| |
| |||||||
Log-Analyse und Auswertung: Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in TextenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.04.2014, 01:18
| #1 |
| |  Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten Hallo! Seit ein paar Tagen habe ich das Problem, dass sobald ich im Internet bin (ich nutze Opera, aber auf IE passiert dasselbe) mehrere pop-ups auf den Homepages (an den Seiten entlang oben, unten, links und rechts) auftauchen und extrem viele Wörter im Text grün unterstrichen sind und wiederum Werbung darstellen, sobald ich mit der Maus drüberfahre. Automatisch öffnet sich auch manchmal ein neues Fenster wenn ich innerhalb einer Homepage einen Mausklick mache (Windows Werbung für Antivirenschutz). Offline habe ich keine Probleme. Ich habe mittlerweile defogger, frst, gmer und otl heruntergeladen/ausgeführt, bei defogger kam aber, obwohl ich der Meinung war, dass alle Anwendungen geschlossen waren, zweimal die Meldung, dass der Prozess auf eine Datei nicht zugreifen kann, weil sie von einem anderen Prozess verwendet wird. Ich würde mich sehr freuen, wenn mir jemand helfen kann, das loszuwerden! Vielen Dank und liebe Grüße Franziska Geändert von Franziska123 (30.04.2014 um 01:36 Uhr) Grund: [CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014 Ran by Andriy at 2014-04-30 01:18:57 Runn |
|
30.04.2014, 08:15
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
30.04.2014, 22:03
| #3 |
| | Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten Hallo!
__________________Danke für die schnelle Antwort  Ich habe die Sachen, heruntergeladen, die ich aus anderen postingantworten herausgelesen habe, ich wollte sie im ersten post in der Nachricht einfügen, aber sie war dadurch zu lang und ich habe gelesen, ich soll die logfiles in die "history" schreiben. Ehrlich gesagt weiß ich nicht, was das ist (im ersten post habe ich deshalb alles in den "Grund" hineinkopiert). Aber hier einmal den logfile von frst: LG Franziska FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by Andriy (administrator) on MYNEWHP on 30-04-2014 01:17:42 Running from C:\Users\Andriy\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.exe (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe () C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe () C:\Windows\system32\valWBFPolicyService.exe (Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe () C:\Program Files (x86)\3DataManager\WTGService.exe (Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (AMD) C:\Windows\system32\atieclxx.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrkuEw.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (BitTorrent Inc.) C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Smartbar) C:\Users\Andriy\AppData\Local\Smartbar\Application\SnapDo.exe () C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe () C:\Users\Andriy\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe () C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (Local Weather LLC) C:\Users\Andriy\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe () C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe () C:\Users\Andriy\AppData\Local\Smartbar\Application\Lrcnta.exe (Microsoft Corporation) C:\Windows\syswow64\wwahost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [90655440 2014-03-31] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-03-20] (RealNetworks, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [Google Update] => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-05] (Google Inc.) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [uTorrent] => C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe [889176 2013-08-26] (BitTorrent Inc.) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Andriy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Andriy\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-04] (Smartbar) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {0a4d6f29-7439-11e3-be99-6c3be584be5a} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758adea-fe60-11e2-be76-f4b7e2c41c42} - "F:\AutoRun.exe" HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758c4d5-fe60-11e2-be76-001e101ffe8f} - "F:\AutoRun.exe" HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f948a-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f94be-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f96da-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {b6d84743-05d7-11e3-be7a-001e101f9880} - "F:\AutoRun.exe" HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {dee233cd-01de-11e3-be77-001e101f8338} - "G:\AutoRun.exe" AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit) Startup: C:\Users\Andriy\Desktop\Programs\Startup\Launcher.lnk ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe () Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Andriy\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe () Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe () Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk ShortcutTarget: Weather Alerts.lnk -> C:\Users\Andriy\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mko_awfzxipyrztakq4j8nrc9pslljr98gagvz--sx9hmmckaq-yavakimc-at0yqxk48phzu_mlilw0a_s96ywu47yss74wc7orgg1nvjl1aesvx6kzywxelr1wxkvhoadormk9q6eeidkk5xfp2o5yw5clczgz0baqyfui581jquzmj0gzqadyp8rt1wqj6jb1pbzstmi8dzws HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=FC40001E101FAB38&affID=121565&tt=160913_m3&tsp=5014 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049761 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049761 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049761 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {2BDFF947-B67C-4B95-B36C-11B5373C2039} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=AT&userid=5d383a36-84b3-4976-8494-68b941621d64&searchtype=ds&q={searchTerms}&installDate=05/08/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Free Games 111 - {C45EC9F0-8333-465D-9728-074BD41985C9} - C:\Program Files (x86)\Free Games 111\ScriptHost64.dll (BestOffers) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) BHO-x32: Free Games 111 - {C45EC9F0-8333-465D-9728-074BD41985C9} - C:\Program Files (x86)\Free Games 111\ScriptHost.dll (BestOffers) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD) BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll No File Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies) Tcpip\..\Interfaces\{2A0AF25A-BA97-4976-9394-1E61D738996A}: [NameServer]213.94.78.16 213.94.78.17 Tcpip\..\Interfaces\{2D613361-0A59-4899-A707-83C2DCC523F6}: [NameServer]213.94.78.27 213.94.78.26 Tcpip\..\Interfaces\{72F086DE-F54D-457C-82B5-D973D7257BF9}: [NameServer]213.94.78.26 213.94.78.27 Tcpip\..\Interfaces\{790F3EC1-3D72-41F4-B12B-EC92CA16DCAC}: [NameServer]213.94.78.26 213.94.78.27 Tcpip\..\Interfaces\{7CEE4DAE-0262-44EC-8D69-27E28C760944}: [NameServer]213.94.78.26 213.94.78.27 Tcpip\..\Interfaces\{EC82F58C-A7A2-4EE3-9575-10E0F6070704}: [NameServer]213.94.78.17 213.94.78.16 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-12-12] FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-02-15] FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-02-15] FF HKCU\...\Firefox\Extensions: [{5D056E8D-1A1A-00F2-3B64-B3AA342E469E}] - C:\Program Files (x86)\a2zLyrics-soft\158.xpi FF Extension: a2zLyrics - C:\Program Files (x86)\a2zLyrics-soft\158.xpi [2014-04-22] Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&SSPV= CHR StartupUrls: "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=FC40F4B7E2C41C43&affID=127842&tsp=5159", "hxxp://search.conduit.com/?