|
Plagegeister aller Art und deren Bekämpfung: Lollipop und andere Viren entfernen- Windows8; 64bitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.04.2014, 18:18 | #1 |
| Lollipop und andere Viren entfernen- Windows8; 64bit Ich hab mir vor paar Tagen wie auch immer "Lollipop" auf meinen Rechner geholt... Mittlerweile macht das Programm hier soviel Schaden, dass immer wieder der Internetbrowser von allein aufgeht mit diversen Seiten, einige Seiten ständig neu geladen werden und man mit denen nicht arbeiten kann (auch bei diesem Forum- musste das Neuladen durch klicken aufs X unterbinden, damit der nicht ständig vom Forum wegspringt). Entfernen kann ich Lollipop von allein nicht, hab ich schon versucht. Ich hab leider den Überblick verloren, was bereits alles geschädigt ist. Mein Betriebssystem: Windows 8 64 bit Ich brauche euch dringend Bitte Bitte Gez. eine Jungfer in Nöten |
16.04.2014, 18:26 | #2 |
/// the machine /// TB-Ausbilder | Lollipop und andere Viren entfernen- Windows8; 64bit hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
17.04.2014, 10:19 | #3 |
| Lollipop und andere Viren entfernen- Windows8; 64bit Vielen Dank! Hier das Ergebnis:
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2014 01 Ran by Shy at 2014-04-16 19:35:54 Running from C:\Users\Shy\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12594 - Systweak Software) <==== ATTENTION Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden Bandizip (HKCU\...\Bandizip) (Version: 3.07 - Bandisoft.com) Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.) CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.) CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DomaIQ Uninstaller (HKLM-x32\...\DomaIQ Uninstaller) (Version: - Tuguu SLU) DownTango (HKLM-x32\...\DownTango) (Version: 1.0.714 - Red Sky Sp. z o.o.) <==== ATTENTION Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - ) DTV (HKLM-x32\...\InstallShield_{D1BA1F1C-D88B-405D-953F-D7074B65453D}) (Version: 1.4.36.633 build 1244 - ) DTV (x32 Version: 1.4.36.633 build 1244 - ) Hidden Extended Update (HKCU\...\UpdaterEX) (Version: - ) ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - ) Flyff (HKLM-x32\...\{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1) (Version: Flyff - Gala Networks Europe Limited) GameCenter (HKLM-x32\...\GameCenter) (Version: - ) Gameforge Live 1.6.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.6.0 - Gameforge) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) G'MIC for GIMP Version 1.5.6.1 (HKLM-x32\...\G'MIC for GIMP_is1) (Version: 1.5.6.1 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.29302 (CD 2.4d) - Hauppauge Computer Works) HDvid Codec V1 (HKLM-x32\...\HDvid Codec V1) (Version: 1.27.153.8 - installdaddy) <==== ATTENTION HDVidCodec (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) ICQ 8.0 (build 5981, für aktuellen Benutzer) (HKCU\...\ICQ) (Version: 8.0.5981.0 - Mail.Ru) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle) Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden Livebrush Mini (HKLM-x32\...\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1) (Version: 1.5 - MoreMeYou) Livebrush Mini (x32 Version: 1.5 - MoreMeYou) Hidden Lollipop (HKCU\...\lollipop_04111938) (Version: - Lollipop Network, S.L.) <==== ATTENTION MediaPlayerplus (HKLM-x32\...\MediaPlayerplus) (Version: 1.34.3.28 - Freeven) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MoodTuner (HKLM-x32\...\com.gugga.radiomini) (Version: 1.1 - GUGA EOOD) MoodTuner (x32 Version: 1.1 - GUGA EOOD) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.1 (x86 de)) (Version: 24.1.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Norton 360 (HKLM-x32\...\N360) (Version: 21.2.0.38 - Symantec Corporation) NVIDIA Grafiktreiber 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Systemsteuerung 311.41 (Version: 311.41 - NVIDIA Corporation) Hidden OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden Save Sense (remove only) (HKCU\...\Save Sense) (Version: 6.4.1.0 - SaveSense) <==== ATTENTION SaveSense (HKCU\...\SaveSense) (Version: - SaveSense) <==== ATTENTION Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.20.154 - Conduit) <==== ATTENTION Shopping Helper Smartbar (HKLM-x32\...\{7DD65DA0-AD4F-4974-AAC6-5834DD7F6841}) (Version: 11.43.63.16271 - ReSoft Ltd.) <==== ATTENTION Skype™ 6.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.9.106 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB) Sumo Paint Bamboo 2.2 (HKLM-x32\...\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1) (Version: v2.2 - UNKNOWN) Sumo Paint Bamboo 2.2 (x32 Version: 2.2 - UNKNOWN) Hidden TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH) TI xHCI Filter Driver 1.0.0.4 (HKLM-x32\...\TI xHCI Filter Driver) (Version: 1.0.0.4 - Texas Instruments Inc.) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone) Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) Whilokii 1.0.0 (HKLM\...\Whilokii) (Version: 1.0.0 - Whilokii) <==== ATTENTION Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Wizard101(DE) (HKCU\...\Wizard101(DE)_is1) (Version: - Gameforge 4D GmbH) WPM17.8.0.3442 (HKLM-x32\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION Zipper (HKLM-x32\...\{40B325F7-2A46-41E0-BE2F-23C19F7F101E}) (Version: 1.0.3 - Tuguu SL) ==================== Restore Points ========================= 28-03-2014 17:58:17 Geplanter Prüfpunkt 09-04-2014 19:34:10 Removed SweetIM for Messenger 3.7 09-04-2014 19:34:37 Removed SweetIM for Messenger 3.7 13-04-2014 07:46:07 Windows Update 16-04-2014 14:39:00 Removed Bonjour ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0980E8C7-0085-4C8B-B5BE-AA50F8607490} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22] (Google Inc.) Task: {0B8403A4-6237-4633-A95E-C85C18B0D69A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {27BF7ED3-D4BC-484C-985D-2491EA904B84} - System32\Tasks\bedfe857-1851-4105-9b92-9447f52989ce-3 => C:\Program Files (x86)\Freeven Pro 1.3\bedfe857-1851-4105-9b92-9447f52989ce-3.exe [2014-03-28] (Freeven) Task: {3279BF0D-955F-4B5D-9269-FAA665E24D6D} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {466E6ED5-33F6-41B7-93EE-B36628260189} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-04-09] (SaveSense) <==== ATTENTION Task: {55113738-D1EA-4864-AF3D-19045F664215} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {5AAA6364-BF65-44ED-B344-5213E9FD9C7B} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION Task: {5B4C96BC-12D6-46E5-9A8E-5EC014DAF866} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {6C4F3685-7325-4D34-994B-ED8B60E9D218} - System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3 => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.exe [2014-03-28] (Freeven) Task: {72560691-588B-47DB-960D-15B8C852DE3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: {7EE8A961-26FB-4A23-A8C1-F3411161463C} - System32\Tasks\UpdaterEX => C:\Users\Shy\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {84B271A6-1207-49C2-86FD-B69F99B3D76D} - System32\Tasks\SaveSense => C:\Users\Shy\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {85C77070-72E2-4CE7-B9E0-7E7ADAACC96B} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-04-09] (SaveSense) <==== ATTENTION Task: {8BBA5135-A136-4606-A27D-B5C1485DBD56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard) Task: {8DF25D0A-9650-490C-94FA-39E1A54BB9C2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation) Task: {A68D5F16-D904-4C7B-830A-E15AAA3AED02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {AE577C77-D37A-489B-AB80-8097C3AA2EE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22] (Google Inc.) Task: {B577135B-8198-4532-A9F7-EDB2C6D54922} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C8262C1E-9E02-4FE4-B207-4AA16D42A1B8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F09C0D5E-B42C-4658-8DF1-DC218C98C9CC} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-02-28] (Systweak) <==== ATTENTION Task: {F15EE7C0-BFA8-4E65-BAB2-CF5DD8C821F6} - System32\Tasks\HPCeeScheduleForShy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.exe Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\bedfe857-1851-4105-9b92-9447f52989ce-3.job => C:\Program Files (x86)\Freeven Pro 1.3\bedfe857-1851-4105-9b92-9447f52989ce-3.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\HPCeeScheduleForShy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\windows\Tasks\SaveSense.job => C:\Users\Shy\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\Shy\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-10-05 03:05 - 2014-04-16 03:49 - 00350488 _____ () C:\Program Files (x86)\Whilokii\updateWhilokii.exe 2013-10-25 17:30 - 2014-04-16 03:16 - 00350488 _____ () C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe 2014-03-26 03:36 - 2014-03-26 03:36 - 00355328 _____ () C:\Users\Shy\AppData\Roaming\VOPackage\VOsrv.exe 2012-08-06 23:50 - 2012-08-06 23:50 - 00607744 _____ () C:\windows\system32\spool\DRIVERS\x64\3\JobCapsA.DLL 2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll 2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll 2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll 2013-08-16 10:57 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2012-10-16 11:39 - 2012-10-16 11:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe 2013-01-12 12:57 - 2013-01-12 12:57 - 00120224 _____ () C:\Users\Shy\AppData\Local\assembly\dl3\EDVMC1YE.5ND\YTH0BKO7.5K1\88588a02\0017145d_cd85cd01\HPItunesModule.DLL 2014-03-21 01:26 - 2014-03-21 01:26 - 00287000 _____ () C:\Program Files (x86)\Whilokii\bin\FilterApp_C64.exe 2014-04-09 21:57 - 2014-04-08 00:02 - 00095512 _____ () C:\Program Files (x86)\Whilokii\bin\Whilokii.BrowserAdapter.exe 2013-06-10 00:23 - 2011-10-27 21:16 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll 2012-12-04 05:21 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-04-09 21:16 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll 2014-04-09 21:16 - 2014-02-28 18:29 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll 2013-01-12 16:47 - 2013-01-12 16:47 - 00851456 _____ () C:\Users\Shy\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll 2012-12-04 05:27 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2012-08-10 17:50 - 2012-08-10 17:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00046624 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00068640 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\srau.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00165408 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 02283040 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00066592 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\spbl.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00154656 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00014368 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\siem.