| |
| |||||||
Log-Analyse und Auswertung: DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.09.2014, 17:24
| #1 |
 |  DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen Guten Tag alle zusammen, ich habe seit längerer Zeit beim Hochfahren des LapTops komische Meldungen von DLL-Datei erhalten. Ich habe gegoogelt und es hieße, ich solle das Programm "Reimage" herunterladen, was ich demnach auch gemacht habe. Allerdings hat es mich nicht weitergebracht, da es kostenpflichtig ist, sondern es hat mich in noch größere Schwierigkeiten gebracht. Es kam nun immer die Meldung im Browser (Opera) von GenesisOffers. Da ich wirklich mich null mit solchen Sachen auskenne, habe ich auch danach gegoolelt und bin auf SpyHunter reingefallen. Nun habe ich sehr viel gemacht und es hat mir nichts gebracht, sondern nur noch immer wieder schlimmer gemacht. Letztendlich habe ich aufgegeben und suche verzweifelt nach Hilfe  Ich freue mich über jede Art von Rückmeldungen, die mich weiterbringen könnten. Vielen Dank für Verständis, Sabrina |
|
14.09.2014, 18:17
| #2 |
| /// the machine /// TB-Ausbilder    |  DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.09.2014, 19:53
| #3 |
| | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinenFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Kristina (administrator) on KRISTINA-PC on 15-09-2014 20:45:02
Running from C:\Users\Kristina\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(hxxp://yourfiledownloader.net) C:\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
() C:\Program Files (x86)\Universal Updater\UpdaterService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(cake bake) C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
() C:\Users\Kristina\AppData\Local\mbot_de_70\upmbot_de_70.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIVE.EXE
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Spotify Ltd) C:\Users\Kristina\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Kristina\AppData\Roaming\InetStat\inetstat.exe
() C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Users\Kristina\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
(Dropbox, Inc.) C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Local Weather LLC) C:\Users\Kristina\AppData\Local\WeatherAlerts\WeatherAlerts.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Salus\Salus.exe
() C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Mail.Ru) C:\Users\Kristina\AppData\Local\Mail.Ru\MailRuUpdater.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] => C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DTRun] => C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-09-13] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [Salus] => C:\Program Files (x86)\Salus\Salus.exe [981808 2014-09-05] ()
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [upmbot_de_70.exe] => C:\Users\Kristina\AppData\Local\mbot_de_70\upmbot_de_70.exe [3305464 2014-09-11] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Kristina\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Kristina\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [Spotify] => C:\Users\Kristina\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-09-14] (Spotify Ltd)
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [Spotify Web Helper] => C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-14] (Spotify Ltd)
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Kristina\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [eTranslator Update] => C:\Users\Kristina\AppData\Roaming\eTranslator\eTranslator.exe [2895800 2014-09-14] ()
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [InetStat] => C:\Users\Kristina\AppData\Roaming\InetStat\inetstat.exe [700430 2014-09-14] ()
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [PopUpStopperFreeEdition] => C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe [536576 2005-03-17] (Panicware, Inc.)