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&SSPV=" CHR DefaultSearchKeyword: conduit.search CHR DefaultSearchProvider: Conduit Search CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&q={searchTerms}&SSPV= CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Andriy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) CHR Extension: (Buenosearch Toolbar) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk [2014-02-17] CHR Extension: (Snap.Do ) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-08-20] CHR Extension: (Google Docs) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-05] CHR Extension: (Google Drive) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-05] CHR Extension: (YouTube) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-05] CHR Extension: (Extended Protection) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-10-29] CHR Extension: (Google-Suche) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-05] CHR Extension: (a2zLyrics-16) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfocabhmkfcdibnkgogpaclhgblhnemn [2013-10-29] CHR Extension: (Delta Toolbar) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-23] CHR Extension: (Website Logon) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-08-05] CHR Extension: (RealPlayer Downloader) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-23] CHR Extension: (Lightning Newtab) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-03] CHR Extension: (a2zLyrics) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-22] CHR Extension: (Wajam) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2014-01-24] CHR Extension: (PricePeep) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb [2014-01-17] CHR Extension: (Norton Identity Protection) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-05] CHR Extension: (Google Wallet) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23] CHR Extension: (Google Mail) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-05] CHR HKLM-x32\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - C:\Users\Andriy\AppData\Roaming\BabSolution\CR\bueno.crx [2014-02-15] CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [2014-02-15] CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Andriy\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-23] CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-10-29] CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Andriy\AppData\Local\Wajam\Chrome\wajam.crx [2013-12-31] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26] ==================== Services (Whitelisted) ================= R2 a2zLyrics; C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.exe [141824 2014-04-22] () R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-06] (Just Develop It) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation) R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit) R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP) R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S2 Mobiles Internet. RunOuc; C:\Program Files (x86)\Mobiles Internet\UpdateDog\ouc.exe [246112 2013-08-06] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation) R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] () R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-20] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-10-25] (Wajam) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [343024 2012-07-05] () S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X] ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) U4 BthAvrcpTg; U4 BthHFEnum; U4 bthhfhid; R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-11] (Symantec Corporation) S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [229376 2013-08-05] (Huawei Technologies Co., Ltd.) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140428.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140429.001\ENG64.SYS [126040 2014-04-25] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140429.001\EX64.SYS [2099288 2014-04-25] (Symantec Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-12] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-30 01:18 - 2014-04-30 01:18 - 00156272 _____ () C:\Users\Andriy\Desktop\OTL.Txt 2014-04-30 01:17 - 2014-04-30 01:18 - 00039566 _____ () C:\Users\Andriy\Downloads\FRST.txt 2014-04-30 01:17 - 2014-04-30 01:17 - 00000000 ____D () C:\FRST 2014-04-30 01:12 - 2014-04-30 01:12 - 02061824 _____ (Farbar) C:\Users\Andriy\Downloads\FRST64.exe 2014-04-30 01:11 - 2014-04-30 01:11 - 01049600 _____ (Farbar) C:\Users\Andriy\Downloads\FRST.exe 2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log 2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable 2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe 2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt 2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt 2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe 2014-04-28 00:51 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-28 00:51 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-23 22:29 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-23 22:29 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-23 22:29 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-04-23 22:29 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-04-23 22:29 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2014-04-23 22:29 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-23 22:29 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-23 22:29 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-04-23 22:29 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2014-04-23 22:29 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-23 22:29 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-23 22:29 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-23 22:29 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-04-23 22:29 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-23 22:29 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-04-23 22:29 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-23 22:29 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-23 22:29 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-04-23 22:29 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-04-23 22:28 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-23 22:28 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-23 22:28 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-04-23 22:28 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-04-23 22:28 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-23 22:28 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-23 22:28 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-23 22:28 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-23 22:28 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-23 22:28 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-23 22:27 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-23 22:27 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-23 22:27 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-23 22:27 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-23 22:27 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-23 22:27 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-04-23 22:27 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-04-23 22:27 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-04-23 22:27 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-23 22:27 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-23 22:27 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-23 22:27 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-23 22:27 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-04-23 22:27 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-23 22:26 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-23 22:26 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-23 22:26 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-22 13:29 - 2014-04-29 00:38 - 00000000 ____D () C:\Program Files (x86)\a2zLyrics-soft 2014-04-22 13:29 - 2014-04-28 09:05 - 00000414 _____ () C:\Windows\Tasks\a2zLyrics_wd.job 2014-04-22 13:29 - 2014-04-22 13:29 - 00002996 _____ () C:\Windows\System32\Tasks\a2zLyrics_wd 2014-04-22 13:29 - 2014-04-22 13:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls 2014-04-20 06:54 - 2014-04-21 18:00 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls 2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z 2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls 2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx 2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-04-07 08:32 - 2014-04-07 23:51 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx 2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx ==================== One Month Modified Files and Folders ======= 2014-04-30 01:18 - 2014-04-30 01:18 - 00156272 _____ () C:\Users\Andriy\Desktop\OTL.Txt 2014-04-30 01:18 - 2014-04-30 01:17 - 00039566 _____ () C:\Users\Andriy\Downloads\FRST.txt 2014-04-30 01:18 - 2013-08-05 14:49 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\uTorrent 2014-04-30 01:18 - 2013-08-05 12:47 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA.job 2014-04-30 01:17 - 2014-04-30 01:17 - 00000000 ____D () C:\FRST 2014-04-30 01:12 - 2014-04-30 01:12 - 02061824 _____ (Farbar) C:\Users\Andriy\Downloads\FRST64.exe 2014-04-30 01:11 - 2014-04-30 01:11 - 01049600 _____ (Farbar) C:\Users\Andriy\Downloads\FRST.exe 2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log 2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable 2014-04-30 01:09 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy 2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe 2014-04-30 01:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-04-30 00:50 - 2013-08-05 12:11 - 01346999 _____ () C:\Windows\WindowsUpdate.log 2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt 2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt 2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe 2014-04-30 00:10 - 2014-01-17 12:51 - 00000000 ____D () C:\Users\Andriy\AppData\Local\WeatherAlerts 2014-04-29 23:57 - 