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00063520 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\sppsm.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00696864 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00014880 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00078880 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00027168 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00056864 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\srut.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00029216 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\srsbs.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00065568 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00030752 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\srom.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00030752 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\smtu.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00038944 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\smta.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00024096 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\sgml.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00043552 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\srbu.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00061472 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00024608 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\srpdm.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00043040 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\MACTrackBarLib.dll 2014-03-30 10:48 - 2014-03-30 10:48 - 00026656 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00035360 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll 2014-03-30 10:49 - 2014-03-30 10:49 - 00193056 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\sgmu.dll 2014-03-30 10:46 - 2014-03-30 10:46 - 00061440 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll 2014-03-30 10:50 - 2014-03-30 10:50 - 00255008 _____ () C:\Users\Shy\AppData\Local\Smartbar\Application\srns.dll 2013-10-14 05:33 - 2013-11-26 10:48 - 03008624 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-10-14 05:33 - 2013-11-26 10:48 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-10-14 05:33 - 2013-11-26 10:48 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2014-04-09 00:30 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll 2014-04-09 21:57 - 2014-04-08 00:02 - 00179480 _____ () C:\Program Files (x86)\Whilokii\bin\WhilokiiBAApp.dll 2014-04-09 00:30 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll 2014-04-09 00:30 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll 2014-04-09 00:30 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll 2014-04-09 00:30 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll 2014-04-09 00:30 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll 2014-04-09 00:30 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/16/2014 05:54:03 PM) (Source: MsiInstaller) (User: BeShy) Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table. Error: (04/16/2014 05:32:37 PM) (Source: Windows Search Service) (User: ) Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0. Error: (04/16/2014 05:32:36 PM) (Source: Windows Search Service) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (04/16/2014 05:32:34 PM) (Source: Windows Search Service) (User: ) Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Error: (04/16/2014 05:32:33 PM) (Source: VMCService) (User: ) Description: conflictManagerTypeValue Error: (04/16/2014 05:14:51 PM) (Source: MsiInstaller) (User: BeShy) Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table. Error: (04/16/2014 05:12:47 PM) (Source: Windows Search Service) (User: ) Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0. Error: (04/16/2014 05:12:44 PM) (Source: Windows Search Service) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (04/16/2014 05:12:40 PM) (Source: Windows Search Service) (User: ) Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Error: (04/16/2014 05:12:38 PM) (Source: VMCService) (User: ) Description: conflictManagerTypeValue System errors: ============= Error: (04/16/2014 05:53:32 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001. Error: (04/16/2014 05:34:40 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001. Error: (04/16/2014 05:32:03 PM) (Source: ps6ahqjb) (User: ) Description: Protection Synchronization Driver detected an internal error, contact the customer support service. Error: (04/16/2014 05:15:16 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001. Error: (04/16/2014 05:15:16 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001. Error: (04/16/2014 05:11:49 PM) (Source: ps6ahqjb) (User: ) Description: Protection Synchronization Driver detected an internal error, contact the customer support service. Error: (04/16/2014 05:11:00 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001. Error: (04/16/2014 05:04:56 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001. Error: (04/16/2014 05:04:52 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001. Error: (04/16/2014 05:01:35 PM) (Source: ps6ahqjb) (User: ) Description: Protection Synchronization Driver detected an internal error, contact the customer support service. Microsoft Office Sessions: ========================= Error: (04/16/2014 05:54:03 PM) (Source: MsiInstaller)(User: BeShy) Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/16/2014 05:32:37 PM) (Source: Windows Search Service)(User: ) Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0 Error: (04/16/2014 05:32:36 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Error: (04/16/2014 05:32:34 PM) (Source: Windows Search Service)(User: ) Description: Error: (04/16/2014 05:32:33 PM) (Source: VMCService)(User: ) Description: conflictManagerTypeValue Error: (04/16/2014 05:14:51 PM) (Source: MsiInstaller)(User: BeShy) Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/16/2014 05:12:47 PM) (Source: Windows Search Service)(User: ) Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0 Error: (04/16/2014 05:12:44 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Error: (04/16/2014 05:12:40 PM) (Source: Windows Search Service)(User: ) Description: Error: (04/16/2014 05:12:38 PM) (Source: VMCService)(User: ) Description: conflictManagerTypeValue ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 8147.36 MB Available physical RAM: 5155.2 MB Total Pagefile: 10003.36 MB Available Pagefile: 6377.81 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1850.33 GB) (Free:1753.63 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: B67D538B) Partition: GPT Partition Type. ==================== End Of Log ============================ FRST Log. Addition steht oben drüber. Ich danke dir. [CODE] FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 01 Ran by Shy (administrator) on BESHY on 16-04-2014 19:35:29 Running from C:\Users\Shy\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe () C:\Program Files (x86)\Whilokii\updateWhilokii.exe () C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe () C:\Users\Shy\AppData\Roaming\VOPackage\VOsrv.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (ICQ) C:\Users\Shy\AppData\Roaming\ICQM\icq.exe (Spotify Ltd) C:\Users\Shy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (Smartbar) C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.exe () C:\Program Files (x86)\Whilokii\bin\FilterApp_C64.exe () C:\Program Files (x86)\Whilokii\bin\Whilokii.BrowserAdapter.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard ) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [DTVRemote] => C:\Program Files (x86)\DTV\RemoteControl.exe [61440 2006-07-11] () HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\Run: [icq] => C:\Users\Shy\AppData\Roaming\ICQM\icq.exe [26606072 2013-01-12] (ICQ) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\Run: [Spotify] => C:\Users\Shy\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-09] (Spotify Ltd) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\Run: [Spotify Web Helper] => C:\Users\Shy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-09] (Spotify Ltd) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Shy\AppData\Local\Smartbar\Application\Smartbar.exe [28192 2014-03-30] (Smartbar) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {85048ddc-7369-11e2-be74-10604b5f8bb4} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {85048e17-7369-11e2-be74-10604b5f8bb4} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {85048f0f-7369-11e2-be74-10604b5f8bb4} - "I:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {ab3b5baa-554b-11e3-bea8-10604b5f8bb4} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {e2788c9e-dcde-11e2-be89-001e101f906f} - "G:\setup_vmc_lite.exe" /checkApplicationPresence AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355552 2014-04-08] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-04-08] (Conduit) Startup: C:\Users\Schiffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M790A6934-938D-4DED-9959-B45D7F348ECF&SearchSource=55&CUI=&UM=5&UP=SP553419F1-CDC6-48EE-BA12-1C16327F3C0C&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50FSSGyZbxU0FG-KnUAfpo7yM5hHrNk3zbJub_C1RcPz57D9IsZuzwQzdGbKLnEWMBumsc8sP78z_DRz17_pbj7ERDZiRCyTTFdJR9qzHsbBTNEcBdYj0gECOL6Lc_rc,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50FSSGyZbxU0FG-KnUAfpo7yM5hHrNk3zbJub_C1RcPz57D9IsZuzwQzdGbKLnEWMBumsc8sP78z_DRz17_pbj7ERDZiRCyTTFdJR9qzHsbBTNEcBdYj0gECOL6Lc_rc,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ff&cd=2XzuyEtN2Y1L1QzutCtDyCtDyE0ByD0Fzz0B0ByEyC0CyE0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtB0CyDzzyCtBtDtG0DzztD0FtGtCyCtB0BtG0FzzyB0BtGtA0AyEyDzzzy0AyC0F0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtDtCtAyByEyEtG0A0ByCtAtGtAzzyCtCtG0A0Azy0CtGyEyBtCyEtCyE0F0AzzyEtBtA2Q&cr=167206671&ir= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_16_ff&cd=2XzuyEtN2Y1L1QzutCtDyCtDyE0ByD0Fzz0B0ByEyC0CyE0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtB0CyDzzyCtBtDtG0DzztD0FtGtCyCtB0BtG0FzzyB0BtGtA0AyEyDzzzy0AyC0F0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtDtCtAyByEyEtG0A0ByCtAtGtAzzyCtCtG0A0Azy0CtGyEyBtCyEtCyE0F0AzzyEtBtA2Q&cr=167206671&ir= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396038229&from=tugs&uid=ST2000DM001-9YN164_Z1E1TSQV&q={searchTerms} SearchScopes: HKLM - {34417101-EE22-45BE-B7BC-128EC8F60190} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50FSSGyZbxU0FG-KnUAfpo7yM5hHrNk3zbJub_C1RcPz57D9IsZuzwQzdGbKLnEWMBumsc8sP78z_DRz17_pbj7ERDZiRCyTTFdJR9qzHsbBTNEcBdYj0gECOL6Lc_rU,&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50FSSGyZbxU0FG-KnUAfpo7yM5hHrNk3zbJub_C1RcPz57D9IsZuzwQzdGbKLnEWMBumsc8sP78z_DRz17_pbj7ERDZiRCyTTFdJR9qzHsbBTNEcBdYj0gECOL6Lc_rU,&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50FSSGyZbxU0FG-KnUAfpo7yM5hHrNk3zbJub_C1RcPz57D9IsZuzwQzdGbKLnEWMBumsc8sP78z_DRz17_pbj7ERDZiRCyTTFdJR9qzHsbBTNEcBdYj0gECOL6Lc_rc,&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50FSSGyZbxU0FG-KnUAfpo7yM5hHrNk3zbJub_C1RcPz57D9IsZuzwQzdGbKLnEWMBumsc8sP78z_DRz17_pbj7ERDZiRCyTTFdJR9qzHsbBTNEcBdYj0gECOL6Lc_rc,&q={searchTerms} SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50FSSGyZbxU0FG-KnUAfpo7yM5hHrNk3zbJub_C1RcPz57D9IsZuzwQzdGbKLnEWMBumsc8sP78z_DRz17_pbj7ERDZiRCyTTFdJR9qzHsbBTNEcBdYj0gECOL6Lc_rY,&q={searchTerms} BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven) BHO: Freeven Pro 1.3 - {11111111-1111-1111-1111-110511421155} - C:\Program Files (x86)\Freeven Pro 1.3\Freeven Pro 1.3-bho64.dll (Freeven) BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven) BHO-x32: Freeven Pro 1.3 - {11111111-1111-1111-1111-110511421155} - C:\Program Files (x86)\Freeven Pro 1.3\Freeven Pro 1.3-bho.dll (Freeven) BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\Shy\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default FF user.js: detected! => C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\user.js FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: Mysearchdial FF SearchEngineOrder.1: Mysearchdial FF SelectedSearchEngine: Mysearchdial FF Homepage: www.google.de FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50FSSGyZbxU0FG-KnUAfpo7yM5hHrNk3zbJub_C1RcPz57D9IsZuzwQzdGbKLnEWMBumsc8sP78z_DRz17_pbj7ERDZiRCyTTFdJR9qzHsbBTNEcBdYj0gECOL6Lc_rE,&q= FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF SearchPlugin: C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\searchplugins\Mysearchdial.xml FF SearchPlugin: C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: LyricsFriend - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\Extensions\131 [2013-09-03] FF Extension: Plus-HD-2.2 - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2014-03-28] FF Extension: MediaPlayerplus - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-03-28] FF Extension: Freeven Pro 1.3 - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\Extensions\e20dc619-d8c4-48f1-ae07-641cefb43165@3c4d943f-ad97-4f6e-aa94-d9671175a3d0.com [2014-03-28] FF Extension: Whilokii - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\Extensions\firefox@whilokii.net [2013-10-21] FF Extension: Quick Start - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\Extensions\quick_start@gmail.com [2014-04-10] FF Extension: SaveSense - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23} [2014-04-09] FF Extension: HDvid Codec 3 - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\Extensions\hdvc3@hdvidcodec.com.xpi [2013-06-30] FF Extension: MySearchDial - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-16] FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\extensions\quick_start@gmail.com FF Extension: Quick Start - C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\extensions\quick_start@gmail.com [2014-04-10] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014-04-16] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn\ [] FF HKCU\...\Firefox\Extensions: [{ae82ce55-d4ae-4a75-a1b7-002cc9fa5781}] - C:\Program Files (x86)\LyricsFriend\131.xpi Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M790A6934-938D-4DED-9959-B45D7F348ECF&SearchSource=55&CUI=&UM=5&UP=SP553419F1-CDC6-48EE-BA12-1C16327F3C0C&SSPV= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ff&cd=2XzuyEtN2Y1L1QzutCtDyCtDyE0ByD0Fzz0B0ByEyC0CyE0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtB0CyDzzyCtBtDtG0DzztD0FtGtCyCtB0BtG0FzzyB0BtGtA0AyEyDzzzy0AyC0F0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtDtCtAyByEyEtG0A0ByCtAtGtAzzyCtCtG0A0Azy0CtGyEyBtCyEtCyE0F0AzzyEtBtA2Q&cr=167206671&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ff&cd=2XzuyEtN2Y1L1QzutCtDyCtDyE0ByD0Fzz0B0ByEyC0CyE0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtB0CyDzzyCtBtDtG0DzztD0FtGtCyCtB0BtG0FzzyB0BtGtA0AyEyDzzzy0AyC0F0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtDtCtAyByEyEtG0A0ByCtAtGtAzzyCtCtG0A0Azy0CtGyEyBtCyEtCyE0F0AzzyEtBtA2Q&cr=167206671&ir= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Freeven Pro 1.3) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adbpopomabpienjnifocifondadaogpj [2014-03-28] CHR Extension: (Newhub) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp [2014-03-20] CHR Extension: (Google Docs) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-22] CHR Extension: (Google Drive) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-22] CHR Extension: (YouTube) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-22] CHR Extension: (Google Search) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-22] CHR Extension: (MySearchDial New Tab) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-16] CHR Extension: (Plus-HD-2.2) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2013-08-29] CHR Extension: (MediaPlayerplus) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-03-28] CHR Extension: (Norton Identity Protection) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-02-22] CHR Extension: (Google Wallet) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10] CHR Extension: (Widget context) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-04-14] CHR Extension: (Gmail) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-22] CHR HKLM\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Shy\AppData\Local\nwhb-v9.4.15.crx [2014-03-20] CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Shy\AppData\Local\speedial.crx [2014-04-16] CHR HKCU\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Shy\AppData\Local\nwhb-v9.4.15.crx [2014-03-20] CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Shy\AppData\Local\speedial.crx [2014-04-16] CHR HKLM-x32\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Shy\AppData\Local\nwhb-v9.4.15.crx [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [dnllcmllkjofnojidnaknldfehfhehoo] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Shy\AppData\Local\speedial.crx [2014-04-16] CHR HKLM-x32\...\Chrome\Extension: [lkifdcciaffpfomcpapoccoefeejeagi] - C:\Program Files (x86)\LyricsFriend\131.crx [2014-04-16] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-04-16] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-28] ==================== Services (Whitelisted) ================= R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2470688 2014-04-08] (Conduit) R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [570368 2011-10-27] (Hauppauge Computer Works) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation) S3 npggsvc; C:\windows\SysWOW64\GameMon.des [5268336 2014-03-25] (INCA Internet Co., Ltd.) S2 pr2ahqjb; C:\Windows\system32\pr2ahqjb.exe [754304 2007-03-29] (Koch Media) S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-04-09] (SaveSense) S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-04-09] (SaveSense) R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [350488 2014-04-16] () R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [350488 2014-04-16] () R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) R2 vosr; C:\Users\Shy\AppData\Roaming\VOPackage\VOsrv.exe [355328 2014-03-26] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-04-09] (Cherished Technololgy LIMITED) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-04-09] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-15] (Symantec Corporation) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.) R3 hcw17bda; C:\Windows\system32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140415.001\IDSvia64.sys [525016 2014-04-15] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140415.025\ENG64.SYS [126040 2014-04-15] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140415.025\EX64.SYS [2099288 2014-04-15] (Symantec Corporation) R0 pe3ahqjb; C:\Windows\System32\drivers\pe3ahqjb.sys [72576 2007-03-29] (Koch Media) R0 ps6ahqjb; C:\Windows\System32\drivers\ps6ahqjb.sys [73608 2007-03-29] (Koch Media) R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-04-16] (Symantec Corporation) R1 SRTSP; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1502000.026\SymELAM.sys [23568 2013-10-30] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-16] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 tilfilter; C:\Windows\System32\drivers\TIxHCIlfilter.sys [17528 2012-11-20] (Texas Instruments, Inc.) R3 tiufilter; C:\Windows\System32\drivers\TIxHCIufilter.sys [23184 2012-11-20] (Texas Instruments, Inc.) R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-21] (StdLib) S3 wacomvhid; \SystemRoot\System32\drivers\wacomvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 19:35 - 2014-04-16 19:35 - 00036167 _____ () C:\Users\Shy\Downloads\FRST.txt 2014-04-16 19:35 - 2014-04-16 19:35 - 00000000 ____D () C:\FRST 2014-04-16 19:34 - 2014-04-16 19:34 - 02158080 _____ (Farbar) C:\Users\Shy\Downloads\FRST64.exe 2014-04-16 19:30 - 2014-04-16 19:30 - 00993712 _____ () C:\Users\Shy\Downloads\setup (3).exe 2014-04-16 18:30 - 2014-04-16 18:30 - 00000000 ____D () C:\Users\Shy\AppData\Local\SearchProtect 2014-04-16 18:30 - 2014-04-16 18:30 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-04-16 18:26 - 2014-04-16 18:27 - 00993712 _____ () C:\Users\Shy\Downloads\setup (2).exe 2014-04-16 18:02 - 2014-04-16 18:02 - 00001078 _____ () C:\Users\Shy\Desktop\Continue VuuPC Installation.lnk 2014-04-16 17:54 - 2014-04-16 17:54 - 00096856 _____ (Symantec Corporation) C:\windows\system32\Drivers\SMR410.SYS 2014-04-16 17:54 - 2014-04-16 17:54 - 00000020 _____ () C:\windows\system32\Drivers\SMR410.dat 2014-04-16 17:26 - 2014-04-16 17:30 - 00000000 ____D () C:\Users\Shy\Desktop\Blabla 2014-04-16 17:17 - 2014-04-16 17:17 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360 2014-04-16 17:10 - 2014-04-16 17:54 - 00000000 ____D () C:\Users\Shy\AppData\Local\NPE 2014-04-16 17:07 - 2014-04-16 17:07 - 00000000 ____D () C:\Users\Shy\Documents\Symantec 2014-04-16 17:05 - 2014-04-16 17:54 - 00003118 _____ () C:\windows\System32\Tasks\Advanced System Protector_startup 2014-04-16 17:05 - 2014-04-16 17:05 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2014-04-16 17:05 - 2014-04-16 17:05 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2014-04-16 17:05 - 2014-04-16 17:05 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration 2014-04-16 17:05 - 2014-04-16 17:05 - 00002389 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2014-04-16 17:05 - 2014-04-16 17:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-04-16 17:02 - 2014-04-16 17:02 - 00000000 ____D () C:\windows\system32\Drivers\N360x64 2014-04-16 17:02 - 2014-04-16 17:02 - 00000000 ____D () C:\Program