HI, :pfeiff: musste bischen regedit editieren weil der immer auf pio runter ist, was ich in everest aida nicht sehen konnte haha..
Auch etwas peinlich was da für Zeug drauf ist, also nochmal :dankeschoen: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 09.11.2014
Suchlauf-Zeit: 21:52:07
Logdatei: malwarebytes.txt
Administrator: Ja
Version: 2.00.3.1025
Malware Datenbank: v2014.11.09.07
Rootkit Datenbank: v2014.11.08.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows XP Service Pack 3
CPU: x86
Dateisystem: NTFS
Benutzer: Administrator
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 295892
Verstrichene Zeit: 37 Min, 24 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 11
PUP.Optional.HolaSearch.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}, In Quarantäne, [c9f287b2394360d64eb0377b37cbc040],
PUP.Optional.HolaSearch.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}, In Quarantäne, [2596b4853d3f003641be81318082926e],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\babylontoolbar, In Quarantäne, [d4e79b9e96e647ef813af78aaa5aea16],
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\InstallIQ, In Quarantäne, [19a22217106c0c2a859da1c39a6930d0],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, In Quarantäne, [a9124cedfd7f8bab8d8e59287f8542be],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [02b952e76715ab8bf4df780ba46046ba],
PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\OfferMosquito, In Quarantäne, [aa1164d52e4ec472006c23834cb8c53b],
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, In Quarantäne, [9b20f841bfbd1a1c05c288c98a799a66],
PUP.Optional.VisualBee.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\visualbee LTD, In Quarantäne, [d8e3c475a0dc162073155702956ef50b],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [427903361b61142270ca04557d86b24e],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [9724e6539edeea4cfd1ddda4bc48a759],
Registrierungswerte: 3
PUP.Optional.DataMgr.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DataMgr, "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe", In Quarantäne, [e4d7241515677db91ef81e8432d213ed]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, {3C7EC379-1C65-4B5D-88DC-643A78A59920}, In Quarantäne, [a9124cedfd7f8bab8d8e59287f8542be]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {3C7EC379-1C65-4B5D-88DC-643A78A59920}, In Quarantäne, [9724e6539edeea4cfd1ddda4bc48a759]
Registrierungsdaten: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-1659004503-2025429265-1606980848-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Gut: (1), Schlecht: (0),Ersetzt,[744736033d3faf87231cf94413f21ee2]
Ordner: 12
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\Free Mahjong Games, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\web_player, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.InstallBrain.A, C:\WINDOWS\system32\WNLT\INSTALLATION, In Quarantäne, [c8f386b37a02a2948b3f34cb936f619f],
PUP.Optional.Visualbee, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\VISUALBEEEXE, In Quarantäne, [65563405344876c0aef9a55bbf44e11f],
PUP.Optional.Visualbee, C:\Dokumente und Einstellungen\All Users\VISUALBEE, In Quarantäne, [39822d0c89f3e056773344bc59aafe02],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB\htmls, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8],
PUP.Optional.IBUpdater.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUPDATERSERVICE, In Quarantäne, [dfdc4cedd2aa3bfb596f9b8030d3fc04],
Dateien: 26
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\INSTALLER.JS, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\common.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\Uninstall.exe, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\WebPlayer.exe, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons\main.ico, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons\shortcut.ico, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\FREE MAHJONG GAMES\icons\tray.ico, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\config.xml, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\main.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\stub.html, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\event_listener.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\initialize.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\io.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\json.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\jsonstorage.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\storage.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\utils.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\kango\xhr.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\WEB_PLAYER\initialize.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.WebPlayer.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WEBPLAYER\scripts\WEB_PLAYER\web_player.js, In Quarantäne, [f1cabe7b572539fd4d6059eaae5552ae],
PUP.Optional.OfferMosquito.A, C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\Q8HWMOWB.DEFAULT-1369910195984\EXTENSIONS\OM@OFFERMOSQUITO.COM.XPI, In Quarantäne, [407b52e7b0cc49ed498183ce19eac13f],
PUP.Optional.DataMgr.A, C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr\DataMgr.exe, In Quarantäne, [e4d7241515677db91ef81e8432d213ed],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\Q8HWMOWB.DEFAULT-1369910195984\EXTENSIONS\SNT@DOTLABS.CO.XPI, In Quarantäne, [fbc093a693e939fd86e5a7ff03017090],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB\simple_new_tab.dll, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8],
PUP.Optional.SimpleNewTab.A, C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SIMPLE_NEW_TAB\htmls\index.html, In Quarantäne, [7a411e1b2d4f1a1ca0656ca2778c08f8],
PUP.Optional.IBUpdater.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUPDATERSERVICE\repository.xml, In Quarantäne, [dfdc4cedd2aa3bfb596f9b8030d3fc04],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Beim adw cleaner sind jetzt zwei logs, ich poste mal beide. Es gibt wohl ein paar Unterschiede. (Die neueste Version ist bei Filepony noch nicht oben)
[R0]
AdwCleaner Logfile: Code:
# AdwCleaner v4.101 - Bericht erstellt am 09/11/2014 um 23:27:26
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Administrator - PALOMINO
# Gestartet von : G:\Downloads\adwcleaner_4.101.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\foxydeal.sqlite
Datei Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\fbdownloader_search.xml
Datei Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\search.xml
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Common\LuaRT
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdvideosoftiehelpers
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PerformerSoft
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Seventh