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [amigo] => C:\Users\Kristina\AppData\Local\Amigo\Application\amigo.exe [1112096 2014-08-15] ()
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [MailRuUpdater] => C:\Users\Kristina\AppData\Local\Mail.Ru\MailRuUpdater.exe [6204136 2014-08-20] (Mail.Ru)
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\MountPoints2: {4a10a407-9d28-11e3-a803-e4115b2d5118} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\MountPoints2: {724d7847-4de7-11e2-86fe-806e6f6e6963} - D:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Kristina\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\Kristina\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=openpr2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D0832545831CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://isearch.babylon.com/?babsrc=HP_ss_Btisdt5&mntrId=BAFB20107AF8A44E&affID=119357&tt=300613_hol&tsp=4930
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1410688861&from=cor&uid=TOSHIBAXMK3261GSYN_Y24BC49PTXXY24BC49PT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1410688861&from=cor&uid=TOSHIBAXMK3261GSYN_Y24BC49PTXXY24BC49PT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1410688861&from=cor&uid=TOSHIBAXMK3261GSYN_Y24BC49PTXXY24BC49PT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1410688861&from=cor&uid=TOSHIBAXMK3261GSYN_Y24BC49PTXXY24BC49PT&q={searchTerms}
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Users\Kristina\AppData\LocalLow\uTorrentControl_v2\prxtbuTo2.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1410688861&from=cor&uid=TOSHIBAXMK3261GSYN_Y24BC49PTXXY24BC49PT
SearchScopes: HKLM-x32 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKCU - DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=openpr2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB350DFC5-529A-4D2F-B820-1F94AA5C33DE&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=BAFB20107AF8A44E&affID=119357&tt=300613_hol&tsp=4930
SearchScopes: HKCU - {27F3ACCF-4486-405B-BFAB-1D141135B5F4} URL = hxxp://www.search.ask.com/web?p2=%5EB7J%5EYYYYYY%5EYY%5EDE&gct=&itbv=12.6.0.1638&o=APN11289&tpid=CME-V7&apn_uid=397A6D6A-AFDA-4DB5-A279-D174B71AA51E&apn_ptnrs=%5EB7J&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_dbr=Opera.exe_0_12.16.1860.0&doi=2013-10-16&trgb=IE&q={searchTerms}&psv=barid%253D150867065141850069896285023847555354904%2526cargo%253DCME%252DV7%2526spr%253Da%2526did%253D10716%2526ppd%253D
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={014FF14D-0D75-4A4D-8222-6D0446B11E59}&mid=38eee4ce43f947d0a11335581dc9b8eb-5da7d31bd3db059417bf3fc6113cfd95ec7e4d52&lang=en&ds=AVG&pr=fr&d=2013-08-27 14:49:29&v=17.1.2.1&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=openpr2
BHO: Ask Toolbar -> {434D452D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CME-V7\Passport_x64.dll (APN LLC.)
BHO: BlockAndSurf -> {6585232B-6BBD-0BD4-B1BB-66EAE0DEBE27} -> C:\Program Files (x86)\ver1BlockAndSurf\178_x64.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Plus-HD-2.3 -> {11111111-1111-1111-1111-110311341126} -> C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
BHO-x32: Ask Toolbar -> {434D452D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CME-V7\Passport.dll (APN LLC.)
BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Users\Kristina\AppData\LocalLow\uTorrentControl_v2\prxtbuTo2.dll (ClientConnect Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVdowloads -> {84C9B457-C48F-46CC-90C0-5A310C64108A} -> C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll (Audio and video downloads)
BHO-x32: MailRuBHO Class -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: holasearch Helper Object -> {DFF9B2DA-EF99-4B26-83CB-7058299999D8} -> C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\bh\holasearch.dll (holasearch.com)
Toolbar: HKLM - Ask Toolbar - {434D452D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CME-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Users\Kristina\AppData\LocalLow\uTorrentControl_v2\prxtbuTo2.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Holasearch Toolbar - {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - C:\Program Files (x86)\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll (holasearch.com)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
Toolbar: HKLM-x32 - Ask Toolbar - {434D452D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CME-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Hosts: 74.208.10.249 gs.apple.com
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default
FF DefaultSearchEngine: Поиск@Mail.Ru
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxp://mail.ru/cnt/10445?gp=openpr2
FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\user.js
FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.3 - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com [2014-08-08]
FF Extension: Plus-HD-2.3c - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\92f62b97-e4e9-4505-ab9d-bd29c855bdfe@gmail.com [2014-09-14]
FF Extension: Cliqz Beta - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\cliqz@cliqz.com [2014-09-15]
FF Extension: Переводчик для FireFox - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\info4@etranslator.pro [2014-09-14]
FF Extension: Аудио и видео скачивание - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\avdownloader-sk17@sk-sdk.com.xpi [2014-09-14]
FF Extension: Adblock Plus - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-14]