Files (x86)\Norton 360 2014-04-16 16:50 - 2014-04-16 16:50 - 00000000 ____D () C:\ProgramData\PCSettings 2014-04-16 16:33 - 2014-04-16 16:33 - 01021952 _____ (Symantec Corporation) C:\Users\Shy\Downloads\NortonN360Downloader.exe 2014-04-16 03:49 - 2014-04-16 03:49 - 00000000 ____D () C:\Users\Shy\Documents\Optimizer Pro 2014-04-16 03:46 - 2014-04-16 03:47 - 00000320 _____ () C:\Users\Shy\AppData\Roaming\aps.uninstall.scan.results 2014-04-16 03:45 - 2014-04-16 16:38 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-16 03:44 - 2014-04-16 03:44 - 00358193 _____ () C:\Users\Shy\AppData\Local\speedial.crx 2014-04-16 03:44 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\Shy\AppData\Local\AnyProtectScannerSetup.exe 2014-04-12 02:40 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys 2014-04-12 02:40 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys 2014-04-12 02:40 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe 2014-04-12 02:40 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll 2014-04-12 02:40 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll 2014-04-12 02:40 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-12 02:40 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-12 02:40 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll 2014-04-12 02:40 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll 2014-04-12 02:40 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-12 02:40 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-04-12 02:40 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys 2014-04-12 02:40 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-04-12 02:40 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-04-12 02:40 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml 2014-04-12 02:40 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys 2014-04-12 02:40 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-04-12 02:40 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-04-12 02:40 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2014-04-12 02:40 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2014-04-12 02:39 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-04-12 02:39 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-04-12 02:39 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2014-04-12 02:39 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2014-04-12 02:39 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-04-12 02:39 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-12 02:39 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2014-04-12 02:39 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-04-12 02:39 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-04-12 02:39 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-04-12 02:39 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2014-04-12 02:39 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-04-12 02:39 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2014-04-12 02:39 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-04-12 02:39 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-04-12 02:39 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-04-10 21:36 - 2014-04-10 21:36 - 00872872 _____ (AirInstaller ) C:\Users\Shy\Downloads\setup (1).exe 2014-04-10 20:48 - 2014-04-10 20:48 - 00441752 _____ () C:\Users\Shy\Downloads\Java(1).exe 2014-04-09 23:57 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-04-09 23:57 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-04-09 23:57 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-04-09 23:57 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-04-09 21:34 - 2014-04-09 21:34 - 01070840 _____ (Solid State Networks) C:\Users\Shy\Downloads\install_flashplayer13x32au_mssd_aaa_aih.exe 2014-04-09 21:20 - 2014-04-11 09:15 - 00000000 ____D () C:\ProgramData\IePluginService 2014-04-09 21:20 - 2014-04-09 21:20 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\SupTab 2014-04-09 21:20 - 2014-04-09 21:20 - 00000000 ____D () C:\ProgramData\WPM 2014-04-09 21:20 - 2014-04-09 21:20 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-04-09 21:18 - 2014-04-16 18:30 - 00001064 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-09 21:18 - 2014-04-09 21:18 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-09 21:16 - 2014-04-09 21:16 - 00000000 ____D () C:\ProgramData\Systweak 2014-04-09 21:16 - 2014-04-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector 2014-04-09 21:16 - 2012-07-25 12:03 - 00016896 _____ () C:\windows\system32\sasnative64.exe 2014-04-09 21:15 - 2014-04-16 19:20 - 00000938 _____ () C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job 2014-04-09 21:15 - 2014-04-16 19:16 - 00000296 _____ () C:\windows\Tasks\SaveSense.job 2014-04-09 21:15 - 2014-04-16 17:53 - 00000934 _____ () C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2014-04-09 21:15 - 2014-04-09 21:57 - 00000000 ____D () C:\Users\Shy\AppData\Local\Mobogenie 2014-04-09 21:15 - 2014-04-09 21:16 - 00002634 _____ () C:\windows\System32\Tasks\SaveSense 2014-04-09 21:15 - 2014-04-09 21:16 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro 2014-04-09 21:15 - 2014-04-09 21:15 - 00003910 _____ () C:\windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA 2014-04-09 21:15 - 2014-04-09 21:15 - 00003674 _____ () C:\windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore 2014-04-09 21:15 - 2014-04-09 21:15 - 00002440 _____ () C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\Documents\Mobogenie 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\SaveSense 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Local\SaveSenseLive 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Local\SaveSense 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Local\cache 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\.android 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\ProgramData\SaveSenseLive 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 _____ () C:\Users\Shy\daemonprocess.txt 2014-04-09 21:14 - 2014-04-09 21:14 - 00000000 ____D () C:\Users\Shy\AppData\Local\Smartbar 2014-04-09 21:14 - 2014-04-09 21:14 - 00000000 ____D () C:\Users\Shy\AppData\Local\LPT 2014-04-09 21:10 - 2014-04-09 21:10 - 00993712 _____ () C:\Users\Shy\Downloads\setup(2).exe 2014-04-09 21:09 - 2014-04-09 21:09 - 00441768 _____ () C:\Users\Shy\Downloads\Setup_V2.exe 2014-04-09 21:08 - 2014-04-09 21:09 - 00993712 _____ () C:\Users\Shy\Downloads\setup(1).exe 2014-03-29 11:21 - 2014-04-16 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 22:27 - 2014-04-16 18:14 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus 2014-03-28 22:27 - 2014-04-16 17:53 - 00003466 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job 2014-03-28 22:27 - 2014-03-28 22:27 - 00006470 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3 2014-03-28 22:25 - 2014-04-16 18:14 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2014-03-28 22:25 - 2014-03-28 22:25 - 01172776 _____ (AnyProtect.com) C:\Users\Shy\AppData\Local\nsh4CE8.tmp 2014-03-28 22:24 - 2014-04-16 18:17 - 00000000 ____D () C:\Program Files (x86)\Freeven Pro 1.3 2014-03-28 22:24 - 2014-04-16 17:53 - 00003130 _____ () C:\windows\Tasks\bedfe857-1851-4105-9b92-9447f52989ce-3.job 2014-03-28 22:24 - 2014-04-16 17:10 - 00000000 ____D () C:\Users\Shy\AppData\Local\Lollipop 2014-03-28 22:24 - 2014-03-28 22:24 - 00006134 _____ () C:\windows\System32\Tasks\bedfe857-1851-4105-9b92-9447f52989ce-3 2014-03-28 22:24 - 2014-03-28 22:24 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\VOPackage 2014-03-28 22:24 - 2014-03-28 22:24 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-03-28 22:19 - 2014-03-28 22:19 - 00563488 _____ () C:\Users\Shy\Downloads\Java.exe 2014-03-28 09:53 - 2014-03-28 09:53 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared 2014-03-28 09:53 - 2014-03-25 09:31 - 05268336 _____ (INCA Internet Co., Ltd.) C:\windows\SysWOW64\GameMon.des 2014-03-28 09:28 - 2014-03-28 09:49 - 00001569 _____ () C:\Users\Public\Desktop\Flyff.lnk 2014-03-28 09:24 - 2014-03-28 09:24 - 00000000 ____D () C:\Program Files\gPotato.eu 2014-03-28 09:22 - 2014-03-28 09:39 - 1178858003 _____ (Gala Networks Europe Limited ) C:\Users\Shy\Desktop\Flyff_DE_setup.exe 2014-03-27 02:12 - 2014-03-27 02:12 - 00321256 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-21 01:26 - 2014-03-21 01:26 - 00061112 _____ (StdLib) C:\windows\system32\Drivers\wStLib64.sys 2014-03-20 01:05 - 2014-03-20 01:05 - 00686631 _____ () C:\Users\Shy\AppData\Local\nwhb-v9.4.15.crx ==================== One Month Modified Files and Folders ======= 2014-04-16 19:35 - 2014-04-16 19:35 - 00036167 _____ () C:\Users\Shy\Downloads\FRST.txt 2014-04-16 19:35 - 2014-04-16 19:35 - 00000000 ____D () C:\FRST 2014-04-16 19:34 - 2014-04-16 19:34 - 02158080 _____ (Farbar) C:\Users\Shy\Downloads\FRST64.exe 2014-04-16 19:30 - 2014-04-16 19:30 - 00993712 _____ () C:\Users\Shy\Downloads\setup (3).exe 2014-04-16 19:26 - 2013-02-22 18:19 - 00001116 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 19:23 - 2013-01-12 12:55 - 01209617 _____ () C:\windows\WindowsUpdate.log 2014-04-16 19:20 - 2014-04-09 21:15 - 00000938 _____ () C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job 2014-04-16 19:16 - 2014-04-09 21:15 - 00000296 _____ () C:\windows\Tasks\SaveSense.job 2014-04-16 19:06 - 2013-05-27 00:57 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 19:05 - 2013-10-21 18:01 - 00000296 _____ () C:\windows\Tasks\UpdaterEX.job 2014-04-16 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2014-04-16 18:49 - 2013-01-12 13:01 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-682942366-826570152-479843046-1001 2014-04-16 18:32 - 2012-07-26 07:26 - 00000292 _____ () C:\windows\win.ini 2014-04-16 18:30 - 2014-04-16 18:30 - 00000000 ____D () C:\Users\Shy\AppData\Local\SearchProtect 2014-04-16 18:30 - 2014-04-16 18:30 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-04-16 18:30 - 2014-04-09 21:18 - 00001064 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-16 18:27 - 2014-04-16 18:26 - 00993712 _____ () C:\Users\Shy\Downloads\setup (2).exe 2014-04-16 18:23 - 2014-03-29 11:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-16 18:17 - 2014-03-28 22:24 - 00000000 ____D () C:\Program Files (x86)\Freeven Pro 1.3 2014-04-16 18:14 - 2014-03-28 22:27 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus 2014-04-16 18:14 - 2014-03-28 22:25 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2014-04-16 18:14 - 2013-01-19 17:35 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-04-16 18:02 - 2014-04-16 18:02 - 00001078 _____ () C:\Users\Shy\Desktop\Continue VuuPC Installation.lnk 2014-04-16 17:56 - 2012-12-04 14:10 - 00745562 _____ () C:\windows\system32\perfh007.dat 2014-04-16 17:56 - 2012-12-04 