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sixth
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Snz
Ordner Gefunden : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SSync
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\apn
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
Ordner Gefunden : C:\WINDOWS\system32\WNLT
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\5d6d78de13ebe47
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Smartbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Protector
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\Tencent
Schlüssel Gefunden : HKLM\SOFTWARE\VBMZ
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.fbdownloader.com/?channel=de
-\\ Mozilla Firefox v32.0.1 (x86 de)
[q8hwmowb.default-1369910195984] - Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
[q8hwmowb.default-1369910195984] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=de");
[q8hwmowb.default-1369910195984] - Zeile gefunden : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
*************************
AdwCleaner[R0].txt - [4827 octets] - [09/11/2014 23:27:26]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4887 octets] ########## --- --- ---
[S0]
AdwCleaner Logfile: Code:
# AdwCleaner v4.101 - Bericht erstellt am 09/11/2014 um 23:34:43
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Administrator - PALOMINO
# Gestartet von : G:\Downloads\adwcleaner_4.101.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\apn
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
Ordner Gelöscht : C:\WINDOWS\system32\WNLT
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Common\LuaRT
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataMgr
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intermediate
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PerformerSoft
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SCheck
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Seventh
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sixth
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Snz
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SSync
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\foxydeal.sqlite
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\fbdownloader_search.xml
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\search.xml
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\5d6d78de13ebe47
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Tencent
Schlüssel Gelöscht : HKLM\SOFTWARE\VBMZ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v32.0.1 (x86 de)
[q8hwmowb.default-1369910195984\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
[q8hwmowb.default-1369910195984\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=de");
[q8hwmowb.default-1369910195984\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=de&q=");
*************************
AdwCleaner[R0].txt - [4967 octets] - [09/11/2014 23:27:26]
AdwCleaner[S0].txt - [4814 octets] - [09/11/2014 23:34:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4874 octets] ########## --- --- ---
JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 09.11.2014 at 23:49:46,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{C333CF63-767F-4831-94AC-E683D962C63C}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\baidu security"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\getrighttogo"
Successfully deleted: [Folder] "C:\Programme\baidu security"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.11.2014 at 23:56:30,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Administrator (administrator) on PALOMINO on 09-11-2014 23:59:32
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe
(Creative Technology Ltd) C:\Programme\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Logitech Inc.) C:\WINDOWS\LOGI_MWX.EXE
(AVAST Software) C:\Programme\AVAST Software\Avast\AvastUI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [20992 2003-12-11] (Logitech Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Programme\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [AvastUI.exe] => C:\Programme\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-07] (AVAST Software)
HKLM\...\Run: [CTHelper] => CTHELPER.EXE
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [IE7] => rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart
HKU\S-1-5-18\...\RunOnce: [ShowDeskFix] => regsvr32 /s /n /i:u shell32
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xECA244E4A892CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-1659004503-2025429265-1606980848-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {FB8903A1-C95F-4B51-A32F-70F51770D026} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\plugins\npcoolirisplugin.dll ()
FF SearchPlugin: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\ich@maltegoetz.de.xpi [2014-10-13]
FF Extension: StopTube - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\stoptube@kashiif.com.xpi [2013-05-30]
FF Extension: Zoom Page - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\zoompage@DW-dev.xpi [2013-06-25]
FF Extension: Resurrect Pages - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2013-05-30]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\q8hwmowb.default-1369910195984\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-25]
FF Extension: ICQ Toolbar - C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-09-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF [2013-08-06]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-06]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-07]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Programme\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-08-25] () [File not signed]
R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-07] (AVAST Software)
S3 Creative Audio Engine Licensing Service; C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Programme\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-14] (Creative Technology Ltd) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-04-22] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-18] (Mozilla Foundation)
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S3 Al_elp; No ImagePath
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_5121528e\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_5121528e\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
S4 PCAppStoreSvc_{PCAppStore_4.3.1.5579}; C:\Programme\Baidu Security\PC App Store\4.3.1.5579\PCAppStoreSvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-07] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-07] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422760 2014-11-07] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-07] ()
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-04] (ATI Technologies Inc.)
