![]() |
Log-Analyse und Auswertung: browser verseuchtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() browser verseucht![]() nach installation von freewareprogrammen ist surfen fast unmöglich, hab die verschiedensten Lösungen wie malewarebites, Superantispyware, Avaast, Easyscan, Norton 360 etc probiert. Hat alles nichts genützt. Bei Facebook werde ich, wenn ich Bilder hochladen will nach nem aktuellen Flashplayer gefragt. Dauernd soll ich den Videoplayer runterladen und irgendso ne Jsr Seite poppt dauernd auf. Arbeite mit einem Lenovo Thinkpad T410s und Win7. Ab und zu fährt das Notebook auch einfach mal so runter, aber dass war auch schon vorher so. Ich brauch dass Teil und muss mich beruflich und privat darauf verlassen können. Bitte helft mir! Hubertus Hier der Quickscan von OTL: OTL logfile created on: 15-03-2014 08:22:13 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Hemanga\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00004009 | Country: Indien | Language: ENN | Date Format: dd-MM-yyyy 3.80 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 38.92% Memory free 7.60 Gb Paging File | 4.53 Gb Available in Paging File | 59.58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.69 Gb Total Space | 156.05 Gb Free Space | 67.06% Space Free | Partition Type: NTFS Computer Name: WEBSERVANT | User Name: Hemanga | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014-03-14 23:23:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hemanga\Downloads\OTL.exe PRC - [2014-03-14 10:31:51 | 000,348,952 | ---- | M] () -- C:\Program Files (x86)\Jotzey\updateJotzey.exe PRC - [2014-03-14 09:12:10 | 000,348,952 | ---- | M] () -- C:\Program Files (x86)\Jotzey\bin\utilJotzey.exe PRC - [2014-03-11 00:56:27 | 000,234,096 | ---- | M] (soft Xpansion) -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe PRC - [2014-03-05 03:31:24 | 000,510,608 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe PRC - [2014-03-03 14:32:36 | 004,620,064 | ---- | M] (Conduit) -- C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe PRC - [2014-03-03 14:32:36 | 003,008,800 | ---- | M] (Conduit) -- C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe PRC - [2014-03-03 14:32:36 | 002,454,816 | ---- | M] (Conduit) -- C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe PRC - [2014-02-28 09:07:41 | 000,070,848 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\MgAssist.exe PRC - [2014-02-28 09:07:35 | 000,768,192 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe PRC - [2014-02-08 14:16:30 | 000,180,736 | ---- | M] () -- C:\Program Files (x86)\Pass-Widget\PassWidget153.exe PRC - [2014-02-08 14:16:30 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\Pass-Widget\PassWidget_wd.exe PRC - [2014-01-26 19:32:48 | 000,712,280 | ---- | M] () -- C:\Program Files (x86)\QQS\serverqqs.exe PRC - [2014-01-08 15:24:22 | 000,209,408 | ---- | M] () -- C:\Program Files\V-bates\ExtensionUpdaterService.exe PRC - [2013-12-21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-12-17 11:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe PRC - [2013-11-20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2013-11-20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe PRC - [2013-11-20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2013-10-08 13:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\\N360.exe PRC - [2013-09-14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe PRC - [2013-08-26 14:32:32 | 001,989,920 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe PRC - [2013-06-05 01:02:10 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Hemanga\AppData\Local\Akamai\netsession_win.exe PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013-03-15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2013-01-15 13:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company) -- C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe PRC - [2013-01-15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe PRC - [2012-05-16 05:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2012-01-16 10:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2012-01-16 10:47:40 | 000,044,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe PRC - [2012-01-16 10:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe PRC - [2011-11-04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011-10-20 11:11:24 | 000,412,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2011-10-20 11:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2011-10-20 11:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2011-10-20 11:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2011-07-12 17:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe PRC - [2011-07-12 16:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Zoom\TpScrex.exe PRC - [2011-07-12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe PRC - [2011-07-12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe PRC - [2011-05-23 11:10:00 | 001,688,384 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe PRC - [2010-05-03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010-05-03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2008-08-25 