14:10 - 00169488 _____ () C:\windows\system32\perfc007.dat 2014-04-16 17:56 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-04-16 17:54 - 2014-04-16 17:54 - 00096856 _____ (Symantec Corporation) C:\windows\system32\Drivers\SMR410.SYS 2014-04-16 17:54 - 2014-04-16 17:54 - 00000020 _____ () C:\windows\system32\Drivers\SMR410.dat 2014-04-16 17:54 - 2014-04-16 17:10 - 00000000 ____D () C:\Users\Shy\AppData\Local\NPE 2014-04-16 17:54 - 2014-04-16 17:05 - 00003118 _____ () C:\windows\System32\Tasks\Advanced System Protector_startup 2014-04-16 17:54 - 2013-10-21 18:10 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\Skype 2014-04-16 17:54 - 2013-06-12 18:43 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\Spotify 2014-04-16 17:53 - 2014-04-09 21:15 - 00000934 _____ () C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2014-04-16 17:53 - 2014-03-28 22:27 - 00003466 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job 2014-04-16 17:53 - 2014-03-28 22:24 - 00003130 _____ () C:\windows\Tasks\bedfe857-1851-4105-9b92-9447f52989ce-3.job 2014-04-16 17:53 - 2013-02-22 18:19 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 17:32 - 2013-06-25 18:20 - 00065536 _____ () C:\windows\system32\Ikeext.etl 2014-04-16 17:32 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\tracing 2014-04-16 17:32 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-04-16 17:31 - 2012-08-01 19:02 - 01749296 _____ () C:\windows\PFRO.log 2014-04-16 17:30 - 2014-04-16 17:26 - 00000000 ____D () C:\Users\Shy\Desktop\Blabla 2014-04-16 17:17 - 2014-04-16 17:17 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360 2014-04-16 17:15 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF 2014-04-16 17:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-04-16 17:10 - 2014-03-28 22:24 - 00000000 ____D () C:\Users\Shy\AppData\Local\Lollipop 2014-04-16 17:10 - 2012-12-04 05:34 - 00000000 ____D () C:\ProgramData\Norton 2014-04-16 17:07 - 2014-04-16 17:07 - 00000000 ____D () C:\Users\Shy\Documents\Symantec 2014-04-16 17:06 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-04-16 17:05 - 2014-04-16 17:05 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2014-04-16 17:05 - 2014-04-16 17:05 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2014-04-16 17:05 - 2014-04-16 17:05 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration 2014-04-16 17:05 - 2014-04-16 17:05 - 00002389 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2014-04-16 17:05 - 2014-04-16 17:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-04-16 17:05 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP 2014-04-16 17:03 - 2013-02-21 18:33 - 00583680 ___SH () C:\Users\Shy\Desktop\Thumbs.db 2014-04-16 17:02 - 2014-04-16 17:02 - 00000000 ____D () C:\windows\system32\Drivers\N360x64 2014-04-16 17:02 - 2014-04-16 17:02 - 00000000 ____D () C:\Program Files (x86)\Norton 360 2014-04-16 16:50 - 2014-04-16 16:50 - 00000000 ____D () C:\ProgramData\PCSettings 2014-04-16 16:38 - 2014-04-16 03:45 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-16 16:34 - 2013-11-16 11:15 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-04-16 16:33 - 2014-04-16 16:33 - 01021952 _____ (Symantec Corporation) C:\Users\Shy\Downloads\NortonN360Downloader.exe 2014-04-16 16:21 - 2013-06-12 18:45 - 00000000 ____D () C:\Users\Shy\AppData\Local\Spotify 2014-04-16 16:19 - 2014-03-02 21:02 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForShy.job 2014-04-16 03:49 - 2014-04-16 03:49 - 00000000 ____D () C:\Users\Shy\Documents\Optimizer Pro 2014-04-16 03:47 - 2014-04-16 03:46 - 00000320 _____ () C:\Users\Shy\AppData\Roaming\aps.uninstall.scan.results 2014-04-16 03:45 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy 2014-04-16 03:45 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy 2014-04-16 03:44 - 2014-04-16 03:44 - 00358193 _____ () C:\Users\Shy\AppData\Local\speedial.crx 2014-04-14 23:51 - 2014-03-02 21:02 - 00003146 _____ () C:\windows\System32\Tasks\HPCeeScheduleForShy 2014-04-14 23:51 - 2013-01-12 12:55 - 00000000 ____D () C:\Users\Shy 2014-04-14 23:49 - 2013-09-22 19:51 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-04-14 23:48 - 2013-09-22 19:51 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-13 23:48 - 2013-01-12 12:56 - 00000000 ___RD () C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-13 23:48 - 2013-01-12 12:56 - 00000000 ___RD () C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-13 23:37 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache 2014-04-13 23:10 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData 2014-04-13 23:10 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore 2014-04-11 23:59 - 2013-07-24 07:08 - 00000000 ____D () C:\windows\system32\MRT 2014-04-11 23:57 - 2013-01-14 08:45 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-04-11 23:13 - 2014-04-16 03:44 - 01079839 _____ (AnyProtect.com) C:\Users\Shy\AppData\Local\AnyProtectScannerSetup.exe 2014-04-11 09:15 - 2014-04-09 21:20 - 00000000 ____D () C:\ProgramData\IePluginService 2014-04-10 21:36 - 2014-04-10 21:36 - 00872872 _____ (AirInstaller ) C:\Users\Shy\Downloads\setup (1).exe 2014-04-10 20:48 - 2014-04-10 20:48 - 00441752 _____ () C:\Users\Shy\Downloads\Java(1).exe 2014-04-09 21:57 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Local\Mobogenie 2014-04-09 21:36 - 2013-10-21 18:00 - 00000000 ____D () C:\Program Files (x86)\BonanzaDeals 2014-04-09 21:34 - 2014-04-09 21:34 - 01070840 _____ (Solid State Networks) C:\Users\Shy\Downloads\install_flashplayer13x32au_mssd_aaa_aih.exe 2014-04-09 21:25 - 2013-01-30 19:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-09 21:20 - 2014-04-09 21:20 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\SupTab 2014-04-09 21:20 - 2014-04-09 21:20 - 00000000 ____D () C:\ProgramData\WPM 2014-04-09 21:20 - 2014-04-09 21:20 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-04-09 21:18 - 2014-04-09 21:18 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-09 21:16 - 2014-04-09 21:16 - 00000000 ____D () C:\ProgramData\Systweak 2014-04-09 21:16 - 2014-04-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector 2014-04-09 21:16 - 2014-04-09 21:15 - 00002634 _____ () C:\windows\System32\Tasks\SaveSense 2014-04-09 21:16 - 2014-04-09 21:15 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro 2014-04-09 21:16 - 2014-01-27 00:05 - 00000174 _____ () C:\Users\Shy\AppData\Roaming\WB.CFG 2014-04-09 21:16 - 2013-10-21 17:59 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\Systweak 2014-04-09 21:15 - 2014-04-09 21:15 - 00003910 _____ () C:\windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA 2014-04-09 21:15 - 2014-04-09 21:15 - 00003674 _____ () C:\windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore 2014-04-09 21:15 - 2014-04-09 21:15 - 00002440 _____ () C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\Documents\Mobogenie 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\SaveSense 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Local\SaveSenseLive 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Local\SaveSense 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Local\cache 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\.android 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\ProgramData\SaveSenseLive 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 _____ () C:\Users\Shy\daemonprocess.txt 2014-04-09 21:14 - 2014-04-09 21:14 - 00000000 ____D () C:\Users\Shy\AppData\Local\Smartbar 2014-04-09 21:14 - 2014-04-09 21:14 - 00000000 ____D () C:\Users\Shy\AppData\Local\LPT 2014-04-09 21:10 - 2014-04-09 21:10 - 00993712 _____ () C:\Users\Shy\Downloads\setup(2).exe 2014-04-09 21:09 - 2014-04-09 21:09 - 00441768 _____ () C:\Users\Shy\Downloads\Setup_V2.exe 2014-04-09 21:09 - 2014-04-09 21:08 - 00993712 _____ () C:\Users\Shy\Downloads\setup(1).exe 2014-04-09 00:30 - 2013-02-22 18:21 - 00002369 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-07 02:40 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-03-31 23:18 - 2014-02-26 23:27 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-03-31 23:18 - 2014-02-26 23:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-28 22:27 - 2014-03-28 22:27 - 00006470 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3 2014-03-28 22:25 - 2014-03-28 22:25 - 01172776 _____ (AnyProtect.com) C:\Users\Shy\AppData\Local\nsh4CE8.tmp 2014-03-28 22:24 - 2014-03-28 22:24 - 00006134 _____ () C:\windows\System32\Tasks\bedfe857-1851-4105-9b92-9447f52989ce-3 2014-03-28 22:24 - 2014-03-28 22:24 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\VOPackage 2014-03-28 22:24 - 2014-03-28 22:24 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-03-28 22:24 - 2013-01-12 12:56 - 00001640 _____ () C:\Users\Shy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-28 22:19 - 2014-03-28 22:19 - 00563488 _____ () C:\Users\Shy\Downloads\Java.exe 2014-03-28 09:53 - 2014-03-28 09:53 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared 2014-03-28 09:49 - 2014-03-28 09:28 - 00001569 _____ () C:\Users\Public\Desktop\Flyff.lnk 2014-03-28 09:39 - 2014-03-28 09:22 - 1178858003 _____ (Gala Networks Europe Limited ) C:\Users\Shy\Desktop\Flyff_DE_setup.exe 2014-03-28 09:24 - 2014-03-28 09:24 - 00000000 ____D () C:\Program Files\gPotato.eu 2014-03-27 02:21 - 2013-02-22 18:19 - 00004088 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-27 02:21 - 2013-02-22 18:19 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-27 02:12 - 2014-03-27 02:12 - 00321256 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-25 09:31 - 2014-03-28 09:53 - 05268336 _____ (INCA Internet Co., Ltd.) C:\windows\SysWOW64\GameMon.des 2014-03-24 01:09 - 2012-12-04 05:20 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-21 01:26 - 2014-03-21 01:26 - 00061112 _____ (StdLib) C:\windows\system32\Drivers\wStLib64.sys 2014-03-21 01:26 - 2013-10-21 18:00 - 00000000 ____D () C:\Program Files (x86)\Whilokii 2014-03-20 06:53 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-20 06:53 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-20 06:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-20 06:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-20 01:05 - 2014-03-20 01:05 - 00686631 _____ () C:\Users\Shy\AppData\Local\nwhb-v9.4.15.crx Some content of TEMP: ==================== C:\Users\Shy\AppData\Local\Temp\6_Offer_11.exe C:\Users\Shy\AppData\Local\Temp\APNStub.exe C:\Users\Shy\AppData\Local\Temp\app.exe C:\Users\Shy\AppData\Local\Temp\AutoRun.exe C:\Users\Shy\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Shy\AppData\Local\Temp\BackupSetup.exe C:\Users\Shy\AppData\Local\Temp\Extract.exe C:\Users\Shy\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Shy\AppData\Local\Temp\GenericUninstall.exe C:\Users\Shy\AppData\Local\Temp\htmlayout.dll C:\Users\Shy\AppData\Local\Temp\instract.exe C:\Users\Shy\AppData\Local\Temp\instruct.exe C:\Users\Shy\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Shy\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Shy\AppData\Local\Temp\mgsqlite3.dll C:\Users\Shy\AppData\Local\Temp\nsbC606.exe C:\Users\Shy\AppData\Local\Temp\nsdA395.exe C:\Users\Shy\AppData\Local\Temp\nsjA53C.exe C:\Users\Shy\AppData\Local\Temp\nsqC440.exe C:\Users\Shy\AppData\Local\Temp\SearchProtectINT.exe C:\Users\Shy\AppData\Local\Temp\setup.exe C:\Users\Shy\AppData\Local\Temp\Shortcut_SweetIM_2.exe C:\Users\Shy\AppData\Local\Temp\SimboApp.exe C:\Users\Shy\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Shy\AppData\Local\Temp\SP59485.exe C:\Users\Shy\AppData\Local\Temp\SP60467.exe C:\Users\Shy\AppData\Local\Temp\SP61665.exe C:\Users\Shy\AppData\Local\Temp\SP62732.exe C:\Users\Shy\AppData\Local\Temp\SP63146.exe C:\Users\Shy\AppData\Local\Temp\SP63187.exe C:\Users\Shy\AppData\Local\Temp\sp64126.exe C:\Users\Shy\AppData\Local\Temp\SpOrder.dll C:\Users\Shy\AppData\Local\Temp\TouchURL.exe C:\Users\Shy\AppData\Local\Temp\uninst1.exe C:\Users\Shy\AppData\Local\Temp\uninstaller.exe C:\Users\Shy\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Shy\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-13 09:46 ==================== End Of Log ============================ --- --- --- --- --- --- |