FF HKCU\...\Firefox\Extensions: [{644BE2B3-0CA6-0E79-C394-5C27BEBC4FEB}] - C:\Program Files (x86)\ver1BlockAndSurf\178.xpi
FF Extension: No Name - C:\Program Files (x86)\ver1BlockAndSurf\178.xpi [2014-09-14]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Kristina\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Kristina\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [fagpjgjmoaccgkkpjeoinehnoaimnbla] - C:\Users\Kristina\AppData\Roaming\BabSolution\CR\hola.crx [2013-07-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nmghlnjjldbehnfaejmbpophglopclgn] - C:\Program Files (x86)\Аудио и видео скачивание\avdownloader-sk.crx [2014-09-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-14] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2012-12-24] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2012-12-24] (Macrovision Europe Ltd.) [File not signed]
R2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 UniversalUpdater; C:\Program Files (x86)\Universal Updater\UpdaterService.exe [607024 2014-08-28] ()
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R2 WebCake Desktop Updater; C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe [51992 2013-08-15] (cake bake)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-14] (Fuyu LIMITED) [File not signed]
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-09] (Hewlett-Packard Company)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-25] (DT Soft Ltd)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R1 Salus; C:\Windows\System32\drivers\Salus.sys [47408 2014-09-05] (Windows (R) Win 7 DDK provider)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2611704 2011-01-12] (Sunplus Technology)
R2 webinstr; C:\Windows\system32\Drivers\webinstr.sys [58040 2014-09-14] (Corsica)
S3 cpuz134; \??\C:\Users\Kristina\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 20:45 - 2014-09-15 20:47 - 00034201 _____ () C:\Users\Kristina\Downloads\FRST.txt
2014-09-15 20:44 - 2014-09-15 20:45 - 00000000 ____D () C:\FRST
2014-09-15 20:43 - 2014-09-15 20:43 - 02105856 _____ (Farbar) C:\Users\Kristina\Downloads\FRST64.exe
2014-09-15 20:43 - 2014-09-15 20:43 - 00000000 ____D () C:\Users\Kristina\Desktop\Antiviren
2014-09-15 00:42 - 2014-09-15 00:42 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410734508
2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Opera Software
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Abelssoft
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Opera Software
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-15 00:41 - 2014-09-15 00:43 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Abelssoft
2014-09-15 00:40 - 2014-09-15 00:40 - 00001468 _____ () C:\Users\Kristina\Desktop\Goodgame Empire.lnk
2014-09-15 00:40 - 2014-09-15 00:40 - 00001050 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\DesktopIconGoodgame
2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-15 00:40 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-09-15 00:40 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-09-15 00:39 - 2014-09-15 00:39 - 01101648 _____ () C:\Users\Kristina\Downloads\Opera - CHIP-Installer.exe
2014-09-15 00:35 - 2014-09-15 00:35 - 00868504 _____ (Opera Software) C:\Users\Kristina\Downloads\Opera_NI_stable.exe
2014-09-14 20:26 - 2014-09-14 20:47 - 00000000 ____D () C:\Users\Kristina\AppData\Local\FreeFixer
2014-09-14 20:26 - 2014-09-14 20:26 - 02602023 _____ (Kephyr) C:\Users\Kristina\Downloads\freefixersetup.exe
2014-09-14 20:26 - 2014-09-14 20:26 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\FreeFixer
2014-09-14 20:26 - 2014-09-14 20:26 - 00000000 ____D () C:\Program Files\FreeFixer
2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk
2014-09-14 18:00 - 2014-09-14 18:00 - 00000000 ____D () C:\Users\Kristina\AppData\Local\MailRu
2014-09-14 17:38 - 2014-09-14 17:38 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-09-14 17:37 - 2014-09-14 17:48 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 _____ () C:\autoexec.bat
2014-09-14 17:04 - 2014-09-14 17:38 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-14 16:43 - 2014-09-14 16:43 - 00001144 _____ () C:\Users\Kristina\Desktop\Pop-Up Stopper Free Edition.lnk
2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panicware
2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Panicware
2014-09-14 14:14 - 2014-09-14 14:14 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apps\2.0
2014-09-14 12:59 - 2014-09-14 12:59 - 00000687 _____ () C:\awhE33D.tmp
2014-09-14 12:56 - 2014-09-15 20:31 - 00000000 ____D () C:\Users\Kristina\AppData\Local\WeatherAlerts
2014-09-14 12:56 - 2014-09-14 18:03 - 00000000 ____D () C:\Program Files (x86)\MiniGet
2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\MiniGet
2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Local_Weather_LLC
2014-09-14 12:54 - 2014-09-15 20:39 - 00000378 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-14 12:54 - 2014-09-15 20:33 - 00000000 ____D () C:\Users\Kristina\AppData\Local\mbot_de_70
2014-09-14 12:54 - 2014-09-14 16:38 - 00000000 ____D () C:\Program Files (x86)\Universal Updater
2014-09-14 12:54 - 2014-09-14 14:07 - 00000000 ____D () C:\Program Files (x86)\Salus
2014-09-14 12:54 - 2014-09-14 13:34 - 00000000 ____D () C:\Users\Kristina\AppData\Local\4718
2014-09-14 12:54 - 2014-09-14 13:34 - 00000000 ____D () C:\Program Files (x86)\mbot_de_70