2012-09-26 10:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini 2014-04-29 23:55 - 2013-09-30 09:55 - 00000000 ____D () C:\movies 2014-04-29 23:54 - 2013-03-17 20:02 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-04-29 23:54 - 2013-03-17 20:02 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-04-29 20:27 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy\AppData\Local\Packages 2014-04-29 09:44 - 2014-01-03 18:18 - 00000138 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI 2014-04-29 09:17 - 2013-08-05 15:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\vlc 2014-04-29 00:38 - 2014-04-22 13:29 - 00000000 ____D () C:\Program Files (x86)\a2zLyrics-soft 2014-04-28 09:10 - 2013-08-05 14:13 - 01090562 _____ () C:\Windows\system32\perfh019.dat 2014-04-28 09:10 - 2013-08-05 14:13 - 00448782 _____ () C:\Windows\system32\perfc019.dat 2014-04-28 09:10 - 2012-10-31 20:56 - 01857092 _____ () C:\Windows\system32\perfh007.dat 2014-04-28 09:10 - 2012-10-31 20:56 - 00495794 _____ () C:\Windows\system32\perfc007.dat 2014-04-28 09:10 - 2012-07-26 09:28 - 00006786 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-28 09:09 - 2014-01-17 12:48 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\newnext.me 2014-04-28 09:08 - 2013-08-16 11:42 - 00000000 ____D () C:\Users\Andriy\AppData\Local\CrashDumps 2014-04-28 09:06 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-28 09:06 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-28 09:05 - 2014-04-22 13:29 - 00000414 _____ () C:\Windows\Tasks\a2zLyrics_wd.job 2014-04-28 01:20 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-04-28 00:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-04-28 00:49 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-28 00:47 - 2012-08-04 00:23 - 00044968 _____ () C:\Windows\PFRO.log 2014-04-28 00:47 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-04-28 00:44 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-04-26 23:32 - 2013-10-29 19:38 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndriy 2014-04-26 23:32 - 2013-10-29 19:38 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForAndriy.job 2014-04-26 10:18 - 2013-08-05 12:47 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core.job 2014-04-24 21:15 - 2014-03-21 08:58 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1983903431-3382947560-1226906540-1001 2014-04-24 21:15 - 2014-03-21 08:58 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1983903431-3382947560-1226906540-1001 2014-04-24 06:29 - 2013-09-30 16:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-22 17:31 - 2013-10-08 17:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-04-22 17:31 - 2013-10-08 17:22 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-22 15:02 - 2014-02-15 20:47 - 00000294 _____ () C:\Windows\Tasks\PC Performer_DEFAULT.job 2014-04-22 15:01 - 2014-02-15 20:47 - 00003118 _____ () C:\Windows\System32\Tasks\PC Performer 2014-04-22 13:29 - 2014-04-22 13:29 - 00002996 _____ () C:\Windows\System32\Tasks\a2zLyrics_wd 2014-04-22 13:29 - 2014-04-22 13:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-22 13:29 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-22 13:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-22 13:28 - 2013-10-29 14:28 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck 2014-04-22 13:28 - 2013-10-29 14:28 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor 2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls 2014-04-22 07:00 - 2013-08-06 22:02 - 00502272 ___SH () C:\Users\Andriy\Desktop\Thumbs.db 2014-04-21 18:00 - 2014-04-20 06:54 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls 2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z 2014-04-19 11:20 - 2013-08-05 14:23 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-18 17:15 - 2013-08-10 18:03 - 00000000 ____D () C:\Users\Andriy\AppData\Local\SoulseekQt 2014-04-16 19:47 - 2014-02-15 20:47 - 00000302 _____ () C:\Windows\Tasks\PC Performer_UPDATES.job 2014-04-16 18:36 - 2013-08-05 12:22 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1983903431-3382947560-1226906540-1001 2014-04-14 20:14 - 2013-08-08 17:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\foobar2000 2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls 2014-04-10 23:21 - 2013-08-05 12:48 - 00002364 _____ () C:\Users\Andriy\Desktop\Google Chrome.lnk 2014-04-07 23:51 - 2014-04-07 08:32 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx 2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx 2014-04-07 10:13 - 2013-08-05 12:47 - 00004092 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA 2014-04-07 10:13 - 2013-08-05 12:47 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core 2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-04-07 09:30 - 2013-03-17 20:19 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-04-07 09:30 - 2013-03-17 20:19 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-04-07 09:30 - 2013-03-17 20:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx 2014-03-31 23:18 - 2014-04-28 00:51 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-31 23:18 - 2014-04-28 00:51 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-31 03:51 - 2013-09-30 16:38 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Andriy\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe C:\Users\Andriy\AppData\Local\Temp\BackupSetup.exe C:\Users\Andriy\AppData\Local\Temp\ffdshow.exe C:\Users\Andriy\AppData\Local\Temp\MatroskaSplitter.exe C:\Users\Andriy\AppData\Local\Temp\nsc6163.exe C:\Users\Andriy\AppData\Local\Temp\nsc8D0.exe C:\Users\Andriy\AppData\Local\Temp\nsg5E74.exe C:\Users\Andriy\AppData\Local\Temp\nsuD75.exe C:\Users\Andriy\AppData\Local\Temp\OfficeSetup.exe C:\Users\Andriy\AppData\Local\Temp\setup__1567.exe C:\Users\Andriy\AppData\Local\Temp\smt_ar_dosearches.exe C:\Users\Andriy\AppData\Local\Temp\SPSetup.exe C:\Users\Andriy\AppData\Local\Temp\stubhelper.dll C:\Users\Andriy\AppData\Local\Temp\vcredist_x64_VS2008SP1.exe C:\Users\Andriy\AppData\Local\Temp\?odec Performer803975.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 03:47 ==================== End Of Log ============================ |
|
01.05.2014, 16:47
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten Da fehlt noch die Addition.txt von FRST
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.05.2014, 18:32
| #5 |
| | Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten Oops, jetzt aber Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by Andriy at 2014-04-30 01:18:57
Running from C:\Users\Andriy\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
3DataManager (HKLM-x32\...\3DataManager) (Version: 3.5 - 3DataManager)
a2zLyrics (HKLM-x32\...\72F8E0A0-2B13-927B-22B1-B4811F794A17) (Version: - a2zLyrics-software) <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D6CCB94-05E3-753A-5ED7-97495EA8AEFF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
buenosearch toolbar (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version: - ) <==== ATTENTION
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0918.260.3365 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2.5712 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.2.2114 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2110 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4528 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.5.5811 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Delta toolbar (HKLM-x32\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.13.0 - Local Weather LLC)
DivxToDVD 0.5.2b (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version: - filetypeadvisor.com)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Foto Paradies (HKLM-x32\...\{4FB9F8B3-1355-41FF-BD5E-5CB582B64A5D}}_is1) (Version: 3.5.0.3 - Foto Online Service GmbH)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free Games 111 (HKLM-x32\...\Free Games 111) (Version: 3.0.0.0 - BestOffers) <==== ATTENTION
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - FreeCodecPack)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{92E8BC5B-6023-4846-8151-415351A4FAFF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Kolor Autopano Giga 3.0 (HKLM\...\AutopanoGiga3.0) (Version: V3.0.7 - Kolor)
Leisure Suit Larry's Greatest Hits and Misses! (HKLM-x32\...\GOGPACKLARRY16_is1) (Version: 2.1.0.17 - GOG.com)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4517.1005 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MJoy Radio (HKLM-x32\...\5AFE1F7DBA584035C1170C17976757D58047C692.1.5AFE1F7DBA584035C1170C17976757D58047C692.1) (Version: 2.1.0 - UNKNOWN)
MJoy Radio (x32 Version: 2.1.0 - UNKNOWN) Hidden
Mobiles Internet (HKLM-x32\...\Mobiles Internet) (Version: 21.005.18.01.75 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Online Games Manager v1.21 (HKLM-x32\...\Online Games Manager) (Version: 1.21.2 - Real Networks, Inc.)