18.04.2014, 09:45 | #4 |
/// the machine /// TB-Ausbilder | Lollipop und andere Viren entfernen- Windows8; 64bit Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.04.2014, 15:26 | #5 |
| Lollipop und andere Viren entfernen- Windows8; 64bit MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.04.2014 Suchlauf-Zeit: 16:09:14 Logdatei: TB_MBAM_03.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.22.04 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Shy Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 309703 Verstrichene Zeit: 7 Min, 53 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.102 - Bericht erstellt am 22/04/2014 um 16:14:01 # Aktualisiert 21/04/2014 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzername : Shy - BESHY # Gestartet von : C:\Users\Shy\Downloads\AdwCleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Schiffer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnllcmllkjofnojidnaknldfehfhehoo Ordner Gelöscht : C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v19.0 (de) [ Datei : C:\Users\Schiffer\AppData\Roaming\Mozilla\Firefox\Profiles\fgy06bj6.default\prefs.js ] [ Datei : C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default\prefs.js ] -\\ Google Chrome v34.0.1847.116 [ Datei : C:\Users\Schiffer\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ Datei : C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [47097 octets] - [21/04/2014 23:00:52] AdwCleaner[R1].txt - [1659 octets] - [22/04/2014 16:12:59] AdwCleaner[S0].txt - [42291 octets] - [21/04/2014 23:01:45] AdwCleaner[S1].txt - [1580 octets] - [22/04/2014 16:14:01] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1640 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 8 x64 Ran by Shy on 22.04.2014 at 16:17:11,72 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 22.04.2014 at 16:20:28,81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 02 Ran by Shy (administrator) on BESHY on 22-04-2014 16:24:17 Running from C:\Users\Shy\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (ICQ) C:\Users\Shy\AppData\Roaming\ICQM\icq.exe (Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\windows\splwow64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard ) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [DTVRemote] => "C:\Program Files (x86)\DTV\RemoteControl.exe" HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\Run: [icq] => C:\Users\Shy\AppData\Roaming\ICQM\icq.exe [26606072 2013-01-12] (ICQ) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\Run: [Spotify] => C:\Users\Shy\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-09] (Spotify Ltd) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\Run: [Spotify Web Helper] => C:\Users\Shy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-09] (Spotify Ltd) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.) HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {85048ddc-7369-11e2-be74-10604b5f8bb4} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {85048e17-7369-11e2-be74-10604b5f8bb4} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {85048f0f-7369-11e2-be74-10604b5f8bb4} - "I:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {ab3b5baa-554b-11e3-bea8-10604b5f8bb4} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-682942366-826570152-479843046-1001\...\MountPoints2: {e2788c9e-dcde-11e2-be89-001e101f906f} - "G:\setup_vmc_lite.exe" /checkApplicationPresence Startup: C:\Users\Schiffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {34417101-EE22-45BE-B7BC-128EC8F60190} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Shy\AppData\Roaming\Mozilla\Firefox\Profiles\qrwdqtn7.default FF NewTab: about:blank FF SelectedSearchEngine: Google FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014-04-16] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn\ [] FF HKCU\...\Firefox\Extensions: [{ae82ce55-d4ae-4a75-a1b7-002cc9fa5781}] - C:\Program Files (x86)\LyricsFriend\131.xpi Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M790A6934-938D-4DED-9959-B45D7F348ECF&SearchSource=55&CUI=&UM=5&UP=SP553419F1-CDC6-48EE-BA12-1C16327F3C0C&SSPV=" CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://www.google.com CHR DefaultNewTabURL: &a=cmi_14_16_ff&cd=2XzuyEtN2Y1L1QzutCtDyCtDyE0ByD0Fzz0B0ByEyC0CyE0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtB0CyDzzyCtBtDtG0DzztD0FtGtCyCtB0BtG0FzzyB0BtGtA0AyEyDzzzy0AyC0F0FtCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtDtCtAyByEyEtG0A0ByCtAtGtAzzyCtCtG0A0Azy0CtGyEyBtCyEtCyE0F0AzzyEtBtA2Q&cr=167206671&ir= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Newhub) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp [2014-03-20] CHR Extension: (Google Docs) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-22] CHR Extension: (Google Drive) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-22] CHR Extension: (YouTube) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-22] CHR Extension: (Google Search) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-22] CHR Extension: (Norton Identity Protection) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-02-22] CHR Extension: (Google Wallet) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10] CHR Extension: (Gmail) - C:\Users\Shy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-22] CHR HKLM\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Shy\AppData\Local\nwhb-v9.4.15.crx [2014-03-20] CHR HKCU\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Shy\AppData\Local\nwhb-v9.4.15.crx [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Shy\AppData\Local\nwhb-v9.4.15.crx [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [lkifdcciaffpfomcpapoccoefeejeagi] - C:\Program Files (x86)\LyricsFriend\131.crx [2014-03-20] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-04-16] ==================== Services (Whitelisted) ================= R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [570368 2011-10-27] (Hauppauge Computer Works) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation) S3 npggsvc; C:\windows\SysWOW64\GameMon.des [5268336 2014-03-25] (INCA Internet Co., Ltd.) R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-04-09] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-15] (Symantec Corporation) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.) R3 hcw17bda; C:\Windows\system32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140421.001\IDSvia64.sys [525016 2014-04-15] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140421.033\ENG64.SYS [126040 2014-04-15] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140421.033\EX64.SYS [2099288 2014-04-15] (Symantec Corporation) R1 SRTSP; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1502000.026\SymELAM.sys [23568 2013-10-30] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-16] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 tilfilter; C:\Windows\System32\drivers\TIxHCIlfilter.sys [17528 2012-11-20] (Texas Instruments, Inc.) R3 tiufilter; C:\Windows\System32\drivers\TIxHCIufilter.sys [23184 2012-11-20] (Texas Instruments, Inc.) R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-21] (StdLib) S3 wacomvhid; \SystemRoot\System32\drivers\wacomvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-22 16:20 - 2014-04-22 16:20 - 00000610 _____ () C:\Users\Shy\Desktop\JRT.txt 2014-04-22 00:04 - 2014-04-22 16:10 - 00001137 _____ () C:\TB_MBAM_03.txt 2014-04-22 00:00 - 2014-04-22 00:00 - 00000000 ____D () C:\Users\Shy\Downloads\FRST-OlderVersion 2014-04-21 23:39 - 2014-04-21 23:39 - 00003114 _____ () C:\JRT.txt 2014-04-21 23:36 - 2014-04-21 23:36 - 00000000 ____D () C:\windows\ERUNT 2014-04-21 23:35 - 2014-04-21 23:35 - 01016261 _____ (Thisisu) C:\Users\Shy\Downloads\JRT.exe 2014-04-21 23:27 - 2014-04-21 23:27 - 00115751 _____ () C:\TB_MBAM_02.txt 2014-04-21 23:07 - 2014-04-21 23:07 - 00000000 ____D () C:\Users\Shy\Downloads\Trojaner-Board 2014-04-21 23:00 - 2014-04-22 16:16 - 00000000 ____D () C:\AdwCleaner 2014-04-21 22:59 - 2014-04-21 22:59 - 01322687 _____ () C:\Users\Shy\Downloads\AdwCleaner.exe 2014-04-21 22:56 - 2014-04-21 22:56 - 00397390 _____ () C:\Trojaner-Board_1_MBAM.txt 2014-04-21 22:40 - 2014-04-22 16:01 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-21 22:39 - 2014-04-21 22:39 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-21 22:39 - 2014-04-21 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-21 22:39 - 2014-04-21 22:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-21 22:39 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-04-21 22:39 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-04-21 22:39 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-04-21 22:37 - 2014-04-21 22:37 - 00000355 _____ () C:\Users\Shy\Desktop\Computer - Verknüpfung.lnk 2014-04-21 22:01 - 2014-04-21 22:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Shy\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-21 21:54 - 2014-04-21 21:54 - 00001262 _____ () C:\Users\Shy\Desktop\Revo Uninstaller.lnk 2014-04-21 21:54 - 2014-04-21 21:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-21 21:53 - 2014-04-21 21:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shy\Downloads\revosetup95.exe 2014-04-21 20:50 - 2014-04-21 20:50 - 00772680 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys 2014-04-21 20:50 - 2014-04-21 20:50 - 00078920 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2014-04-21 20:50 - 2014-04-21 