2014-09-14 12:54 - 2014-09-14 12:54 - 00003428 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-09-14 12:54 - 2014-09-14 12:54 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-14 12:54 - 2014-09-14 12:54 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\InetStat
2014-09-14 12:54 - 2014-09-14 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-09-14 12:49 - 2014-09-15 14:25 - 00000430 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-09-14 12:49 - 2014-09-14 17:10 - 00000000 ____D () C:\Program Files (x86)\ver1BlockAndSurf
2014-09-14 12:49 - 2014-09-14 17:00 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\VOPackage
2014-09-14 12:49 - 2014-09-14 12:49 - 00003084 _____ () C:\Windows\System32\Tasks\BlockAndSurf Update
2014-09-14 12:49 - 2014-09-14 12:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-14 12:49 - 2014-09-14 12:49 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-09-14 12:49 - 2014-09-14 12:48 - 00058040 _____ (Corsica) C:\Windows\system32\Drivers\webinstr.sys
2014-09-14 12:48 - 2014-09-14 17:01 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloaderUpdater
2014-09-14 12:48 - 2014-09-14 17:00 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Genesis_09141048
2014-09-14 12:48 - 2014-09-14 12:48 - 00003160 _____ () C:\Windows\System32\Tasks\Update Service YourFileDownloader
2014-09-14 12:48 - 2014-09-14 12:48 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-14 12:48 - 2014-09-14 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader
2014-09-14 12:48 - 2014-09-14 12:48 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader
2014-09-14 12:20 - 2014-09-15 15:01 - 00000282 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-09-14 12:20 - 2014-09-14 12:27 - 00000290 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-09-14 12:20 - 2014-09-14 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-09-14 12:20 - 2014-09-14 12:20 - 00003044 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-09-14 12:20 - 2014-09-14 12:20 - 00002888 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-09-14 12:20 - 2014-09-14 12:20 - 00001050 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-09-14 12:20 - 2014-09-14 12:20 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-09-14 12:17 - 2014-09-14 12:24 - 00000000 ____D () C:\sitenav
2014-09-14 12:14 - 2014-09-14 12:14 - 00003172 _____ () C:\Windows\System32\Tasks\{E894B150-7AF5-4F7D-93B1-3F6683EF799A}
2014-09-14 12:13 - 2014-09-14 12:14 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\eTranslator
2014-09-14 12:12 - 2014-09-14 12:12 - 00000000 ____D () C:\Program Files (x86)\Аудио и видео скачивание
2014-09-14 12:01 - 2014-09-15 20:01 - 00000304 _____ () C:\Windows\Tasks\PennyBee.job
2014-09-14 12:01 - 2014-09-14 12:20 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Systweak
2014-09-14 12:01 - 2014-09-14 12:01 - 00003320 _____ () C:\Windows\System32\Tasks\ASP
2014-09-14 12:01 - 2014-09-14 12:01 - 00003256 _____ () C:\Windows\System32\Tasks\PennyBee
2014-09-14 12:01 - 2014-09-14 12:01 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-14 12:00 - 2014-09-15 14:27 - 00000000 ____D () C:\Program Files (x86)\PennyBee
2014-09-14 12:00 - 2014-09-14 12:00 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\PennyBee
2014-09-14 12:00 - 2014-09-14 11:59 - 00853960 _____ (Reimage®) C:\Users\Kristina\Downloads\ReimageRepair [1].exe
2014-09-14 12:00 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-09-14 11:38 - 2014-09-14 11:40 - 00000156 _____ () C:\Windows\Reimage.ini
2014-09-14 10:42 - 2014-09-14 10:42 - 00111104 _____ () C:\Windows\SysWOW64\installd.exe
2014-09-14 10:41 - 2014-09-14 10:41 - 00246784 _____ () C:\Windows\SysWOW64\hfpapi.dll
2014-09-14 10:41 - 2014-09-14 10:41 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2014-09-14 00:11 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 00:11 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 00:11 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 00:11 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 00:11 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 00:11 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 00:11 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 00:11 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 00:11 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 00:11 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 00:11 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 00:11 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 00:11 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 00:11 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 00:11 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 00:11 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 00:11 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 00:11 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 00:11 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 00:11 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 00:11 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 00:11 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 00:11 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 00:11 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 00:11 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 00:11 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 00:11 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 00:11 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 