Opera Stable 20.0.1387.77 (HKLM-x32\...\Opera 20.0.1387.77) (Version: 20.0.1387.77 - Opera Software ASA)
PC Performer (HKLM-x32\...\PC Performer_is1) (Version: 11.10 - PerformerSoft LLC) <==== ATTENTION
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.8 - betwikx LLC) <==== ATTENTION
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roberta Williams' Phantasmagoria (HKLM-x32\...\GOGPACKPHANTASMAGORIA_is1) (Version: 2.0.0.14 - GOG.com)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
Snap.Do (HKLM-x32\...\{F4F6F37C-8D19-4DAD-BF7B-0953133FD43F}) (Version: 11.20.1.15636 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{3a18a21d-a880-4b8d-9a81-74791ddb2421}) (Version: 1.71.1.11943 - ReSoft Ltd.) <==== ATTENTION
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
Speed Test 127 (HKLM-x32\...\Speed Test 127) (Version: 3.0.0.0 - Speed Analysis) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tiny Media Player v1.0 (HKLM-x32\...\Tiny Media Player_is1) (Version: 1.0.0.0 - )
Treasure Adventure Game (HKLM-x32\...\GOGPACKTREASUREADVENTUREGAME_is1) (Version: 2.0.0.4 - GOG.com)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Wajam (HKLM-x32\...\Wajam) (Version: 2.07 - Wajam) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 5.00 бета 8 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
Word Slinger (HKLM-x32\...\8617b280ce3d8581e46e17e0197f18ad) (Version: - Zylom)
Worlds of Ultima - The Savage Empire (HKLM-x32\...\GOGPACKWORLDSOFULTIMASAVAGE_is1) (Version: 2.0.0.26 - GOG.com)
==================== Restore Points =========================
14-04-2014 19:17:19 Windows Update
19-04-2014 09:20:14 Windows Update
24-04-2014 04:15:31 Windows Update
27-04-2014 22:32:00 Windows Update
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0515D3F2-722D-430D-8A5C-13E6DBD79520} - System32\Tasks\PC Performer => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {156C3FEC-5D80-4A63-BC7A-989BE6A751B0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CD7158D-9BF2-447F-87B7-26AEC3971054} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {20681E74-EAA0-49A4-BCEB-84D697F26023} - System32\Tasks\EPUpdater => C:\Users\Andriy\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {27310A1A-0975-415A-A4C3-2EF9819F48F6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {32E7541E-81D9-470F-AF41-64F7213E8C47} - System32\Tasks\HPCeeScheduleForAndriy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {42D71806-5811-4635-A2DF-68CE4808E653} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {44154D8E-8966-4403-8C01-B84D42CCAC5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4F453D1E-DC34-468E-847A-A7B6931FC557} - System32\Tasks\PC Performer_UPDATES => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {522AEA12-6797-4BC7-90B9-288F76808F8C} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {630EC78F-25B7-4233-9099-4ECA7E51B5C0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {65392A87-4A56-4746-81C1-F814B1F635A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1983903431-3382947560-1226906540-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {71E6EA2B-A0B8-486E-9E81-77705495FA7E} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {74BE0AE6-2E57-4CF0-AE3A-9FB52DD1AAD6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1983903431-3382947560-1226906540-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {77605241-1C5B-45D2-9602-80F1D807865F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {87E79F84-CB87-4AC3-A72E-102F1CA80ECA} - System32\Tasks\a2zLyrics_wd => C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrkuEw.exe [2014-04-22] () <==== ATTENTION
Task: {8A1973BA-194F-40E0-949F-1CF2CFC8F18D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {92958352-B4DE-49A8-9A65-4A38AE8AADAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {A3C6218A-675F-402C-9F42-C5600AA91AA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A6BC4D73-C2F1-4B5A-8AF2-9CE635AD8C4C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8305ACF-7757-4ED0-8151-46A178F6F290} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {ADA35FE3-575C-444A-B495-DDC5AA214254} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {B7E8E921-9CF8-4CBC-A0A9-3EE89D28287F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B95C31A5-A15A-4288-9C9D-C5FD254E9273} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-13] (filetypeadvisor.com )
Task: {C22010D1-1B2F-4AB7-A073-E11F7BA19C71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\a2zLyrics_wd.job => C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrkuEw.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core.job => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA.job => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAndriy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-04-22 13:29 - 2014-04-22 13:29 - 00141824 _____ () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.exe
2014-02-06 17:13 - 2014-02-06 17:13 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-02-06 17:19 - 2014-02-06 17:19 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00246112 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe
2013-08-05 13:24 - 2013-06-16 14:52 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-08-05 13:24 - 2013-06-09 23:09 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-08-05 13:24 - 2013-06-09 23:09 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-02-12 15:42 - 2014-02-12 15:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-14 13:06 - 2014-02-14 13:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-09-06 02:47 - 2012-09-06 02:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-08-05 17:52 - 2012-07-05 06:03 - 00343024 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe
2012-09-19 19:37 - 2012-09-19 19:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-04-22 13:29 - 2014-04-22 13:29 - 00077312 _____ () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrkuEw.exe
2012-08-10 02:36 - 2012-08-10 02:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2014-01-03 18:39 - 2014-01-03 18:40 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-05 01:21 - 2012-09-05 01:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-05 12:12 - 2013-08-05 12:12 - 00120224 _____ () C:\Users\Andriy\AppData\Local\assembly\dl3\5W7W1YB6.RD7\37E3VZZ9.7XJ\5992da9a\004b58b8_95a8cd01\HPItunesModule.DLL
2013-08-05 17:52 - 2012-07-10 15:38 - 00506864 ____N () C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe
2013-11-14 00:31 - 2013-11-14 00:31 - 00546304 _____ () C:\Users\Andriy\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
2014-01-08 00:12 - 2014-01-08 00:12 - 00317720 _____ () C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
2012-09-18 03:58 - 2012-09-18 03:58 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 01380192 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe
2012-09-19 19:37 - 2012-09-19 19:37 - 00363784 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00062216 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-03-04 16:27 - 2014-03-04 16:27 - 00022560 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-04-22 13:29 - 2014-04-22 13:29 - 00133120 _____ () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00011362 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\mingwm10.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00043008 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 02415104 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtCore4.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 01148416 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtNetwork4.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00384512 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QueryStrategy.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00398336 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtXml4.dll
2014-03-20 09:52 - 2014-03-20 09:52 - 00867928 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-02-19 16:10 - 2014-02-19 16:10 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\766c9d1f5aedd3f4c133f9df5db8743e\PSIClient.ni.dll
2013-03-17 19:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-03-17 20:09 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00046624 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00068640 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srau.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00165408 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 02282528 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00066592 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\spbl.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00154656 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00014368 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\siem.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00060960 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\sppsm.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00696352 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00014880 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00078880 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00026656 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00056352 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srut.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00029216 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srsbs.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00065056 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00030752 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srom.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00030752 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\smtu.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00038944 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\smta.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00024096 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\sgml.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00043552 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srbu.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00061472 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00024608 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srpdm.dll
2014-03-04 16:27 - 2014-03-04 16:27 - 00043040 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-03-04 16:26 - 2014-03-04 16:26 - 00026656 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00035360 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00193056 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\sgmu.dll
2014-03-04 16:25 - 2014-03-04 16:25 - 00061440 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00255008 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srns.dll
2013-08-05 13:24 - 2013-08-05 13:24 - 00313000 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-08-05 13:24 - 2013-08-05 13:24 - 00358056 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00079624 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00363784 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\libglesv2.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\libegl.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\ffmpegsumo.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2012-09-24 15:27 - 2012-09-24 15:27 - 00335176 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 18:28 - 2012-05-02 18:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2014-03-04 16:27 - 2014-03-04 16:27 - 00030240 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\lrcnt.dll
2014-04-30 01:18 - 2014-04-30 01:18 - 01119448 _____ () C:\Users\Andriy\AppData\Local\Google\Update\Install\{A7413C6E-04FE-4736-9B4A-5517D34E18F0}\34.0.1847.131_34.0.1847.116_chrome_updater.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/29/2014 09:33:51 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (04/29/2014 09:32:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/29/2014 08:08:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BlueSoleilCS.exe, Version: 9.0.723.0, Zeitstempel: 0x5062b290
Name des fehlerhaften Moduls: tl_filter.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x505fc6a9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x031cd53d
ID des fehlerhaften Prozesses: 0x1a00
Startzeit der fehlerhaften Anwendung: 0xBlueSoleilCS.exe0
Pfad der fehlerhaften Anwendung: BlueSoleilCS.exe1
Pfad des fehlerhaften Moduls: BlueSoleilCS.exe2
Berichtskennung: BlueSoleilCS.exe3
Vollständiger Name des fehlerhaften Pakets: BlueSoleilCS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BlueSoleilCS.exe5
Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2672
Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2672
Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1328
Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1328
Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2014 00:37:03 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (04/29/2014 08:08:40 PM) (Source: Service Control Manager) (User: )
Description: Dienst "BlueSoleilCS" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (04/29/2014 03:49:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2835364)
Error: (04/29/2014 00:45:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2835364)
Error: (04/29/2014 00:44:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2822241)
Error: (04/29/2014 00:41:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2785094)
Error: (04/29/2014 00:38:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2876415)
Error: (04/28/2014 00:50:50 AM) (Source: Service Control Manager) (User: )
Description: Dienst "BlueSoleilCS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/28/2014 00:49:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobiles Internet. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/28/2014 00:49:52 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobiles Internet. OUC erreicht.