20:50 - 00000000 ____D () C:\windows\LastGood.Tmp 2014-04-21 20:25 - 2014-04-21 20:26 - 00000000 ____D () C:\Program Files (x86)\The Mighty Quest For Epic Loot 2014-04-21 20:25 - 2014-04-21 20:25 - 00001398 _____ () C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk 2014-04-21 20:23 - 2014-04-21 20:24 - 30041832 _____ ( ) C:\Users\Shy\Downloads\MightyQuestSetup_234953.exe 2014-04-21 20:19 - 2014-04-21 20:19 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-21 20:17 - 2014-04-21 20:17 - 00283192 _____ (Mozilla) C:\Users\Shy\Downloads\Firefox Setup Stub 28.0.exe 2014-04-17 11:00 - 2014-04-22 16:11 - 00000000 ____D () C:\Users\Shy\AppData\Local\CrashDumps 2014-04-16 19:35 - 2014-04-22 16:24 - 00021027 _____ () C:\Users\Shy\Downloads\FRST.txt 2014-04-16 19:35 - 2014-04-22 16:24 - 00000000 ____D () C:\FRST 2014-04-16 19:35 - 2014-04-22 00:01 - 00011254 _____ () C:\Users\Shy\Downloads\Addition.txt 2014-04-16 19:34 - 2014-04-22 00:00 - 02061312 _____ (Farbar) C:\Users\Shy\Downloads\FRST64.exe 2014-04-16 17:26 - 2014-04-21 23:01 - 00000000 ____D () C:\Users\Shy\Desktop\Blabla 2014-04-16 17:17 - 2014-04-16 17:17 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360 2014-04-16 17:10 - 2014-04-16 17:54 - 00000000 ____D () C:\Users\Shy\AppData\Local\NPE 2014-04-16 17:07 - 2014-04-16 17:07 - 00000000 ____D () C:\Users\Shy\Documents\Symantec 2014-04-16 17:05 - 2014-04-16 17:05 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2014-04-16 17:05 - 2014-04-16 17:05 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2014-04-16 17:05 - 2014-04-16 17:05 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration 2014-04-16 17:05 - 2014-04-16 17:05 - 00002389 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2014-04-16 17:05 - 2014-04-16 17:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-04-16 17:02 - 2014-04-16 17:02 - 00000000 ____D () C:\windows\system32\Drivers\N360x64 2014-04-16 17:02 - 2014-04-16 17:02 - 00000000 ____D () C:\Program Files (x86)\Norton 360 2014-04-16 16:50 - 2014-04-16 16:50 - 00000000 ____D () C:\ProgramData\PCSettings 2014-04-16 16:33 - 2014-04-16 16:33 - 01021952 _____ (Symantec Corporation) C:\Users\Shy\Downloads\NortonN360Downloader.exe 2014-04-16 03:45 - 2014-04-16 16:38 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-16 03:44 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\Shy\AppData\Local\AnyProtectScannerSetup.exe 2014-04-12 02:40 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys 2014-04-12 02:40 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys 2014-04-12 02:40 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe 2014-04-12 02:40 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll 2014-04-12 02:40 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll 2014-04-12 02:40 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-12 02:40 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-12 02:40 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll 2014-04-12 02:40 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll 2014-04-12 02:40 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-12 02:40 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-04-12 02:40 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys 2014-04-12 02:40 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-04-12 02:40 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-04-12 02:40 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml 2014-04-12 02:40 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys 2014-04-12 02:40 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-04-12 02:40 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-04-12 02:40 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2014-04-12 02:40 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2014-04-12 02:39 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-04-12 02:39 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-04-12 02:39 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-04-12 02:39 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-04-12 02:39 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2014-04-12 02:39 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2014-04-12 02:39 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-04-12 02:39 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-12 02:39 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2014-04-12 02:39 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-04-12 02:39 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-04-12 02:39 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-04-12 02:39 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2014-04-12 02:39 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-04-12 02:39 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2014-04-12 02:39 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-04-12 02:39 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-04-12 02:39 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-04-09 23:57 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-04-09 23:57 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2014-04-09 23:57 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2014-04-09 23:57 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-04-09 21:34 - 2014-04-09 21:34 - 01070840 _____ (Solid State Networks) C:\Users\Shy\Downloads\install_flashplayer13x32au_mssd_aaa_aih.exe 2014-04-09 21:18 - 2014-04-16 18:30 - 00001064 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-09 21:18 - 2014-04-09 21:18 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-09 21:16 - 2012-07-25 12:03 - 00016896 _____ () C:\windows\system32\sasnative64.exe 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Local\cache 2014-03-29 11:21 - 2014-04-22 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-28 22:25 - 2014-03-28 22:25 - 01172776 _____ (AnyProtect.com) C:\Users\Shy\AppData\Local\nsh4CE8.tmp 2014-03-28 09:53 - 2014-03-28 09:53 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared 2014-03-28 09:53 - 2014-03-25 09:31 - 05268336 _____ (INCA Internet Co., Ltd.) C:\windows\SysWOW64\GameMon.des 2014-03-28 09:28 - 2014-03-28 09:49 - 00001569 _____ () C:\Users\Public\Desktop\Flyff.lnk 2014-03-28 09:24 - 2014-03-28 09:24 - 00000000 ____D () C:\Program Files\gPotato.eu 2014-03-28 09:22 - 2014-03-28 09:39 - 1178858003 _____ (Gala Networks Europe Limited ) C:\Users\Shy\Desktop\Flyff_DE_setup.exe 2014-03-27 02:12 - 2014-03-27 02:12 - 00321256 _____ () C:\windows\system32\FNTCACHE.DAT ==================== One Month Modified Files and Folders ======= 2014-04-22 16:24 - 2014-04-16 19:35 - 00021027 _____ () C:\Users\Shy\Downloads\FRST.txt 2014-04-22 16:24 - 2014-04-16 19:35 - 00000000 ____D () C:\FRST 2014-04-22 16:23 - 2013-01-12 13:01 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-682942366-826570152-479843046-1001 2014-04-22 16:21 - 2012-12-04 14:10 - 00745562 _____ () C:\windows\system32\perfh007.dat 2014-04-22 16:21 - 2012-12-04 14:10 - 00169488 _____ () C:\windows\system32\perfc007.dat 2014-04-22 16:21 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-04-22 16:20 - 2014-04-22 16:20 - 00000610 _____ () C:\Users\Shy\Desktop\JRT.txt 2014-04-22 16:20 - 2014-03-29 11:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-22 16:16 - 2014-04-21 23:00 - 00000000 ____D () C:\AdwCleaner 2014-04-22 16:16 - 2013-01-12 12:55 - 01603509 _____ () C:\windows\WindowsUpdate.log 2014-04-22 16:15 - 2014-03-02 21:02 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForShy.job 2014-04-22 16:15 - 2013-06-25 18:20 - 00065536 _____ () C:\windows\system32\Ikeext.etl 2014-04-22 16:15 - 2013-02-22 18:19 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-22 16:15 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-04-22 16:11 - 2014-04-17 11:00 - 00000000 ____D () C:\Users\Shy\AppData\Local\CrashDumps 2014-04-22 16:10 - 2014-04-22 00:04 - 00001137 _____ () C:\TB_MBAM_03.txt 2014-04-22 16:06 - 2013-05-27 00:57 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-04-22 16:01 - 2014-04-21 22:40 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-22 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2014-04-22 15:26 - 2013-02-22 18:19 - 00001116 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-22 00:01 - 2014-04-16 19:35 - 00011254 _____ () C:\Users\Shy\Downloads\Addition.txt 2014-04-22 00:00 - 2014-04-22 00:00 - 00000000 ____D () C:\Users\Shy\Downloads\FRST-OlderVersion 2014-04-22 00:00 - 2014-04-16 19:34 - 02061312 _____ (Farbar) C:\Users\Shy\Downloads\FRST64.exe 2014-04-21 23:51 - 2014-03-02 21:02 - 00003146 _____ () C:\windows\System32\Tasks\HPCeeScheduleForShy 2014-04-21 23:51 - 2013-01-12 12:55 - 00000000 ____D () C:\Users\Shy 2014-04-21 23:39 - 2014-04-21 23:39 - 00003114 _____ () C:\JRT.txt 2014-04-21 23:36 - 2014-04-21 23:36 - 00000000 ____D () C:\windows\ERUNT 2014-04-21 23:35 - 2014-04-21 23:35 - 01016261 _____ (Thisisu) C:\Users\Shy\Downloads\JRT.exe 2014-04-21 23:29 - 2012-08-01 19:02 - 01922698 _____ () C:\windows\PFRO.log 2014-04-21 23:29 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\TAPI 2014-04-21 23:27 - 2014-04-21 23:27 - 00115751 _____ () C:\TB_MBAM_02.txt 2014-04-21 23:07 - 2014-04-21 23:07 - 00000000 ____D () C:\Users\Shy\Downloads\Trojaner-Board 2014-04-21 23:06 - 2013-11-17 23:13 - 00000000 ____D () C:\Users\Shy\SyncFolder 2014-04-21 23:04 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\tracing 2014-04-21 23:03 - 2013-01-30 19:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-21 23:02 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-04-21 23:01 - 2014-04-16 17:26 - 00000000 ____D () C:\Users\Shy\Desktop\Blabla 2014-04-21 23:01 - 2013-02-22 18:21 - 00001276 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-21 22:59 - 2014-04-21 22:59 - 01322687 _____ () C:\Users\Shy\Downloads\AdwCleaner.exe 2014-04-21 22:56 - 2014-04-21 22:56 - 00397390 _____ () C:\Trojaner-Board_1_MBAM.txt 2014-04-21 22:39 - 2014-04-21 22:39 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-21 22:39 - 2014-04-21 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-21 22:39 - 2014-04-21 22:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-21 22:37 - 2014-04-21 22:37 - 00000355 _____ () C:\Users\Shy\Desktop\Computer - Verknüpfung.lnk 2014-04-21 22:20 - 2013-01-19 17:22 - 00000000 ____D () C:\Program Files (x86)\DTV 2014-04-21 22:14 - 2013-07-30 08:04 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive 2014-04-21 22:02 - 2014-04-21 22:01 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Shy\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-21 21:54 - 2014-04-21 21:54 - 00001262 _____ () C:\Users\Shy\Desktop\Revo Uninstaller.lnk 2014-04-21 21:54 - 2014-04-21 21:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-21 21:53 - 2014-04-21 21:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shy\Downloads\revosetup95.exe 2014-04-21 20:52 - 2012-08-02 05:15 - 00000000 ____D () C:\SWSETUP 2014-04-21 20:50 - 2014-04-21 20:50 - 00772680 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys 2014-04-21 20:50 - 2014-04-21 20:50 - 00078920 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2014-04-21 20:50 - 2014-04-21 20:50 - 00000000 ____D () C:\windows\LastGood.Tmp 2014-04-21 20:27 - 2013-01-13 05:20 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\NVIDIA 2014-04-21 20:26 - 2014-04-21 20:25 - 00000000 ____D () C:\Program Files (x86)\The Mighty Quest For Epic Loot 2014-04-21 20:25 - 2014-04-21 20:25 - 00001398 _____ () C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk 2014-04-21 20:24 - 2014-04-21 20:23 - 30041832 _____ ( ) C:\Users\Shy\Downloads\MightyQuestSetup_234953.exe 2014-04-21 20:19 - 2014-04-21 20:19 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-21 20:19 - 2013-09-22 19:51 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-04-21 20:19 - 2013-09-22 19:51 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-21 20:17 - 2014-04-21 20:17 - 00283192 _____ (Mozilla) C:\Users\Shy\Downloads\Firefox Setup Stub 28.0.exe 2014-04-21 20:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-04-17 15:52 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-04-16 23:39 - 2012-07-26 07:26 - 00000292 _____ () C:\windows\win.ini 2014-04-16 18:30 - 2014-04-09 21:18 - 00001064 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-04-16 17:54 - 2014-04-16 17:10 - 00000000 ____D () C:\Users\Shy\AppData\Local\NPE 2014-04-16 17:54 - 2013-10-21 18:10 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\Skype 2014-04-16 17:54 - 2013-06-12 18:43 - 00000000 ____D () C:\Users\Shy\AppData\Roaming\Spotify 2014-04-16 17:17 - 2014-04-16 17:17 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360 2014-04-16 17:15 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF 2014-04-16 17:10 - 2012-12-04 05:34 - 00000000 ____D () C:\ProgramData\Norton 2014-04-16 17:07 - 2014-04-16 17:07 - 00000000 ____D () C:\Users\Shy\Documents\Symantec 2014-04-16 17:05 - 2014-04-16 17:05 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2014-04-16 17:05 - 2014-04-16 17:05 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2014-04-16 17:05 - 2014-04-16 17:05 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration 2014-04-16 17:05 - 2014-04-16 17:05 - 00002389 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2014-04-16 17:05 - 2014-04-16 17:05 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-04-16 17:05 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP 2014-04-16 17:03 - 2013-02-21 18:33 - 00583680 ___SH () C:\Users\Shy\Desktop\Thumbs.db 2014-04-16 17:02 - 2014-04-16 17:02 - 00000000 ____D () C:\windows\system32\Drivers\N360x64 2014-04-16 17:02 - 2014-04-16 17:02 - 00000000 ____D () C:\Program Files (x86)\Norton 360 2014-04-16 16:50 - 2014-04-16 16:50 - 00000000 ____D () C:\ProgramData\PCSettings 2014-04-16 16:38 - 2014-04-16 03:45 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-16 16:34 - 2013-11-16 11:15 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-04-16 16:33 - 2014-04-16 16:33 - 01021952 _____ (Symantec Corporation) C:\Users\Shy\Downloads\NortonN360Downloader.exe 2014-04-16 16:21 - 2013-06-12 18:45 - 00000000 ____D () C:\Users\Shy\AppData\Local\Spotify 2014-04-16 03:45 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy 2014-04-16 03:45 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy 2014-04-13 23:37 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache 2014-04-13 23:10 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData 2014-04-13 23:10 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore 2014-04-11 23:59 - 2013-07-24 07:08 - 00000000 ____D () C:\windows\system32\MRT 2014-04-11 23:57 - 2013-01-14 08:45 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-04-11 23:13 - 2014-04-16 03:44 - 01079839 _____ (AnyProtect.com) C:\Users\Shy\AppData\Local\AnyProtectScannerSetup.exe 2014-04-09 21:34 - 2014-04-09 21:34 - 01070840 _____ (Solid State Networks) C:\Users\Shy\Downloads\install_flashplayer13x32au_mssd_aaa_aih.exe 2014-04-09 21:18 - 2014-04-09 21:18 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-09 21:16 - 2014-01-27 00:05 - 00000174 _____ () C:\Users\Shy\AppData\Roaming\WB.CFG 2014-04-09 21:15 - 2014-04-09 21:15 - 00000000 ____D () C:\Users\Shy\AppData\Local\cache 2014-04-03 09:51 - 2014-04-21 22:39 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-21 22:39 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-21 22:39 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-03-31 23:18 - 2014-02-26 23:27 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-03-31 23:18 - 2014-02-26 23:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-28 22:25 - 2014-03-28 22:25 - 01172776 _____ (AnyProtect.com) C:\Users\Shy\AppData\Local\nsh4CE8.tmp 2014-03-28 09:53 - 2014-03-28 09:53 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared 2014-03-28 09:49 - 2014-03-28 09:28 - 00001569 _____ () C:\Users\Public\Desktop\Flyff.lnk 2014-03-28 09:39 - 2014-03-28 09:22 - 1178858003 _____ (Gala Networks Europe Limited ) C:\Users\Shy\Desktop\Flyff_DE_setup.exe 2014-03-28 09:24 - 2014-03-28 09:24 - 00000000 ____D () C:\Program Files\gPotato.eu 2014-03-27 02:21 - 2013-02-22 18:19 - 00004088 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-27 02:21 - 2013-02-22 18:19 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-27 02:12 - 2014-03-27 02:12 - 00321256 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-25 09:31 - 2014-03-28 09:53 - 05268336 _____ (INCA Internet Co., Ltd.) C:\windows\SysWOW64\GameMon.des 2014-03-24 01:09 - 2012-12-04 05:20 - 00000000 ____D () C:\ProgramData\Hewlett-Packard Some content of TEMP: ==================== C:\Users\Shy\AppData\Local\Temp\Extract.exe C:\Users\Shy\AppData\Local\Temp\Quarantine.exe C:\Users\Shy\AppData\Local\Temp\SP60467.exe C:\Users\Shy\AppData\Local\Temp\SP61665.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-17 11:07 ==================== End Of Log ============================ FRST-Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2014 02 Ran by Shy at 2014-04-22 16:25:52 Running from C:\Users\Shy\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== Bandizip (HKCU\...\Bandizip) (Version: 3.07 - Bandisoft.com) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) ICQ 8.0 (build 5981, für aktuellen Benutzer) (HKCU\...\ICQ) (Version: 8.0.5981.0 - Mail.Ru) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) NVIDIA Grafiktreiber 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Systemsteuerung 311.41 (Version: 311.41 - NVIDIA Corporation) Hidden Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH) Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 13-04-2014 07:46:07 Windows Update 16-04-2014 14:39:00 Removed Bonjour 21-04-2014 18:20:36 HPSF Applying updates ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0980E8C7-0085-4C8B-B5BE-AA50F8607490} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22] (Google Inc.) Task: {0B8403A4-6237-4633-A95E-C85C18B0D69A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {3279BF0D-955F-4B5D-9269-FAA665E24D6D} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {466E6ED5-33F6-41B7-93EE-B36628260189} - \SaveSenseLiveUpdateTaskMachineCore No Task File <==== ATTENTION Task: {55113738-D1EA-4864-AF3D-19045F664215} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {5AAA6364-BF65-44ED-B344-5213E9FD9C7B} - \LaunchApp No Task File <==== ATTENTION Task: {5B4C96BC-12D6-46E5-9A8E-5EC014DAF866} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {72560691-588B-47DB-960D-15B8C852DE3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: {7EE8A961-26FB-4A23-A8C1-F3411161463C} - \UpdaterEX No Task File <==== ATTENTION Task: {8BBA5135-A136-4606-A27D-B5C1485DBD56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard) Task: {8DF25D0A-9650-490C-94FA-39E1A54BB9C2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation) Task: {945C632A-5BA1-4383-8DD7-7245C6E5C74D} - \Advanced System Protector_startup No Task File <==== ATTENTION Task: {A68D5F16-D904-4C7B-830A-E15AAA3AED02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {AE577C77-D37A-489B-AB80-8097C3AA2EE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22] (Google Inc.) Task: {B577135B-8198-4532-A9F7-EDB2C6D54922} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C8262C1E-9E02-4FE4-B207-4AA16D42A1B8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F15EE7C0-BFA8-4E65-BAB2-CF5DD8C821F6} - System32\Tasks\HPCeeScheduleForShy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\HPCeeScheduleForShy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-06 23:50 - 2012-08-06 23:50 - 00607744 _____ () C:\windows\system32\spool\DRIVERS\x64\3\JobCapsA.DLL 2013-08-16 10:57 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll 2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll 2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll 2013-01-12 12:57 - 2013-01-12 12:57 - 00120224 _____ () C:\Users\Shy\AppData\Local\assembly\dl3\EDVMC1YE.5ND\YTH0BKO7.5K1\88588a02\0017145d_cd85cd01\HPItunesModule.DLL 2013-06-10 00:23 - 2011-10-27 21:16 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll 2013-01-12 16:47 - 2013-01-12 16:47 - 00851456 _____ () C:\Users\Shy\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll 2013-09-03 22:20 - 2012-04-09 00:40 - 03470848 _____ () C:\Program Files (x86)\ffdshow\ffdshow.ax 2013-08-29 20:44 - 2012-04-09 00:42 - 04427264 _____ () C:\Program Files (x86)\ffdshow\ffmpeg.dll 2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2012-08-10 17:50 - 2012-08-10 17:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll 2012-12-04 05:21 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-04-21 20:19 - 2013-02-16 02:34 - 03067288 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 8147.36 MB Available physical RAM: 6244.06 MB Total Pagefile: 10003.36 MB Available Pagefile: 7914.78 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1850.33 GB) (Free:1755.78 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: B67D538B) Partition: GPT Partition Type. ==================== End Of Log ============================ |
22.04.2014, 19:20 | #6 |
/// the machine /// TB-Ausbilder | Lollipop und andere Viren entfernen- Windows8; 64bitESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Lollipop und andere Viren entfernen- Windows8; 64bit |
Themen zu Lollipop und andere Viren entfernen- Windows8; 64bit |
64bit, andere, arbeiten, bereits, betriebssystem, brauche, browser, diverse, dringend, entferne, geladen, interne, internetbrowser, klicke, klicken, neu, programm, rechner, schaden, seite, seiten, tagen, unterbinden, verloren, viren, windows |