00:11 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 00:11 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 00:11 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 00:11 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 00:11 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 00:11 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-14 00:11 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 00:11 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 00:11 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 00:11 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 00:11 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 00:11 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 00:11 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 00:11 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 00:11 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 00:11 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 00:11 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 00:11 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 00:11 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 00:11 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 00:11 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 00:11 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 00:11 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 00:11 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 00:11 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 00:11 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 00:11 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 00:11 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 23:49 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 23:49 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 22:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-13 22:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-13 22:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-13 22:31 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-13 22:31 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-13 22:31 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-13 22:31 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-13 22:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-13 22:31 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-13 22:31 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-13 22:31 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-13 22:31 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-13 22:30 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-13 22:30 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-05 16:14 - 2014-09-05 16:14 - 00047408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\salus.sys
2014-08-21 13:49 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 13:49 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 13:49 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 13:49 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 13:49 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 13:49 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 13:49 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 13:49 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 13:49 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 13:49 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 13:48 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 13:48 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 13:48 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 13:48 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-16 12:47 - 2014-08-16 12:47 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-08-16 03:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 03:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 01:56 - 2014-08-16 01:56 - 00003584 _____ () C:\Users\Kristina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 20:47 - 2014-09-15 20:45 - 00034201 _____ () C:\Users\Kristina\Downloads\FRST.txt
2014-09-15 20:46 - 2012-12-24 19:06 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Skype
2014-09-15 20:45 - 2014-09-15 20:44 - 00000000 ____D () C:\FRST
2014-09-15 20:43 - 2014-09-15 20:43 - 02105856 _____ (Farbar) C:\Users\Kristina\Downloads\FRST64.exe
2014-09-15 20:43 - 2014-09-15 20:43 - 00000000 ____D () C:\Users\Kristina\Desktop\Antiviren
2014-09-15 20:39 - 2014-09-14 12:54 - 00000378 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-15 20:33 - 2014-09-14 12:54 - 00000000 ____D () C:\Users\Kristina\AppData\Local\mbot_de_70
2014-09-15 20:31 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\WeatherAlerts
2014-09-15 20:26 - 2013-05-13 14:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Mail.Ru
2014-09-15 20:13 - 2014-02-02 01:10 - 00000304 _____ () C:\Windows\Tasks\Digital Sites.job
2014-09-15 20:10 - 2013-04-30 17:26 - 00000298 _____ () C:\Windows\Tasks\DSite.job
2014-09-15 20:01 - 2014-09-14 12:01 - 00000304 _____ () C:\Windows\Tasks\PennyBee.job
2014-09-15 20:00 - 2012-12-29 00:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 18:05 - 2013-07-01 12:05 - 00001910 _____ () C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2014-09-15 18:05 - 2013-07-01 12:05 - 00001836 _____ () C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2014-09-15 18:05 - 2013-07-01 12:05 - 00001204 _____ () C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2014-09-15 18:05 - 2013-07-01 12:05 - 00001200 _____ () C:\Windows\Tasks\Plus-HD-2.3-updater.job