S1 ATITool; C:\WINDOWS\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [47456 2014-06-05] (Baidu, Inc.)
S2 BT848; C:\WINDOWS\System32\DRIVERS\BT848.sys [371349 2011-01-25] (Illusion & Hope.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99352 2009-06-23] (Creative Technology Ltd)
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555032 2009-06-23] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347080 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100888 2009-06-23] (Creative Technology Ltd)
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566296 2009-06-23] (Creative Technology Ltd)
S3 emu10k; C:\WINDOWS\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\WINDOWS\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [798744 2009-06-23] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162840 2009-06-23] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189464 2009-06-23] (Creative Technology Ltd)
S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 k750bus; C:\WINDOWS\System32\DRIVERS\k750bus.sys [55216 2006-03-13] (MCCI) [File not signed]
S3 k750mdfl; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [6576 2006-03-13] (MCCI) [File not signed]
S3 k750mdm; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [89872 2006-03-13] (MCCI) [File not signed]
S3 k750mgmt; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [81728 2006-03-13] (MCCI) [File not signed]
S3 k750obex; C:\WINDOWS\System32\DRIVERS\k750obex.sys [79488 2006-03-13] (MCCI) [File not signed]
S3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [51582 2003-12-11] (Logitech, Inc.)
S3 LHidUsb; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [37916 2003-12-11] (Logitech, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [13824 2004-08-04] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [12400 2010-06-11] (Macrovision Europe Ltd) [File not signed]
S3 sfman; C:\WINDOWS\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [682232 2009-09-09] (Duplex Secure Ltd.)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [570168 2009-10-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [527800 2009-10-06] (eMPIA Technology, Inc.)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [32000 2008-04-14] (Microsoft Corporation)
S3 BioNT_BS; \??\C:\Programme\Paragon Software\Partition Manager\BlueScrn\BioNT_bs.sys [X]
S3 BprotectEx; \??\C:\WINDOWS\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
S3 PCFApiUtil; \??\C:\Programme\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
S3 Spring; \??\C:\Programme\Baidu Security\PC Faster\4.0.0.0\Spring.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-09 23:56 - 2014-11-09 23:56 - 00002032 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2014-11-09 23:49 - 2014-11-09 23:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-09 23:26 - 2014-11-09 23:34 - 00000000 ____D () C:\AdwCleaner
2014-11-09 22:55 - 2014-11-09 22:55 - 01706808 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2014-11-09 22:33 - 2014-11-09 22:33 - 00011194 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\malwarebytes.txt
2014-11-09 21:49 - 2014-11-09 21:51 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 21:48 - 2014-11-09 21:48 - 00000799 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 21:48 - 2014-11-09 21:48 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2014-11-09 21:48 - 2014-11-09 21:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2014-11-09 21:48 - 2014-11-09 21:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2014-11-09 21:48 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-09 21:48 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-09 21:47 - 2014-11-09 18:55 - 19828376 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-09 18:54 - 2014-11-09 18:54 - 00000554 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit DiskMark.exe.lnk
2014-11-09 18:00 - 2014-11-09 18:00 - 00001657 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\CrystalDiskInfo.lnk
2014-11-09 18:00 - 2014-11-09 18:00 - 00000000 ____D () C:\Programme\CrystalDiskInfo
2014-11-09 18:00 - 2014-11-09 18:00 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CrystalDiskInfo
2014-11-09 16:49 - 2014-11-09 16:49 - 00000643 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\HD Tune.lnk
2014-11-09 16:49 - 2014-11-09 16:49 - 00000000 ____D () C:\Programme\HD Tune
2014-11-09 16:49 - 2014-11-09 16:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HD Tune
2014-11-07 22:01 - 2014-11-07 22:01 - 00001751 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Avast Free Antivirus.lnk
2014-11-07 22:01 - 2014-11-07 22:00 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-07 22:00 - 2014-11-07 22:00 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-06 13:32 - 2014-11-10 00:00 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp
2014-11-06 13:32 - 2014-11-06 13:32 - 00014229 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.txt
2014-11-06 13:32 - 2014-11-06 13:32 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2014-11-06 13:32 - 2014-11-06 13:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\temp
2014-11-06 13:19 - 2014-11-06 13:19 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-11-06 12:58 - 2014-11-06 12:58 - 00000000 _RSHD () C:\cmdcons
2014-11-06 12:58 - 2013-05-02 17:33 - 00000211 _____ () C:\Boot.bak
2014-11-06 12:58 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2014-11-06 12:56 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-06 12:56 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-06 12:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-06 12:56 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-06 12:55 - 2014-11-06 13:32 - 00000000 ____D () C:\Qoobox
2014-11-06 12:54 - 2014-11-06 13:29 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-05 01:39 - 2014-11-05 14:04 - 00001561 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Neues Textdokument.txt
2014-11-03 22:21 - 2014-11-06 23:20 - 00000000 ____D () C:\Programme\SpeedFan
2014-11-03 22:21 - 2014-11-03 22:21 - 00000704 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\SpeedFan.lnk
2014-11-03 22:21 - 2014-11-03 22:21 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\SpeedFan
2014-11-01 23:49 - 2014-11-09 23:59 - 00000000 ____D () C:\FRST
2014-11-01 21:56 - 2014-11-01 21:56 - 00000020 _____ () C:\Dokumente und Einstellungen\Administrator\defogger_reenable
2014-11-01 18:46 - 2014-11-09 23:00 - 03162278 ____N () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.BAK
2014-11-01 15:51 - 2014-11-01 15:51 - 00000109 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\hjghghj.txt
2014-10-13 10:28 - 2014-10-13 10:29 - 00000287 _____ () C:\WINDOWS\nsw.log
2014-10-13 10:06 - 2014-10-13 10:06 - 00000252 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Windows-pc.lnk
2014-10-13 10:06 - 2014-10-13 10:06 - 00000249 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit Easybox.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-09 23:59 - 2013-07-01 09:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
2014-11-09 23:52 - 2009-04-04 12:32 - 00000000 ____D () C:\Programme
2014-11-09 23:45 - 2013-08-06 16:15 - 00000356 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-09 23:41 - 2013-09-24 17:08 - 01391966 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-09 23:40 - 2014-06-15 09:51 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-11-09 23:40 - 2014-06-15 09:51 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-09 23:39 - 2014-04-22 00:17 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 23:39 - 2009-04-04 12:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-09 23:38 - 2014-05-26 05:48 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-09 23:38 - 2009-04-04 12:12 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-11-09 23:38 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2014-11-09 23:34 - 2013-08-06 13:14 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Common
2014-11-09 23:25 - 2013-09-28 06:16 - 00000106 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Textdokument.txt
2014-11-09 23:00 - 2013-02-28 13:27 - 03162278 _____ () C:\WINDOWS\{00000000-00000000-00000008-00001102-00000004-00511102}.CDF
2014-11-09 22:35 - 2014-04-21 23:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-11-09 22:23 - 2013-09-16 15:18 - 00001050 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job
2014-11-09 22:09 - 2014-04-22 00:17 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 21:48 - 2009-04-04 12:32 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-11-09 20:48 - 2013-05-02 06:55 - 00000000 __SHD () C:\WINDOWS\CSC
2014-11-09 19:48 - 2014-04-22 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Desktop\BOTS
2014-11-09 19:44 - 2010-06-10 00:01 - 00000000 ___RD () C:\Dokumente und Einstellungen\Administrator\Desktop\~~~~
2014-11-09 19:39 - 2013-08-06 17:39 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2014-11-09 18:48 - 2008-04-14 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-09 16:23 - 2013-09-16 15:18 - 00001028 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job
2014-11-08 15:00 - 2014-04-22 00:10 - 00000232 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2014-11-07 22:00 - 2014-05-01 17:20 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00422760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-11-07 22:00 - 2013-08-06 16:15 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-07 21:59 - 2013-08-06 16:15 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-06 13:32 - 2009-04-04 12:01 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-11-06 13:26 - 2008-04-14 12:00 - 00000311 _____ () C:\WINDOWS\system.ini