08:23:24 | 000,292,864 | ---- | M] (Oleh Demchenko) -- C:\Program Files (x86)\Vaisnava Reminder\vreminder.exe ========== Modules (No Company Name) ========== MOD - [2014-03-14 11:17:20 | 000,474,816 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DCR.dll MOD - [2014-03-14 11:17:20 | 000,065,728 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\Device.dll MOD - [2014-02-28 09:07:35 | 000,768,192 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe MOD - [2014-02-08 14:16:30 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\Pass-Widget\PassWidget_wd.exe MOD - [2014-01-20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2014-01-20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2014-01-08 15:24:14 | 000,194,048 | ---- | M] () -- C:\Program Files\V-bates\Extension32.dll MOD - [2013-09-14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll MOD - [2013-09-14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll MOD - [2013-07-24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll MOD - [2008-05-04 10:08:38 | 000,223,709 | ---- | M] () -- C:\Program Files (x86)\Vaisnava Reminder\VREMINDER.DLL ========== Services (SafeList) ========== SRV:64bit: - [2014-03-01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014-01-08 15:24:22 | 000,209,408 | ---- | M] () [Auto | Running] -- C:\Program Files\V-bates\ExtensionUpdaterService.exe -- (V-bates Updater) SRV:64bit: - [2013-10-10 23:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2012-06-25 15:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2012-06-25 15:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2012-06-25 15:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2012-01-16 10:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:64bit: - [2012-01-16 10:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe -- (LENOVO.CAMMUTE) SRV:64bit: - [2011-07-12 15:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV:64bit: - [2011-07-12 15:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe -- (TPHKLOAD) SRV:64bit: - [2011-07-12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe -- (LENOVO.MICMUTE) SRV:64bit: - [2011-07-12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:64bit: - [2011-02-01 13:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2014-03-14 22:43:51 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-03-14 10:31:51 | 000,348,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Jotzey\updateJotzey.exe -- (Update Jotzey) SRV - [2014-03-14 09:12:10 | 000,348,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Jotzey\bin\utilJotzey.exe -- (Util Jotzey) SRV - [2014-03-11 00:56:27 | 000,234,096 | ---- | M] (soft Xpansion) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10) SRV - [2014-03-05 03:31:24 | 000,510,608 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm) SRV - [2014-03-03 14:32:36 | 002,454,816 | ---- | M] (Conduit) [Auto | Running] -- C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc) SRV - [2014-02-28 09:07:41 | 000,070,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobogenie\MgAssist.exe -- (MgAssistService) SRV - [2014-02-08 14:16:30 | 000,180,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Pass-Widget\PassWidget153.exe -- (PassWidget) SRV - [2014-02-04 19:53:51 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-01-26 19:32:48 | 000,712,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\QQS\serverqqs.exe -- (serverqqs) SRV - [2013-12-21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-12-17 11:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9) SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-10-08 13:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\\N360.exe -- (N360) SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013-06-26 14:57:38 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013-03-15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2013-01-15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service) SRV - [2012-05-16 05:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2012-05-16 05:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2012-05-16 05:32:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2011-10-20 11:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2011-10-20 11:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011-05-23 11:10:00 | 001,688,384 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) SRV - [2010-05-03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010-05-03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-11-08 22:52:58 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013-09-27 04:18:30 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symefa64.sys -- (SymEFA) DRV:64bit: - [2013-09-27 03:26:03 | 000,858,200 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013-09-26 04:28:00 | 000,590,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys -- (SymNetS) DRV:64bit: - [2013-09-26 03:50:25 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2013-08-01 04:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symds64.sys -- (SymDS) DRV:64bit: - [2013-07-31 05:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ironx64.sys -- (SymIRON) DRV:64bit: - [2013-07-31 04:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013-07-25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013-03-15 16:00:06 | 000,633,680 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2013-03-15 16:00:06 | 000,390,352 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2013-03-15 16:00:06 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2012-12-13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012-07-05 20:43:24 | 000,443,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012-07-05 20:43:24 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012-06-03 07:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012-05-30 12:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012-05-16 05:32:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2012-05-16 05:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012-01-10 13:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011-12-27 02:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011-08-23 04:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011-07-22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011-07-20 08:58:24 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2011-07-12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011-05-23 10:12:40 | 000,444,416 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k) DRV:64bit: - [2011-05-23 10:12:40 | 000,231,040 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k) DRV:64bit: - [2011-05-23 10:12:40 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k) DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-02-01 13:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-09-07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010-08-25 09:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010-01-29 09:48:06 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009-10-26 13:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009-09-18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009-07-14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009-07-14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2014-03-06 04:45:37 | 000,524,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\\Definitions\IPSDefs\20140313.001\IDSvia64.sys -- (IDSVia64) DRV - [2014-01-28 01:14:39 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\\Definitions\VirusDefs\20140314.001\EX64.SYS -- (NAVEX15) DRV - [2014-01-28 01:14:39 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2014-01-28 01:14:39 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\\Definitions\VirusDefs\20140314.001\ENG64.SYS -- (NAVENG) DRV - [2013-12-18 01:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\\Definitions\BASHDefs\20140214.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013-11-21 11:04:32 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 40 E8 FC A1 EA CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = hxxp://search.conduit.com/Results.aspx?ctid=CT3320326&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP097D099D-E9ED-4C57-8773-7F7D5184967A&q={searchTerms}&SSPV= IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http= ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: quick_start%40gmail.com:3.1.2 FF - prefs.js..extensions.enabledAddons: %7B59981518-8b2b-431e-90db-17dacc8cfa86%7D:1.0.1 FF - prefs.js..extensions.enabledAddons: %7B2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7%7D:1.5.5 FF - prefs.js..extensions.enabledAddons: %7BB45418F9-6406-4828-9D1A-35313FB1E2D6%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D: FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@qqsn.com/QqsnInsert: C:\Program Files (x86)\QQS\NpqqsnInsert.dll (Alliance Win Online Network Technology Co., LTD) FF - HKLM\Software\MozillaPlugins\@qqsp.com/QvodInsert: C:\Program Files (x86)\QQS\npqqsp.dll (Alliance Win Online Network Technology Co., LTD) FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QQS\npqplus.dll (Alliance Win Online Network Technology Co., LTD) FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX [2014-03-11 00:29:47 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\ [2014-03-15 08:17:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2013-11-09 18:20:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\OKitSpace@OKitSpace.es: C:\Users\Hemanga\AppData\Roaming\okitSpace\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox [2014-03-11 00:29:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\lightningnewtab@gmail.com: C:\Users\Hemanga\AppData\Roaming\Mozilla\Firefox\Profiles\gfh9vatf.default-1386681250393\extensions\lightningnewtab@gmail.com.xpi FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{51c77233-c0ad-4220-8388-47c11c18b355}: C:\Program Files (x86)\Browser Utility\browserutility.xpi [2013-08-27 11:58:52 | 000,012,015 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2014-03-11 00:56:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014-02-28 00:13:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2014-03-11 00:56:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8e7d6746-77a0-402a-b4ab-a6f73a41db80}: C:\Program Files (x86)\Re-markit\136.xpi FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014-02-28 00:13:21 | 000,000,000 | ---D | M] [2013-11-08 20:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hemanga\AppData\Roaming\mozilla\Extensions [2014-03-14 21:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hemanga\AppData\Roaming\mozilla\Firefox\Profiles\gfh9vatf.default-1386681250393\extensions [2014-01-08 22:31:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hemanga\AppData\Roaming\mozilla\Firefox\Profiles\gfh9vatf.default-1386681250393\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2014-02-27 15:08:24 | 000,000,000 | ---D | M] ("Quick Start") -- C:\Users\Hemanga\AppData\Roaming\mozilla\Firefox\Profiles\gfh9vatf.default-1386681250393\extensions\quick_start@gmail.com [2014-02-27 14:42:32 | 000,191,940 | ---- | M] () (No name found) -- C:\Users\Hemanga\AppData\Roaming\mozilla\firefox\profiles\gfh9vatf.default-1386681250393\extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-03-13 11:45:15 | 000,074,744 | ---- | M] () (No name found) -- C:\Users\Hemanga\AppData\Roaming\mozilla\firefox\profiles\gfh9vatf.default-1386681250393\extensions\om@offermosquito.com.xpi [2014-02-28 20:50:44 | 000,009,696 | ---- | M] () (No name found) -- C:\Users\Hemanga\AppData\Roaming\mozilla\firefox\profiles\gfh9vatf.default-1386681250393\extensions\{59981518-8b2b-431e-90db-17dacc8cfa86}.xpi [2014-02-04 19:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-02-04 19:53:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014-03-11 00:56:27 | 000,000,000 | ---D | M] (Free PDF Perfect) -- C:\PROGRAMDATA\FREEMIUM\FREE PDF PERFECT\DATA\FFTB [2014-03-15 08:17:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\COFFPLGN [2013-11-09 18:20:22 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2013-11-08 10:52:26 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google ![]() ![]() CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :cursorPosition}{google:currentPageUrl}{google ![]() CHR - plugin: Error reading preferences file CHR - Extension: Google Docs = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Browser Utility = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\eckmjheijoffjbjmkgggoclppgdlajfa\0.1_0\ CHR - Extension: V-bates = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\\ CHR - Extension: Norton Identity Protection = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.4.11_1\ CHR - Extension: Google Wallet = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\\ CHR - Extension: Google Mail = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Lightning speedDial = C:\Users\Hemanga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn\1.2.0_0\ O1 HOSTS File: ([2014-02-13 07:33:29 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (SmartSaver+ 12) - {11111111-1111-1111-1111-110411891130} - C:\Program Files (x86)\SmartSaver+ 12\SmartSaver+ 12-bho64.dll (smart-saverplus) O2:64bit: - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll () O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\\coIEPlg.dll (Symantec Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSaver+ 12) - {11111111-1111-1111-1111-110411891130} - C:\Program Files (x86)\SmartSaver+ 12\SmartSaver+ 12-bho.dll (smart-saverplus) O2 - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll () O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Jotzey) - {63a20a19-b1e6-4355-ab4c-28553af40ca2} - C:\Program Files (x86)\Jotzey\Jotzeybho.dll (Jotzey) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Browser Utility) - {d9f8ec5f-18a3-4f95-b7a9-0cc9b9c87a44} - C:\Program Files (x86)\Browser Utility\browserutility.dll (Browser Utility) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\\coIEPlg.dll (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (Free PDF Perfect) - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Free PDF Perfect) - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion) O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe () O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [QqsnTerminal] C:\Program Files (x86)\QQS\qvodterminal.exe (Shenzhen QVOD Technology Co.,Ltd) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Hemanga\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [DataMgr] C:\Users\Hemanga\AppData\Roaming\DataMgr\DataMgr.exe (HTTO Group, Ltd.) O4 - HKCU..\Run: [Intermediate] C:\Users\Hemanga\AppData\Roaming\Intermediate\Intermediate.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [SSync] C:\Users\Hemanga\AppData\Roaming\SSync\SSync.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) O4 - HKCU..\Run: [VaisnavaReminder] C:\Program Files (x86)\Vaisnava Reminder\vreminder.exe (Oleh Demchenko) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found O8:64bit: - Extra context menu item: Bild ausschneiden - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8:64bit: - Extra context menu item: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html () O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: URL notieren - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Bild ausschneiden - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html () O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: URL notieren - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html () O9 - Extra Button: Send to MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: cloudapp.net ([ConversationTranslator] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.45.