2014-09-15 18:05 - 2013-07-01 12:05 - 00001104 _____ () C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2014-09-15 17:38 - 2012-12-24 18:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-15 15:44 - 2013-01-01 18:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-15 15:42 - 2014-05-16 13:01 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Spotify
2014-09-15 15:01 - 2014-09-14 12:20 - 00000282 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-09-15 14:41 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 14:41 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 14:37 - 2012-12-24 18:35 - 02020874 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 14:27 - 2014-09-14 12:00 - 00000000 ____D () C:\Program Files (x86)\PennyBee
2014-09-15 14:27 - 2013-11-11 18:10 - 00000000 ___RD () C:\Users\Kristina\Dropbox
2014-09-15 14:27 - 2013-11-11 18:04 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Dropbox
2014-09-15 14:26 - 2014-05-16 13:02 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Spotify
2014-09-15 14:26 - 2012-12-24 17:58 - 00111336 _____ () C:\Users\Kristina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-15 14:25 - 2014-09-14 12:49 - 00000430 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-09-15 14:25 - 2013-12-08 18:08 - 00000000 ____D () C:\Users\Kristina\AppData\Local\TBHostSupport
2014-09-15 14:25 - 2012-12-24 18:26 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-15 14:24 - 2013-06-03 05:30 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-09-15 14:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 14:24 - 2009-07-14 06:51 - 00058896 _____ () C:\Windows\setupact.log
2014-09-15 14:24 - 2009-07-14 06:45 - 00412376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-15 01:34 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-15 00:43 - 2014-09-15 00:41 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Abelssoft
2014-09-15 00:42 - 2014-09-15 00:42 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410734508
2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Opera Software
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Abelssoft
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Opera Software
2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-15 00:42 - 2012-12-24 19:03 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-15 00:40 - 2014-09-15 00:40 - 00001468 _____ () C:\Users\Kristina\Desktop\Goodgame Empire.lnk
2014-09-15 00:40 - 2014-09-15 00:40 - 00001050 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\DesktopIconGoodgame
2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-15 00:39 - 2014-09-15 00:39 - 01101648 _____ () C:\Users\Kristina\Downloads\Opera - CHIP-Installer.exe
2014-09-15 00:35 - 2014-09-15 00:35 - 00868504 _____ (Opera Software) C:\Users\Kristina\Downloads\Opera_NI_stable.exe
2014-09-15 00:34 - 2013-07-27 00:10 - 00000094 _____ () C:\Users\Kristina\AppData\Roaming\WB.CFG
2014-09-14 20:47 - 2014-09-14 20:26 - 00000000 ____D () C:\Users\Kristina\AppData\Local\FreeFixer
2014-09-14 20:26 - 2014-09-14 20:26 - 02602023 _____ (Kephyr) C:\Users\Kristina\Downloads\freefixersetup.exe
2014-09-14 20:26 - 2014-09-14 20:26 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\FreeFixer
2014-09-14 20:26 - 2014-09-14 20:26 - 00000000 ____D () C:\Program Files\FreeFixer
2014-09-14 20:19 - 2012-12-27 12:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-14 20:18 - 2012-12-27 12:11 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Google
2014-09-14 20:01 - 2013-07-22 11:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 19:55 - 2012-12-24 19:03 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Opera
2014-09-14 19:54 - 2012-12-24 19:17 - 00000000 ___RD () C:\Users\Kristina\Desktop\Programms
2014-09-14 19:54 - 2012-12-24 19:03 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Opera
2014-09-14 19:45 - 2013-10-22 14:34 - 00000000 ____D () C:\Users\Kristina\Desktop\Uni
2014-09-14 18:03 - 2014-09-14 12:56 - 00000000 ____D () C:\Program Files (x86)\MiniGet
2014-09-14 18:01 - 2014-03-16 20:48 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Amigo
2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk
2014-09-14 18:00 - 2014-09-14 18:00 - 00000000 ____D () C:\Users\Kristina\AppData\Local\MailRu
2014-09-14 18:00 - 2014-03-16 20:48 - 00002258 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk
2014-09-14 17:48 - 2014-09-14 17:37 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-09-14 17:44 - 2014-06-17 00:36 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-14 17:44 - 2014-06-17 00:36 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-14 17:44 - 2012-12-24 17:42 - 00001413 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-14 17:38 - 2014-09-14 17:38 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-09-14 17:38 - 2014-09-14 17:04 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-14 17:10 - 2014-09-14 12:49 - 00000000 ____D () C:\Program Files (x86)\ver1BlockAndSurf
2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 _____ () C:\autoexec.bat
2014-09-14 17:01 - 2014-09-14 12:48 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloaderUpdater
2014-09-14 17:00 - 2014-09-14 12:49 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\VOPackage
2014-09-14 17:00 - 2014-09-14 12:48 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Genesis_09141048