2014-11-06 13:24 - 2009-04-04 11:54 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-06 13:19 - 2009-04-04 13:30 - 30146560 _____ () C:\WINDOWS\system32\config\software.bak
2014-11-06 13:19 - 2009-04-04 13:30 - 08126464 _____ () C:\WINDOWS\system32\config\system.bak
2014-11-06 13:19 - 2009-04-04 13:30 - 03670016 _____ () C:\WINDOWS\system32\config\default.bak
2014-11-06 13:19 - 2009-04-04 12:31 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-11-06 13:19 - 2009-04-04 12:31 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-11-06 12:58 - 2009-04-04 13:30 - 00000327 __RSH () C:\boot.ini
2014-11-03 22:21 - 2009-04-08 00:25 - 00000045 _____ () C:\WINDOWS\system32\initdebug.nfo
2014-11-03 22:21 - 2009-04-04 12:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme
2014-11-01 18:55 - 2014-06-15 10:04 - 00689934 _____ () C:\WINDOWS\setupapi.log
2014-10-27 20:24 - 2009-04-04 12:32 - 01069336 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-18 09:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-10-18 09:02 - 2013-09-24 07:03 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-10-16 14:40 - 2014-07-19 20:50 - 00000266 _____ () C:\WINDOWS\setupact.log
2014-10-15 13:02 - 2013-09-24 07:03 - 01073716 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-10-13 11:01 - 2014-06-10 18:05 - 00000000 ____D () C:\pisse
2014-10-13 10:36 - 2009-06-28 12:18 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic
2014-10-13 09:44 - 2014-10-08 17:05 - 00000022 _____ () C:\WINDOWS\system32\nvModes.dat
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\sfamcc00001.dll
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\sfareca00001.dll
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Administrator at 2014-11-10 00:00:51
Running from C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
AC3Filter (remove only) (HKLM\...\AC3Filter) (Version: - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AIDA64 Extreme Edition v3.20 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.)
AMP Font Viewer (HKLM\...\AMP Font Viewer) (Version: - )
Ashampoo WinOptimizer Platinum 3 (HKLM\...\Ashampoo WinOptimizer Platinum 3) (Version: - ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
CrystalDiskInfo 6.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
dBpowerAMP mp3PRO Input Codec (HKLM\...\dBpowerAMP mp3PRO Input Codec) (Version: - )
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version: - )
dBpowerAMP Ogg Vorbis Codec (HKLM\...\dBpowerAMP Ogg Vorbis Codec) (Version: - )
dBpowerAMP WMA V8 Codec (HKLM\...\dBpowerAMP WMA V8 Codec) (Version: - )
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
dMC Auxiliary Input (HKLM\...\dMC Auxiliary Input) (Version: - )
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 2 (HKLM\...\Fallout 2) (Version: - )
ffdshow (HKLM\...\ffdshow) (Version: 20051221-gcc4.0.2-sse-x264.nl - Milan Cutka)
FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)
GetFoldersize 1.2.3 (HKLM\...\GetFoldersize_is1) (Version: 1.2.3 - Michael Thummerer Software Design)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hardcore (HKLM\...\Hardcore) (Version: - Image-Line)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
ICQ6.5 (HKLM\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ)
Internet Explorer 7 (Version: - ) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MC SW 1.6.1 (HKLM\...\Merciless SW Texture set_is1) (Version: - MERCILESS CREATIONS)
MC: Zara5ustra Map Pack (HKLM\...\MC: Zara5ustra Map Pack) (Version: - )
Merciless 1942 version 1.6 (HKLM\...\Merciless 1942 version 1.6) (Version: - )
Merciless Creations Secret Weapons Single Player (HKLM\...\Merciless Creations Secret Weapons Single Player) (Version: - )
Merciless Single Player (HKLM\...\Merciless Single Player) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - DEU) (Version: - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.0 - Tracker Software Products Ltd)
Philppines and Kharkov update (HKLM\...\Merciless Creations 1.6.1 Texture Update_is1) (Version: - Merciless Creations)
Platform (Version: 1.22 - VIA Technologies, Inc.) Hidden
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
Rome - Total War(TM) (HKLM\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (Version: 1.0 - Ihr Firmenname) Hidden
Rome - Total War(TM) (Version: 1.2 - Ihr Firmenname) Hidden
Sakura (HKLM\...\Sakura) (Version: - Image-Line)
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Sicherheitsupdate für Windows Internet Explorer 7 (KB2792100) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 7 (KB2797052) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834902-v2) (HKLM\...\KB2834902-v2_WM10) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Silkroad (HKLM\...\Silkroad) (Version: - )