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B077B6E-3CCA-4AFE-A53A-B514B6043697}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C2056BE-EDC3-45B7-BE53-8B4C77B13C2B}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1D8FD55-0B70-4C54-AC5B-F6FF697032CE}: DhcpNameServer = O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit) O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll (Conduit) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013-12-25 13:19:20 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014-03-14 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\Optimizer Pro [2014-03-14 20:54:24 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage [2014-03-14 20:54:23 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\VOPackage [2014-03-14 20:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2014-03-13 16:52:05 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\SoundEffects 2 [2014-03-13 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\Musik [2014-03-13 16:50:22 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\Digi.SoundEffects [2014-03-13 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\graf-impuls [2014-03-13 16:50:09 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\Jugendschutz lkgi [2014-03-13 16:50:01 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\Tann [2014-03-13 10:09:20 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Local\Diagnostics [2014-03-11 00:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemium [2014-03-11 00:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\soft Xpansion [2014-03-11 00:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Freemium [2014-03-11 00:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemium [2014-03-11 00:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemium [2014-03-11 00:56:03 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\dlg [2014-03-11 00:55:55 | 000,000,000 | ---D | C] -- C:\SoftwareUpdater [2014-03-11 00:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Covus Freemium [2014-03-11 00:55:26 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie [2014-03-11 00:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Utility [2014-03-11 00:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSaver+ 12 [2014-03-11 00:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird [2014-03-11 00:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print Envelope [2014-03-11 00:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RKComputer [2014-03-11 00:39:43 | 004,814,349 | ---- | C] (Radovan Kraus ) -- C:\Users\Hemanga\Desktop\PrintEnvelope_EN_3217.exe [2014-03-11 00:38:15 | 000,096,328 | ---- | C] (Wondershare Software) -- C:\Windows\SysNative\WSMonEditor.dll [2014-03-11 00:37:59 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Local\Wondershare [2014-03-11 00:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare [2014-03-11 00:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare [2014-03-11 00:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFEditor [2014-03-11 00:37:33 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\Wondershare [2014-03-11 00:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare [2014-03-11 00:34:03 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\mywebalbum [2014-03-11 00:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\V-bates [2014-03-11 00:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWebAlbum [2014-03-11 00:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWebAlbum [2014-03-09 20:51:56 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Desktop\Tor Browser [2014-03-07 03:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2014-03-06 05:30:33 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\MAGIX [2014-03-06 05:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2014-03-06 05:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2014-03-06 05:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX [2014-03-06 05:15:27 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\MAGIX Downloads [2014-03-06 05:15:26 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\MAGIX [2014-03-06 05:05:33 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\Intermediate [2014-03-06 05:05:33 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\Fifth [2014-03-06 05:05:33 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\DataMgr [2014-03-06 05:05:20 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\SSync [2014-03-06 05:04:00 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\Common [2014-03-06 05:03:59 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\Windows Net Data [2014-03-06 04:30:44 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\tor [2014-03-05 19:42:43 | 000,000,000 | ---D | C] -- C:\Media [2014-03-05 11:19:10 | 000,000,000 | ---D | C] -- C:\Windows\qqsupdate [2014-03-05 11:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\QvodPlayer [2014-03-05 11:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\QQSNPlayer [2014-03-05 11:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QQS [2014-03-05 11:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QQS [2014-03-04 08:47:15 | 000,000,000 | ---D | C] -- C:\TEMP [2014-03-02 16:36:32 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\Documents\SlideShowCreator [2014-03-02 16:36:32 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\SlideShowCreator [2014-03-02 16:36:30 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Local\Spoon [2014-03-02 16:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2014-03-02 16:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Picture Solutions [2014-03-02 16:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Slideshow Maker [2014-03-02 16:35:30 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\Free Picture Solutions [2014-03-02 12:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2013 Free [2014-03-02 12:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software [2014-02-28 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jotzey [2014-02-28 15:18:08 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Local\SearchProtect [2014-02-28 15:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect [2014-02-28 00:38:44 | 000,000,000 | ---D | C] -- C:\Users\Hemanga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2014-02-28 00:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2014-02-28 00:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2014-02-28 00:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2014-02-28 00:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2014-02-28 00:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2014-02-28 00:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2014-02-28 00:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2014-02-28 00:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2014-02-28 00:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Hemanga\AppData\Local\*.tmp files -> C:\Users\Hemanga\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014-03-15 08:26:15 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-03-15 08:26:15 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-03-15 08:18:06 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\PassWidget Update.job [2014-03-15 08:17:16 | 000,002,408 | ---- | M] () -- C:\Windows\tasks\SmartSaver+ 12-validator.job [2014-03-15 08:17:14 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-03-15 08:17:08 | 000,002,432 | ---- | M] () -- C:\Windows\tasks\SmartSaver+ 12-firefoxinstaller.job [2014-03-15 08:17:08 | 000,001,530 | ---- | M] () -- C:\Windows\tasks\SmartSaver+ 12-updater.job [2014-03-15 08:17:08 | 000,001,486 | ---- | M] () -- C:\Windows\tasks\SmartSaver+ 12-codedownloader.job [2014-03-15 08:17:08 | 000,001,384 | ---- | M] () -- C:\Windows\tasks\SmartSaver+ 12-enabler.job [2014-03-15 08:17:08 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\PassWidget_wd.job [2014-03-15 08:16:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-03-15 08:16:36 | 3060,535,296 | -HS- | M] () -- C:\hiberfil.sys [2014-03-14 23:58:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-03-14 23:45:05 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-03-14 23:07:55 | 000,000,172 | ---- | M] () -- C:\Windows\qqsserver.ini [2014-03-14 21:18:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job [2014-03-14 21:11:00 | 000,001,107 | ---- | M] () -- C:\Users\Hemanga\Desktop\Continue VuuPC Installation.lnk [2014-03-14 21:08:45 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job [2014-03-14 21:08:45 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job [2014-03-14 20:58:09 | 000,000,161 | ---- | M] () -- C:\Users\Hemanga\AppData\Roaming\aps.uninstall.scan.results [2014-03-14 09:45:06 | 000,343,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014-03-14 09:27:43 | 000,002,006 | -H-- | M] () -- C:\Users\Hemanga\Documents\Default.rdp [2014-03-13 16:47:54 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-03-13 16:47:54 | 000,699,666 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014-03-13 16:47:54 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-03-13 16:47:54 | 000,149,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014-03-13 16:47:54 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-03-11 00:56:48 | 000,002,173 | ---- | M] () -- C:\Users\Hemanga\Desktop\Free PDF Perfect.lnk [2014-03-11 00:56:29 | 000,010,464 | ---- | M] () -- C:\Windows\SysWow64\sx_p2d.tlb [2014-03-11 00:56:03 | 000,001,144 | ---- | M] () -- C:\Users\Hemanga\Desktop\Goodgame Empire.lnk [2014-03-11 00:55:27 | 000,001,030 | ---- | M] () -- C:\Users\Hemanga\Desktop\Mobogenie.lnk [2014-03-11 00:52:37 | 000,000,000 | ---- | M] () -- C:\END [2014-03-11 00:40:22 | 000,001,215 | ---- | M] () -- C:\Users\Hemanga\Desktop\Print Envelope.lnk [2014-03-11 00:39:49 | 004,814,349 | ---- | M] (Radovan Kraus ) -- C:\Users\Hemanga\Desktop\PrintEnvelope_EN_3217.exe [2014-03-11 00:29:15 | 000,000,964 | ---- | M] () -- C:\Users\Hemanga\Desktop\iWebAlbum.lnk [2014-03-06 05:17:47 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Slideshow Maker 2.lnk [2014-03-06 04:41:49 | 000,001,353 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Slideshow Studio HD 2.lnk [2014-03-06 04:41:49 | 000,000,213 | ---- | M] () -- C:\Users\Public\Desktop\Your Software Deals.url [2014-03-05 20:18:00 | 000,774,508 | ---- | M] () -- C:\Users\Hemanga\Documents\IMG_0718.jpg [2014-03-05 20:17:40 | 000,949,411 | ---- | M] () -- C:\Users\Hemanga\Documents\IMG_0717.jpg [2014-03-05 17:49:20 | 000,594,747 | ---- | M] () -- C:\Users\Hemanga\Documents\schwind.jpg [2014-03-04 08:26:58 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014-03-02 16:36:04 | 000,001,359 | ---- | M] () -- C:\Users\Public\Desktop\Free Slideshow Maker.lnk [2014-03-02 12:19:41 | 000,002,420 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk [2014-02-28 00:38:45 | 000,001,018 | ---- | M] () -- C:\Users\Hemanga\Desktop\SpeedFan.lnk [2014-02-28 00:38:44 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2014-02-28 00:34:20 | 000,001,543 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2014-02-28 00:34:18 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2014-02-28 00:32:13 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2014-02-28 00:13:03 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Hemanga\AppData\Local\*.tmp files -> C:\Users\Hemanga\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2014-03-14 21:11:00 | 000,001,107 | ---- | C] () -- C:\Users\Hemanga\Desktop\Continue VuuPC Installation.lnk [2014-03-14 20:58:10 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job [2014-03-14 20:58:10 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job [2014-03-14 20:58:09 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job [2014-03-14 20:56:05 | 000,000,161 | ---- | C] () -- C:\Users\Hemanga\AppData\Roaming\aps.uninstall.scan.results [2014-03-11 00:56:47 | 000,002,173 | ---- | C] () -- C:\Users\Hemanga\Desktop\Free PDF Perfect.lnk [2014-03-11 00:56:29 | 000,010,464 | ---- | C] () -- C:\Windows\SysWow64\sx_p2d.tlb [2014-03-11 00:56:03 | 000,001,144 | ---- | C] () -- C:\Users\Hemanga\Desktop\Goodgame Empire.lnk [2014-03-11 00:55:27 | 000,001,030 | ---- | C] () -- C:\Users\Hemanga\Desktop\Mobogenie.lnk [2014-03-11 00:52:37 | 000,000,000 | ---- | C] () -- C:\END [2014-03-11 00:41:31 | 000,001,530 | ---- | C] () -- C:\Windows\tasks\SmartSaver+ 12-updater.job [2014-03-11 00:41:29 | 000,001,384 | ---- | C] () -- C:\Windows\tasks\SmartSaver+ 12-enabler.job [2014-03-11 00:41:27 | 000,001,486 | ---- | C] () -- C:\Windows\tasks\SmartSaver+ 12-codedownloader.job [2014-03-11 00:40:40 | 000,002,432 | ---- | C] () -- C:\Windows\tasks\SmartSaver+ 12-firefoxinstaller.job [2014-03-11 00:40:38 | 000,002,408 | ---- | C] () -- C:\Windows\tasks\SmartSaver+ 12-validator.job [2014-03-11 00:40:22 | 000,001,215 | ---- | C] () -- C:\Users\Hemanga\Desktop\Print Envelope.lnk [2014-03-11 00:29:15 | 000,000,964 | ---- | C] () -- C:\Users\Hemanga\Desktop\iWebAlbum.lnk [2014-03-06 05:17:46 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Slideshow Maker 2.lnk [2014-03-06 04:41:48 | 000,001,353 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Slideshow Studio HD 2.lnk [2014-03-05 20:18:00 | 000,774,508 | ---- | C] () -- C:\Users\Hemanga\Documents\IMG_0718.jpg [2014-03-05 20:17:40 | 000,949,411 | ---- | C] () -- C:\Users\Hemanga\Documents\IMG_0717.jpg [2014-03-05 17:49:20 | 000,594,747 | ---- | C] () -- C:\Users\Hemanga\Documents\schwind.jpg [2014-03-05 11:31:20 | 000,000,172 | ---- | C] () -- C:\Windows\qqsserver.ini [2014-03-02 16:36:03 | 000,001,359 | ---- | C] () -- C:\Users\Public\Desktop\Free Slideshow Maker.lnk [2014-03-02 12:19:41 | 000,002,420 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk [2014-02-28 00:38:45 | 000,001,018 | ---- | C] () -- C:\Users\Hemanga\Desktop\SpeedFan.lnk [2014-02-28 00:38:44 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2014-02-28 00:34:19 | 000,001,543 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2014-02-28 00:32:12 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2014-02-28 00:13:03 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2014-02-08 17:11:55 | 000,003,584 | ---- | C] () -- C:\Users\Hemanga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-02-08 14:24:31 | 000,000,077 | ---- | C] () -- C:\Windows\huffyuv.ini [2014-02-08 14:24:04 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2014-02-02 16:20:31 | 111,400,802 | ---- | C] () -- C:\Users\Hemanga\13-02-01-Sa-Fest.avi [2014-02-01 23:42:24 | 006,977,114 | ---- | C] () -- C:\Users\Hemanga\harinam Darmstadt.avi [2014-01-19 16:30:24 | 039,233,142 | ---- | C] () -- C:\Users\Hemanga\Bhajankutir.avi [2014-01-17 23:47:59 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2014-01-09 11:22:56 | 043,306,046 | ---- | C] () -- C:\Users\Hemanga\My slideshow.avi [2013-12-25 14:13:03 | 000,000,149 | ---- | C] () -- C:\Users\Hemanga\AppData\Roaming\WB.CFG [2013-12-25 11:19:18 | 062,648,500 | ---- | C] () -- C:\Users\Hemanga\rfp9thhemanga.avi [2013-12-24 21:56:25 | 104,043,314 | ---- | C] () -- C:\Users\Hemanga\powerofrussiaiskconmovi.avi [2013-12-24 20:38:10 | 070,762,784 | ---- | C] () -- C:\Users\Hemanga\rfprheinmainbeireligionsforpeace9thassemblyvienna2013slideshow.avi [2013-12-24 20:30:00 | 108,235,100 | ---- | C] () -- C:\Users\Hemanga\rfpgoogassamblyvienna89th.avi [2013-12-24 19:45:14 | 117,526,002 | ---- | C] () -- C:\Users\Hemanga\Religions for peacemovivienna9th.avi [2013-12-23 01:59:16 | 102,106,708 | ---- | C] () -- C:\Users\Hemanga\power of russia.avi [2013-12-22 19:01:10 | 001,594,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-12-05 05:03:08 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini [2012-10-18 13:39:56 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012-10-18 13:39:55 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012-10-18 13:39:54 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012-10-18 13:39:53 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013-11-08 22:59:29 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Ashampoo [2013-11-24 16:31:04 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Ashampoo Slideshow Studio 2013 [2013-12-22 19:23:42 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Ashampoo Slideshow Studio HD 2 [2013-11-29 01:08:52 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\CoffeeCup Software [2014-03-06 05:04:00 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Common [2014-03-06 05:05:33 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\DataMgr [2014-03-11 00:56:03 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\dlg [2014-02-28 00:33:55 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\DVDVideoSoft [2013-12-22 17:15:37 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Edraw Mind Map [2013-12-22 15:28:58 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Epsitec Cache [2013-11-08 17:43:50 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\ESET [2014-03-15 08:17:17 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Fifth [2014-03-02 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Free Picture Solutions [2013-12-18 23:02:57 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\FreeTorrentViewer [2013-11-18 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Gena01 [2013-11-17 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\GHISLER [2013-12-29 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\GianPaoloSaliola [2014-03-06 05:05:33 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Intermediate [2014-03-04 08:41:30 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\IrfanView [2013-11-09 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\LibreOffice [2014-03-06 05:35:43 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\MAGIX [2013-12-22 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\OPaC bright ideas [2014-01-17 23:49:14 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Photobucket [2014-02-02 14:59:05 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\PhotoScape [2013-11-08 23:16:51 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\PwrMgr [2014-03-03 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\SlideShowCreator [2014-03-06 05:05:20 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\SSync [2013-12-22 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\TeamViewer [2013-11-09 20:14:25 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Temp [2013-12-05 05:00:24 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\TuneUp Software [2014-03-14 20:54:24 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\VOPackage [2014-03-06 05:03:59 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Windows Net Data [2014-03-11 00:38:19 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\Wondershare [2014-03-05 20:23:10 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\XnView [2014-01-19 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\Hemanga\AppData\Roaming\XnViewMP ========== Purity Check ========== ========== Files - Unicode (All) ========== [2014-01-22 01:40:57 | 073,180,546 | ---- | M] ()(C:\Users\Hemanga\9th Worldassembly ??Religions for Peace 20-22 Novembre 2013.avi) -- C:\Users\Hemanga\9th Worldassembly €žReligions for Peace 20-22 Novembre 2013.avi [2014-01-22 01:37:51 | 073,180,546 | ---- | C] ()(C:\Users\Hemanga\9th Worldassembly ??Religions for Peace 20-22 Novembre 2013.avi) -- C:\Users\Hemanga\9th Worldassembly €žReligions for Peace 20-22 Novembre 2013.avi ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:676C1C69 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:51E9F892 < End of report > |
![]() | #2 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() browser verseucht hi,
__________________![]() Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: ![]() (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
![]() |
Themen zu browser verseucht |
adobe, application/pdf:, autorun, bho, browser, continue, defender, explorer, firefox, format, freemium, goodgame, helper, installation, lightning, lightning speeddial, lightning speeddial entfernen, logfile, mobogenie, mobogenie entfernen, mp3, preferences, pwmtr64v.dll, quick_start, registry, security, software, symantec, tracker, vuupc, windows |