2014-09-14 16:43 - 2014-09-14 16:43 - 00001144 _____ () C:\Users\Kristina\Desktop\Pop-Up Stopper Free Edition.lnk
2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panicware
2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Panicware
2014-09-14 16:38 - 2014-09-14 12:54 - 00000000 ____D () C:\Program Files (x86)\Universal Updater
2014-09-14 15:38 - 2013-08-11 17:57 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Betcat
2014-09-14 14:14 - 2014-09-14 14:14 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apps\2.0
2014-09-14 14:07 - 2014-09-14 12:54 - 00000000 ____D () C:\Program Files (x86)\Salus
2014-09-14 13:34 - 2014-09-14 12:54 - 00000000 ____D () C:\Users\Kristina\AppData\Local\4718
2014-09-14 13:34 - 2014-09-14 12:54 - 00000000 ____D () C:\Program Files (x86)\mbot_de_70
2014-09-14 12:59 - 2014-09-14 12:59 - 00000687 _____ () C:\awhE33D.tmp
2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\MiniGet
2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Local_Weather_LLC
2014-09-14 12:54 - 2014-09-14 12:54 - 00003428 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-09-14 12:54 - 2014-09-14 12:54 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-14 12:54 - 2014-09-14 12:54 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\InetStat
2014-09-14 12:54 - 2014-09-14 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-09-14 12:49 - 2014-09-14 12:49 - 00003084 _____ () C:\Windows\System32\Tasks\BlockAndSurf Update
2014-09-14 12:49 - 2014-09-14 12:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-14 12:49 - 2014-09-14 12:49 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-09-14 12:48 - 2014-09-14 12:49 - 00058040 _____ (Corsica) C:\Windows\system32\Drivers\webinstr.sys
2014-09-14 12:48 - 2014-09-14 12:48 - 00003160 _____ () C:\Windows\System32\Tasks\Update Service YourFileDownloader
2014-09-14 12:48 - 2014-09-14 12:48 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-14 12:48 - 2014-09-14 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader
2014-09-14 12:48 - 2014-09-14 12:48 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader
2014-09-14 12:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-14 12:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-14 12:27 - 2014-09-14 12:20 - 00000290 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-09-14 12:27 - 2012-12-24 18:16 - 00415792 _____ () C:\Windows\PFRO.log
2014-09-14 12:24 - 2014-09-14 12:17 - 00000000 ____D () C:\sitenav
2014-09-14 12:23 - 2013-08-13 12:57 - 00000000 ____D () C:\Program Files (x86)\Betcat
2014-09-14 12:21 - 2014-09-14 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-09-14 12:20 - 2014-09-14 12:20 - 00003044 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-09-14 12:20 - 2014-09-14 12:20 - 00002888 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-09-14 12:20 - 2014-09-14 12:20 - 00001050 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-09-14 12:20 - 2014-09-14 12:20 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-09-14 12:20 - 2014-09-14 12:01 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Systweak
2014-09-14 12:14 - 2014-09-14 12:14 - 00003172 _____ () C:\Windows\System32\Tasks\{E894B150-7AF5-4F7D-93B1-3F6683EF799A}
2014-09-14 12:14 - 2014-09-14 12:13 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\eTranslator
2014-09-14 12:12 - 2014-09-14 12:12 - 00000000 ____D () C:\Program Files (x86)\Аудио и видео скачивание
2014-09-14 12:01 - 2014-09-14 12:01 - 00003320 _____ () C:\Windows\System32\Tasks\ASP
2014-09-14 12:01 - 2014-09-14 12:01 - 00003256 _____ () C:\Windows\System32\Tasks\PennyBee
2014-09-14 12:01 - 2014-09-14 12:01 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-14 12:00 - 2014-09-14 12:00 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\PennyBee
2014-09-14 11:59 - 2014-09-14 12:00 - 00853960 _____ (Reimage®) C:\Users\Kristina\Downloads\ReimageRepair [1].exe
2014-09-14 11:40 - 2014-09-14 11:38 - 00000156 _____ () C:\Windows\Reimage.ini
2014-09-14 10:42 - 2014-09-14 10:42 - 00111104 _____ () C:\Windows\SysWOW64\installd.exe
2014-09-14 10:41 - 2014-09-14 10:41 - 00246784 _____ () C:\Windows\SysWOW64\hfpapi.dll
2014-09-14 10:41 - 2014-09-14 10:41 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2014-09-14 00:00 - 2012-12-29 00:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-14 00:00 - 2012-12-29 00:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-14 00:00 - 2012-12-29 00:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-13 23:50 - 2013-01-08 00:08 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 23:48 - 2014-05-01 14:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-13 22:05 - 2013-08-27 14:49 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-09-05 16:14 - 2014-09-05 16:14 - 00047408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\salus.sys
2014-09-05 04:10 - 2014-09-13 22:30 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-13 22:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-23 04:07 - 2014-09-13 22:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-09-13 22:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-09-13 22:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 21:36 - 2014-06-26 13:26 - 00000000 ____D () C:\Users\Kristina\Desktop\WiW