Error: (04/28/2014 00:49:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (04/29/2014 09:33:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (04/29/2014 09:32:01 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{97F4C931-5B0F-4572-97FD-042F75F5198B}\recordingmanager.exe
Error: (04/29/2014 08:08:21 PM) (Source: Application Error)(User: )
Description: BlueSoleilCS.exe9.0.723.05062b290tl_filter.dll_unloaded0.0.0.0505fc6a9c0000094031cd53d1a0001cf62b08272f500C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exetl_filter.dll3ee6fcd7-cfc9-11e3-bea8-001e101f27fe
Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2672
Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2672
Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1328
Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1328
Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2014 00:37:03 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{97F4C931-5B0F-4572-97FD-042F75F5198B}\recordingmanager.exe
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 8088.27 MB
Available physical RAM: 4666.83 MB
Total Pagefile: 9304.27 MB
Available Pagefile: 4730.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:680.61 GB) (Free:420.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.25 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Mobiles Internet) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 93E9A6FB)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
02.05.2014, 16:42
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten |
|
02.05.2014, 21:12
| #7 |
| | Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten Hallo! Das schaut schon super aus, ich hab jetzt keine grün unterstrichenen wörter mehr und auch nicht mehr die ganzen pop-ups Danke!Hier sind die Logfiles: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014 Ran by Andriy (administrator) on MYNEWHP on 02-05-2014 22:00:05 Running from C:\Users\Andriy\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe () C:\Windows\System32\valWBFPolicyService.exe () C:\Program Files (x86)\3DataManager\WTGService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (BitTorrent Inc.) C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe () C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Farbar) C:\Users\Andriy\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-03-20] (RealNetworks, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [Google Update] => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-05] (Google Inc.) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [uTorrent] => C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {0a4d6f29-7439-11e3-be99-6c3be584be5a} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758adea-fe60-11e2-be76-f4b7e2c41c42} - "F:\AutoRun.exe" HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758c4d5-fe60-11e2-be76-001e101ffe8f} - "F:\AutoRun.exe" HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f948a-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f94be-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f96da-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {b6d84743-05d7-11e3-be7a-001e101f9880} - "F:\AutoRun.exe" HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {dee233cd-01de-11e3-be77-001e101f8338} - "G:\AutoRun.exe" Startup: C:\Users\Andriy\Desktop\Programs\Startup\Launcher.lnk ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe () Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {2BDFF947-B67C-4B95-B36C-11B5373C2039} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies) Tcpip\..\Interfaces\{2A0AF25A-BA97-4976-9394-1E61D738996A}: [NameServer]213.94.78.16 213.94.78.17 Tcpip\..\Interfaces\{2D613361-0A59-4899-A707-83C2DCC523F6}: [NameServer]213.94.78.27 213.94.78.26 Tcpip\..\Interfaces\{72F086DE-F54D-457C-82B5-D973D7257BF9}: [NameServer]213.94.78.26 213.94.78.27 Tcpip\..\Interfaces\{790F3EC1-3D72-41F4-B12B-EC92CA16DCAC}: [NameServer]213.94.78.26 213.94.78.27 Tcpip\..\Interfaces\{7CEE4DAE-0262-44EC-8D69-27E28C760944}: [NameServer]213.94.78.26 213.94.78.27 Tcpip\..\Interfaces\{EC82F58C-A7A2-4EE3-9575-10E0F6070704}: [NameServer]213.94.78.17 213.94.78.16 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-12-12] FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-02-15] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.enhanced-search.com/?babsrc=HP_ss_mib2&mntrId=FC40F4B7E2C41C43&affID=127842&tsp=5159" CHR DefaultSearchKeyword: conduit.search CHR DefaultSearchProvider: Conduit Search CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&q={searchTerms}&SSPV= CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Andriy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) CHR Extension: (Google Docs) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-05] CHR Extension: (Google Drive) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-05] CHR Extension: (YouTube) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-05] CHR Extension: (Google-Suche) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-05] CHR Extension: (a2zLyrics-16) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfocabhmkfcdibnkgogpaclhgblhnemn [2013-10-29] CHR Extension: (Website Logon) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-08-05] CHR Extension: (RealPlayer Downloader) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-23] CHR Extension: (Norton Identity Protection) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-05] CHR Extension: (Google Wallet) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23] CHR Extension: (Google Mail) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-05] CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26] ==================== Services (Whitelisted) ================= R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation) R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP) R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S2 Mobiles Internet. RunOuc; C:\Program Files (x86)\Mobiles Internet\UpdateDog\ouc.exe [246112 2013-08-06] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation) R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] () R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-20] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [343024 2012-07-05] () ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) U4 BthAvrcpTg; U4 BthHFEnum; U4 bthhfhid; R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-11] (Symantec Corporation) S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [229376 2013-08-05] (Huawei Technologies Co., Ltd.) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140430.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140501.003\ENG64.SYS [126040 2014-04-25] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140501.003\EX64.SYS [2099288 2014-04-25] (Symantec Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-12] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-02 22:00 - 2014-05-02 22:00 - 00028627 _____ () C:\Users\Andriy\Desktop\FRST.txt 2014-05-02 21:59 - 2014-05-02 21:59 - 00002020 _____ () C:\Users\Andriy\Desktop\JRT.1.txt 2014-05-02 21:58 - 2014-05-02 21:58 - 00002020 _____ () C:\Users\Andriy\Desktop\JRT.txt 2014-05-02 21:43 - 2014-05-02 21:43 - 00000000 ____D () C:\Windows\ERUNT 2014-05-02 21:39 - 2014-05-02 21:39 - 00006376 _____ () C:\Users\Andriy\Desktop\AdwCleaner[S0].txt 2014-05-02 21:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-02 21:30 - 2014-05-02 21:33 - 00000000 ____D () C:\AdwCleaner 2014-05-02 21:21 - 2014-05-02 21:21 - 00001133 _____ () C:\Users\Andriy\Desktop\mbam.txt 2014-05-02 20:50 - 2014-05-02 20:52 - 01016261 _____ (Thisisu) C:\Users\Andriy\Desktop\JRT.exe 2014-05-02 20:41 - 2014-05-02 20:45 - 01310621 _____ () C:\Users\Andriy\Desktop\adwcleaner.exe 2014-05-02 20:17 - 2014-05-02 21:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 20:17 - 2014-05-02 20:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-02 20:17 - 2014-05-02 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-02 20:17 - 2014-05-02 20:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-02 20:17 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-02 20:17 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-02 20:17 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-02 19:36 - 2014-05-02 20:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andriy\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-02 19:33 - 2014-05-02 19:33 - 00000738 _____ () C:\Users\Andriy\Desktop\Revo Uninstaller.lnk 2014-05-02 19:25 - 2014-05-02 19:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andriy\Downloads\revosetup95.exe 2014-05-02 18:59 - 2014-05-02 19:05 - 02062336 _____ (Farbar) C:\Users\Andriy\Desktop\FRST64 (1).exe 2014-05-02 18:47 - 2014-05-02 18:49 - 00000000 ____D () C:\Users\Andriy\Downloads\FRST-OlderVersion 2014-04-30 01:47 - 2014-04-30 01:47 - 00300064 _____ () C:\Windows\Minidump\043014-64718-01.dmp 2014-04-30 01:46 - 2014-04-30 01:47 - 00330160 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-30 01:33 - 2014-05-02 19:00 - 00000000 ____D () C:\Users\Andriy\Desktop\ComputerSpy_Malware_Programme 2014-04-30 01:21 - 2014-04-30 01:21 - 00380416 _____ () C:\Users\Andriy\Downloads\Gmer-19357.exe 2014-04-30 01:18 - 2014-04-30 01:20 - 00044756 _____ () C:\Users\Andriy\Downloads\Addition.txt 2014-04-30 01:17 - 2014-05-02 22:00 - 00000000 ____D () C:\FRST 2014-04-30 01:17 - 2014-04-30 01:20 - 00059999 _____ () C:\Users\Andriy\Downloads\FRST.txt 2014-04-30 01:12 - 2014-05-02 18:47 - 00716800 _____ () C:\Users\Andriy\Downloads\FRST64.exe 2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log 2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable 2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe 2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt 2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt 2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe 2014-04-28 00:51 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-28 00:51 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-23 22:29 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-23 22:29 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-23 22:29 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-04-23 22:29 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-04-23 22:29 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2014-04-23 22:29 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-23 22:29 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-23 22:29 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-04-23 22:29 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2014-04-23 22:29 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-23 22:29 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-23 22:29 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-23 22:29 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-04-23 22:29 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-23 22:29 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-04-23 22:29 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-23 22:29 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-23 22:29 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-04-23 22:29 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-04-23 22:28 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-23 22:28 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-23 22:28 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-04-23 22:28 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-04-23 22:28 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-23 22:28 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-23 22:28 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-23 22:28 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-23 22:28 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-23 22:28 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-23 22:27 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-23 22:27 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-23 22:27 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-23 22:27 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-23 22:27 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-23 22:27 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-04-23 22:27 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-04-23 22:27 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-04-23 22:27 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-23 22:27 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-23 22:27 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-23 22:27 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-23 22:27 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-04-23 22:27 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-23 22:26 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-23 22:26 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-23 22:26 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-22 13:29 - 2014-05-02 19:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls 2014-04-20 06:54 - 2014-04-21 18:00 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls 2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z 2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls 2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx 2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-04-07 08:32 - 2014-04-07 23:51 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx 2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx ==================== One Month Modified Files and Folders ======= 2014-05-02 22:00 - 2014-05-02 22:00 - 00028627 _____ () C:\Users\Andriy\Desktop\FRST.txt 2014-05-02 22:00 - 2014-04-30 01:17 - 00000000 ____D () C:\FRST 2014-05-02 22:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-05-02 21:59 - 2014-05-02 21:59 - 00002020 _____ () C:\Users\Andriy\Desktop\JRT.1.txt 2014-05-02 21:58 - 2014-05-02 21:58 - 00002020 _____ () C:\Users\Andriy\Desktop\JRT.txt 2014-05-02 21:56 - 2013-08-05 14:49 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\uTorrent 2014-05-02 21:43 - 2014-05-02 21:43 - 00000000 ____D () C:\Windows\ERUNT 2014-05-02 21:40 - 2012-09-26 10:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini 2014-05-02 21:39 - 2014-05-02 21:39 - 00006376 _____ () C:\Users\Andriy\Desktop\AdwCleaner[S0].txt 2014-05-02 21:38 - 2013-09-30 16:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-02 21:36 - 2014-05-02 20:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 21:36 - 2013-03-17 20:02 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-05-02 21:36 - 2013-03-17 20:02 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-05-02 21:35 - 2012-08-04 00:23 - 00136196 _____ () C:\Windows\PFRO.log 2014-05-02 21:35 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-02 21:33 - 2014-05-02 21:30 - 00000000 ____D () C:\AdwCleaner 2014-05-02 21:32 - 2013-08-20 14:07 - 00000601 _____ () C:\Users\Andriy\Desktop\Search.lnk 2014-05-02 21:32 - 2013-08-05 12:48 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-02 21:32 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-02 21:32 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy 2014-05-02 21:22 - 2012-07-26 09:52 - 00000000 ____D () C:\Windows\ShellNew 2014-05-02 21:21 - 2014-05-02 21:21 - 00001133 _____ () C:\Users\Andriy\Desktop\mbam.txt 2014-05-02 21:21 - 2013-08-05 12:11 - 02041289 _____ () C:\Windows\WindowsUpdate.log 2014-05-02 21:21 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-05-02 21:18 - 2013-08-05 12:47 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA.job 2014-05-02 20:52 - 2014-05-02 20:50 - 01016261 _____ (Thisisu) C:\Users\Andriy\Desktop\JRT.exe 2014-05-02 20:45 - 2014-05-02 20:41 - 01310621 _____ () C:\Users\Andriy\Desktop\adwcleaner.exe 2014-05-02 20:17 - 2014-05-02 20:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-02 20:17 - 2014-05-02 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-02 20:17 - 2014-05-02 20:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-02 20:14 - 2014-05-02 19:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andriy\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-02 19:35 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-05-02 19:33 - 2014-05-02 19:33 - 00000738 _____ () C:\Users\Andriy\Desktop\Revo Uninstaller.lnk 2014-05-02 19:29 - 2014-05-02 19:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andriy\Downloads\revosetup95.exe 2014-05-02 19:25 - 2013-08-05 14:13 - 01099486 _____ () C:\Windows\system32\perfh019.dat 2014-05-02 19:25 - 2013-08-05 14:13 - 00457322 _____ () C:\Windows\system32\perfc019.dat 2014-05-02 19:25 - 2012-10-31 20:56 - 01888684 _____ () C:\Windows\system32\perfh007.dat 2014-05-02 19:25 - 2012-10-31 20:56 - 00505266 _____ () C:\Windows\system32\perfc007.dat 2014-05-02 19:25 - 2012-07-26 09:28 - 00006786 