Snes9x (HKLM\...\Snes9x) (Version: - )
SpeechRedist (HKLM\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: - )
TeamSpeak 2 RC2 (HKLM\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TGW 0.15 (HKLM\...\TGW 0.15) (Version: - )
Tony Hawk's Pro Skater 3® (HKLM\...\Tony Hawk's Pro Skater 3®) (Version: 1.0 - Activision Publishing, Inc.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
UltimateDefrag V1 FREE Public Domain Version (HKLM\...\UltimateDefrag V1 FREE Public Domain Version) (Version: 1.72 - DiskTrix)
Update für Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.22 - VIA Technologies, Inc.)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.581 - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XBF 1.2 (HKLM\...\XBF 1.2) (Version: - )
XNote Stopwatch 1.50 (HKLM\...\XNote Stopwatch) (Version: - dnSoft Research Group)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{0CFA3FB2-47F4-4157-A162-648CAA980DE2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{19EFC4D2-5251-4EB5-84C8-5A970FF8F5E0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1A6F5C32-45F4-11D3-9A67-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsrx.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{42E0F145-11FD-11D3-BB97-00C04F8EE6C0}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\1033\itngram.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E48-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{93520E49-87DA-11D3-9517-00C04F604FF2}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1659004503-2025429265-1606980848-500_Classes\CLSID\{EC468149-6916-11D2-9427-00C04F8EF48F}\InprocServer32 -> C:\Programme\Gemeinsame Dateien\SpeechEngines\Microsoft\SR\spsreng.dll (Microsoft Corporation)
==================== Restore Points =========================
06-11-2014 12:25:03 Systemprüfpunkt
07-11-2014 13:24:02 Systemprüfpunkt
07-11-2014 20:55:40 avast! antivirus system restore point
08-11-2014 22:05:40 Systemprüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 12:00 - 2014-11-06 13:24 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Eingabeaufforderung.job => C:\WINDOWS\system32\cmd.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500Core.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-2025429265-1606980848-500UA.job => C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-09 20:51 - 2014-11-09 20:51 - 02900992 _____ () C:\Programme\AVAST Software\Avast\defs\14110901\algo.dll
2013-10-16 12:39 - 2014-11-07 22:00 - 38562088 _____ () C:\Programme\AVAST Software\Avast\libcef.dll
2010-08-08 23:07 - 2005-11-10 17:08 - 00418304 _____ () C:\Programme\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1659004503-2025429265-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
Gast (S-1-5-21-1659004503-2025429265-1606980848-501 - Limited - Enabled)
Hilfeassistent (S-1-5-21-1659004503-2025429265-1606980848-1000 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur
Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
System errors:
=============
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Error: (11/09/2014 11:38:29 PM) (Source: 0) (EventID: 2000) (User: )
Description: \Device\LanmanServer
Microsoft Office Sessions:
=========================
Error: (10/27/2014 01:23:07 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (09/30/2014 00:26:23 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur
Error: (09/19/2014 00:25:53 PM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 09:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 06:25:54 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
Error: (09/19/2014 03:25:56 AM) (Source: Google Update) (EventID: 20) (User: PALOMINO)
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r
==================== Memory info ===========================
Processor: AMD Athlon(tm) XP 2000+
Percentage of memory in use: 24%
Total physical RAM: 1791.48 MB
Available physical RAM: 1357.93 MB
Total Pagefile: 3467.69 MB
Available Pagefile: 3218.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.29 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:11.38 GB) (Free:1.99 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:45.89 GB) (Free:11.8 GB) NTFS
Drive f: (BOOT) (Fixed) (Total:91.2 GB) (Free:2.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (BACKUP) (Fixed) (Total:93.15 GB) (Free:38.49 GB) NTFS
Drive h: (SWAP) (Fixed) (Total:1.96 GB) (Free:0.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 57.3 GB) (Disk ID: 04680468)
Partition 1: (Active) - (Size=11.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: CCD3CCD3)
Partition 1: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=91.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=93.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================ |