default User\Local Settings\Temp\ymdc.exe
C:\Documents and Settings\Mang\Local Settings\Temp\3kjgerj_.dll
C:\Documents and Settings\Mang\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Mang\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Mang\Local Settings\Temp\MotoCast_Installer_1.2.7.exe
C:\Documents and Settings\Mang\Local Settings\Temp\pyl5.tmp.exe
C:\Documents and Settings\Mang\Local Settings\Temp\pyl8.tmp.exe
C:\Documents and Settings\Mang\Local Settings\Temp\pylC.tmp.exe
C:\Documents and Settings\Mang\Local Settings\Temp\rnsetup0.exe
C:\Documents and Settings\Mang\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Mang\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Mang\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Mang\Local Settings\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

schrauber · 29.10.2015, 19:30

Sieht gut aus, bleibt aber ein XP

Word Datei kannste löschen.

Golfplayer85 · 29.10.2015, 23:40

Hallo , zu Deiner INFO .
Ich will nicht im XP ins Internet aber habe es mir aus Interesse angesehen und dabei folgendes festgestellt ; da kann was nicht stimmen !!!! , es ist genau die selbe Meldung wie am Anfang bevor WIR den gereinigt haben und zwar steht da bei meinem Anschluß was ganz anderes als bei den Anderen in der Nähe ( die ich kenne und diese mir auch an den anderen PC´s, laptop und netbooks anzeigt . )
Security -enabled Computer -to - computer network , to connect this network, click Connect , and then type the required network key !!!!!!

Bei allen anderen steht auf der Liste aber nur :
security-enabled wireless network ( WPA 2 )
so stand es am XP von Anfang an als ichbihn im Mai anschloß und so steht es auch bei meinen allen anderen auch !! und daher Frage ich mich wieso !!!! ist da der Unterschied.

Ich will den XP sowieso nicht mehr benutzen im internet aber es interessiert mich nur warum da der unterschied ist !

Meine anderen Pc´s, Laptop´s ( Win 7 ) und Netbooks ( 8.1 ) hat meine Frau heute alle schon umgestellt auf Windows 10 .

Gruß Otto .

schrauber · 30.10.2015, 21:11

Ich kann dir nicht folgen und verstehe nicht wirklich was du meinst. Wo genau steht was? Kannst Du davon einen Screenshot machen?

Golfplayer85 · 31.10.2015, 16:42

ok macht nichts , danke für die Hilfe´n . Ich fliege am Dienstag weg auf 6 Monate nach Florida und da habe ich eh nur das Netbook mit.
Gruß
Otto

schrauber · 01.11.2015, 07:22

Jetzt bin ich ein wenig neidisch

Golfplayer85 · 01.11.2015, 09:43

nicht traurig sein !!

schrauber · 02.11.2015, 11:58

I try

27.10.2015, 19:44	#17
schrauber /// the machine /// TB-Ausbilder	$InstallBrain5BA in C:\Windows\System\32\ = gesichert, MalSign.OpenCandy.7AF... C:\Documentsand Settin.... = gesichert, Trojaner : Crypt - Standard$ InstallBrain5BA in C:\Windows\System\32\ = gesichert, MalSign.OpenCandy.7AF... C:\Documentsand Settin.... = gesichert, Trojaner : Crypt Funde auch gelöscht? __________________ __________________

InstallBrain5BA in C:\Windows\System\32\ = gesichert, MalSign.OpenCandy.7AF... C:\Documentsand Settin.... = gesichert, Trojaner : Crypt

Plagegeister aller Art und deren Bekämpfung: InstallBrain5BA in C:\Windows\System\32\ = gesichert, MalSign.OpenCandy.7AF... C:\Documentsand Settin.... = gesichert, Trojaner : Crypt