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-02 19:20 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-05-02 19:19 - 2014-04-22 13:29 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-05-02 19:19 - 2013-10-29 19:38 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForAndriy.job 2014-05-02 19:05 - 2014-05-02 18:59 - 02062336 _____ (Farbar) C:\Users\Andriy\Desktop\FRST64 (1).exe 2014-05-02 19:00 - 2014-04-30 01:33 - 00000000 ____D () C:\Users\Andriy\Desktop\ComputerSpy_Malware_Programme 2014-05-02 18:49 - 2014-05-02 18:47 - 00000000 ____D () C:\Users\Andriy\Downloads\FRST-OlderVersion 2014-05-02 18:47 - 2014-04-30 01:12 - 00716800 _____ () C:\Users\Andriy\Downloads\FRST64.exe 2014-05-02 02:41 - 2013-08-05 15:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\vlc 2014-05-01 13:28 - 2013-10-29 14:28 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor 2014-05-01 10:18 - 2013-08-05 12:47 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core.job 2014-05-01 02:11 - 2013-08-07 12:45 - 00000000 ____D () C:\Users\Andriy\Documents\Youcam 2014-04-30 23:32 - 2013-10-29 19:38 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndriy 2014-04-30 01:47 - 2014-04-30 01:47 - 00300064 _____ () C:\Windows\Minidump\043014-64718-01.dmp 2014-04-30 01:47 - 2014-04-30 01:46 - 00330160 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-30 01:47 - 2013-08-15 20:23 - 00000000 ____D () C:\Windows\Minidump 2014-04-30 01:46 - 2013-08-15 20:23 - 1021655135 _____ () C:\Windows\MEMORY.DMP 2014-04-30 01:40 - 2014-01-03 18:18 - 00000138 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI 2014-04-30 01:21 - 2014-04-30 01:21 - 00380416 _____ () C:\Users\Andriy\Downloads\Gmer-19357.exe 2014-04-30 01:20 - 2014-04-30 01:18 - 00044756 _____ () C:\Users\Andriy\Downloads\Addition.txt 2014-04-30 01:20 - 2014-04-30 01:17 - 00059999 _____ () C:\Users\Andriy\Downloads\FRST.txt 2014-04-30 01:20 - 2013-08-05 12:48 - 00002364 _____ () C:\Users\Andriy\Desktop\Google Chrome.lnk 2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log 2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable 2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe 2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt 2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt 2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe 2014-04-29 23:55 - 2013-09-30 09:55 - 00000000 ____D () C:\movies 2014-04-29 20:27 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy\AppData\Local\Packages 2014-04-28 09:08 - 2013-08-16 11:42 - 00000000 ____D () C:\Users\Andriy\AppData\Local\CrashDumps 2014-04-28 09:06 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-28 01:20 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-04-28 00:47 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-04-24 21:15 - 2014-03-21 08:58 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1983903431-3382947560-1226906540-1001 2014-04-24 21:15 - 2014-03-21 08:58 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1983903431-3382947560-1226906540-1001 2014-04-22 17:31 - 2013-10-08 17:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-04-22 17:31 - 2013-10-08 17:22 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-22 13:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-22 13:28 - 2013-10-29 14:28 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck 2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls 2014-04-22 07:00 - 2013-08-06 22:02 - 00502272 ___SH () C:\Users\Andriy\Desktop\Thumbs.db 2014-04-21 18:00 - 2014-04-20 06:54 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls 2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z 2014-04-19 11:20 - 2013-08-05 14:23 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-18 17:15 - 2013-08-10 18:03 - 00000000 ____D () C:\Users\Andriy\AppData\Local\SoulseekQt 2014-04-16 18:36 - 2013-08-05 12:22 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1983903431-3382947560-1226906540-1001 2014-04-14 20:14 - 2013-08-08 17:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\foobar2000 2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls 2014-04-07 23:51 - 2014-04-07 08:32 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx 2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx 2014-04-07 10:13 - 2013-08-05 12:47 - 00004092 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA 2014-04-07 10:13 - 2013-08-05 12:47 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core 2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-04-07 09:30 - 2013-03-17 20:19 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-04-07 09:30 - 2013-03-17 20:19 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-04-07 09:30 - 2013-03-17 20:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx 2014-04-03 09:51 - 2014-05-02 20:17 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-05-02 20:17 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-05-02 20:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Andriy\AppData\Local\Temp\BackupSetup.exe C:\Users\Andriy\AppData\Local\Temp\ffdshow.exe C:\Users\Andriy\AppData\Local\Temp\MatroskaSplitter.exe C:\Users\Andriy\AppData\Local\Temp\OfficeSetup.exe C:\Users\Andriy\AppData\Local\Temp\Quarantine.exe C:\Users\Andriy\AppData\Local\Temp\stubhelper.dll C:\Users\Andriy\AppData\Local\Temp\vcredist_x64_VS2008SP1.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 03:47 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Andriy at 2014-05-02 22:01:29
Running from C:\Users\Andriy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
3DataManager (HKLM-x32\...\3DataManager) (Version: 3.5 - 3DataManager)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D6CCB94-05E3-753A-5ED7-97495EA8AEFF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0918.260.3365 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2.5712 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.2.2114 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2110 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4528 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.5.5811 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivxToDVD 0.5.2b (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version: - filetypeadvisor.com)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Foto Paradies (HKLM-x32\...\{4FB9F8B3-1355-41FF-BD5E-5CB582B64A5D}}_is1) (Version: 3.5.0.3 - Foto Online Service GmbH)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - FreeCodecPack)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{92E8BC5B-6023-4846-8151-415351A4FAFF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Kolor Autopano Giga 3.0 (HKLM\...\AutopanoGiga3.0) (Version: V3.0.7 - Kolor)
Leisure Suit Larry's Greatest Hits and Misses! (HKLM-x32\...\GOGPACKLARRY16_is1) (Version: 2.1.0.17 - GOG.com)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4517.1005 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MJoy Radio (HKLM-x32\...\5AFE1F7DBA584035C1170C17976757D58047C692.1.5AFE1F7DBA584035C1170C17976757D58047C692.1) (Version: 2.1.0 - UNKNOWN)
MJoy Radio (x32 Version: 2.1.0 - UNKNOWN) Hidden
Mobiles Internet (HKLM-x32\...\Mobiles Internet) (Version: 21.005.18.01.75 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Opera Stable 20.0.1387.77 (HKLM-x32\...\Opera 20.0.1387.77) (Version: 20.0.1387.77 - Opera Software ASA)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roberta Williams' Phantasmagoria (HKLM-x32\...\GOGPACKPHANTASMAGORIA_is1) (Version: 2.0.0.14 - GOG.com)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tiny Media Player v1.0 (HKLM-x32\...\Tiny Media Player_is1) (Version: 1.0.0.0 - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 5.00 бета 8 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
Word Slinger (HKLM-x32\...\8617b280ce3d8581e46e17e0197f18ad) (Version: - Zylom)
Worlds of Ultima - The Savage Empire (HKLM-x32\...\GOGPACKWORLDSOFULTIMASAVAGE_is1) (Version: 2.0.0.26 - GOG.com)
==================== Restore Points =========================
24-04-2014 04:15:31 Windows Update
27-04-2014 22:32:00 Windows Update
01-05-2014 01:51:32 Windows Update
02-05-2014 17:34:47 Revo Uninstaller's restore point - a2zLyrics
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {156C3FEC-5D80-4A63-BC7A-989BE6A751B0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CD7158D-9BF2-447F-87B7-26AEC3971054} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {27310A1A-0975-415A-A4C3-2EF9819F48F6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {32E7541E-81D9-470F-AF41-64F7213E8C47} - System32\Tasks\HPCeeScheduleForAndriy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {42D71806-5811-4635-A2DF-68CE4808E653} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {44154D8E-8966-4403-8C01-B84D42CCAC5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {522AEA12-6797-4BC7-90B9-288F76808F8C} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {630EC78F-25B7-4233-9099-4ECA7E51B5C0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {65392A87-4A56-4746-81C1-F814B1F635A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1983903431-3382947560-1226906540-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {74BE0AE6-2E57-4CF0-AE3A-9FB52DD1AAD6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1983903431-3382947560-1226906540-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {77605241-1C5B-45D2-9602-80F1D807865F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8A1973BA-194F-40E0-949F-1CF2CFC8F18D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {92958352-B4DE-49A8-9A65-4A38AE8AADAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {A3C6218A-675F-402C-9F42-C5600AA91AA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A6BC4D73-C2F1-4B5A-8AF2-9CE635AD8C4C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8305ACF-7757-4ED0-8151-46A178F6F290} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {ADA35FE3-575C-444A-B495-DDC5AA214254} - \BitGuard No Task File <==== ATTENTION
Task: {B7E8E921-9CF8-4CBC-A0A9-3EE89D28287F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B95C31A5-A15A-4288-9C9D-C5FD254E9273} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-13] (filetypeadvisor.com )
Task: {C22010D1-1B2F-4AB7-A073-E11F7BA19C71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core.job => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA.job => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAndriy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-08-06 21:27 - 2013-08-06 21:26 - 00246112 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe
2013-08-05 13:24 - 2013-06-16 14:52 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-08-05 13:24 - 2013-06-09 23:09 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-08-05 13:24 - 2013-06-09 23:09 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-02-12 15:42 - 2014-02-12 15:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-14 13:06 - 2014-02-14 13:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-09-06 02:47 - 2012-09-06 02:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-08-05 17:52 - 2012-07-05 06:03 - 00343024 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe
2012-09-19 19:37 - 2012-09-19 19:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2014-01-03 18:39 - 2014-01-03 18:40 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-05 01:21 - 2012-09-05 01:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-18 03:58 - 2012-09-18 03:58 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-08-05 12:12 - 2013-08-05 12:12 - 00120224 _____ () C:\Users\Andriy\AppData\Local\assembly\dl3\5W7W1YB6.RD7\37E3VZZ9.7XJ\5992da9a\004b58b8_95a8cd01\HPItunesModule.DLL
2014-03-13 11:53 - 2014-03-12 13:40 - 01380192 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe
2013-08-06 21:27 - 2013-08-06 21:26 - 00011362 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\mingwm10.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00043008 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 02415104 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtCore4.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 01148416 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtNetwork4.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00384512 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QueryStrategy.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00398336 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtXml4.dll
2014-03-20 09:52 - 2014-03-20 09:52 - 00867928 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2013-03-17 20:09 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-08-05 13:24 - 2013-08-05 13:24 - 00313000 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-08-05 13:24 - 2013-08-05 13:24 - 00358056 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00079624 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00363784 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-09-24 15:27 - 2012-09-24 15:27 - 00335176 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 18:28 - 2012-05-02 18:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2014-02-19 16:10 - 2014-02-19 16:10 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\766c9d1f5aedd3f4c133f9df5db8743e\PSIClient.ni.dll
2013-03-17 19:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\libglesv2.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\libegl.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8088.27 MB
Available physical RAM: 5964.74 MB
Total Pagefile: 16280.27 MB
Available Pagefile: 14015.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:680.61 GB) (Free:410.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.25 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Mobiles Internet) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 93E9A6FB)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter # AdwCleaner v3.205 - Bericht erstellt am 02/05/2014 um 21:32:36
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Andriy - MYNEWHP
# Gestartet von : C:\Users\Andriy\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : BackupStack
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Andriy\.android
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Andriy\AppData\LocalLow\buenosearch LTD
Ordner Gelöscht : C:\Users\Andriy\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Andriy\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Andriy\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Datei Gelöscht : C:\Users\Andriy\daemonprocess.txt
Datei Gelöscht : C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Andriy\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gelöscht : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Datei Gelöscht : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Andriy\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Andriy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\d55dad9b53eb844
Schlüssel Gelöscht : HKLM\SOFTWARE\d55dad9b53eb844
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414468}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Google Chrome v
[ Datei : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&SSPV=
Gelöscht [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
Gelöscht [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Gelöscht [Extension] : ifohbjbgfchkkfhphahclmkpgejiplfo
Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
*************************
AdwCleaner[R0].txt - [7906 octets] - [02/05/2014 21:30:53]
AdwCleaner[S0].txt - [6216 octets] - [02/05/2014 21:32:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6276 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Andriy on 02.05.2014 at 21:43:13,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1983903431-3382947560-1226906540-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\a2zlyrics
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1983903431-3382947560-1226906540-1001\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\bitguard"
Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Andriy\appdata\local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.05.2014 at 21:58:18,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.05.2014 Suchlauf-Zeit: 21:21:00 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.03.04.09 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Andriy Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 238409 Verstrichene Zeit: 54 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) |
|
04.05.2014, 07:22
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in TextenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten |
| automatisch, computer, dasselbe, doppel, doppelt, fenster, gmer, interne, internet, links, maus, neues, nutze, offline, opera, pop-up, pop-ups, problem, recht, seite, seiten, texte, werbung, windows, windows 8, würde, öffnet |
Linear-Darstellung