2014-08-19 20:05 - 2014-09-14 00:11 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-14 00:11 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-14 00:11 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-14 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-14 00:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-14 00:11 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-14 00:11 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-14 00:11 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-14 00:11 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-14 00:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-14 00:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-14 00:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-14 00:11 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-14 00:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-14 00:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-14 00:11 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-14 00:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-14 00:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-14 00:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-14 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-14 00:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-14 00:11 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-14 00:11 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-14 00:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-14 00:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-14 00:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-14 00:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-14 00:11 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-14 00:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-14 00:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-14 00:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-14 00:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-14 00:11 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-14 00:11 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-14 00:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-14 00:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-14 00:11 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-14 00:11 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-14 00:11 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-14 00:11 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-14 00:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-14 00:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-14 00:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-14 00:11 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-14 00:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-14 00:11 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-14 00:11 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-14 00:11 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-14 00:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-14 00:11 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-14 00:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-14 00:11 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-14 00:11 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-14 00:11 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-14 00:11 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-14 00:11 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 12:48 - 2013-11-10 13:29 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-08-16 12:47 - 2014-08-16 12:47 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-08-16 05:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 04:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 01:56 - 2014-08-16 01:56 - 00003584 _____ () C:\Users\Kristina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Kristina\AppData\Local\Temp\7za.exe
C:\Users\Kristina\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Kristina\AppData\Local\Temp\DIFxAPI.dll
C:\Users\Kristina\AppData\Local\Temp\DreamCastle.exe
C:\Users\Kristina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpywl0ib.dll
C:\Users\Kristina\AppData\Local\Temp\DV3nTTk6h8.exe
C:\Users\Kristina\AppData\Local\Temp\Extract.exe
C:\Users\Kristina\AppData\Local\Temp\htmlayout.dll
C:\Users\Kristina\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe
C:\Users\Kristina\AppData\Local\Temp\MailRuUpdater.exe
C:\Users\Kristina\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Kristina\AppData\Local\Temp\networkme1.exe
C:\Users\Kristina\AppData\Local\Temp\noWZusVZRJ.exe
C:\Users\Kristina\AppData\Local\Temp\nsc5FD3.exe
C:\Users\Kristina\AppData\Local\Temp\nsc996C.exe
C:\Users\Kristina\AppData\Local\Temp\nsm9517.exe
C:\Users\Kristina\AppData\Local\Temp\nsx62C1.exe
C:\Users\Kristina\AppData\Local\Temp\oi_{DD8B2708-A3D2-412F-B4DF-00F3F1CDA382}.exe
C:\Users\Kristina\AppData\Local\Temp\OperaBrowser-17.0.exe
C:\Users\Kristina\AppData\Local\Temp\post1.exe
C:\Users\Kristina\AppData\Local\Temp\post2.dll
C:\Users\Kristina\AppData\Local\Temp\post2.exe
C:\Users\Kristina\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Kristina\AppData\Local\Temp\ROKDyobUvOmp.exe
C:\Users\Kristina\AppData\Local\Temp\setupa2.exe
C:\Users\Kristina\AppData\Local\Temp\SetupAC.exe
C:\Users\Kristina\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Kristina\AppData\Local\Temp\SHSetup.exe
C:\Users\Kristina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kristina\AppData\Local\Temp\SP52407.exe
C:\Users\Kristina\AppData\Local\Temp\SP52641.exe
C:\Users\Kristina\AppData\Local\Temp\SP53513.exe
C:\Users\Kristina\AppData\Local\Temp\SP53546.exe
C:\Users\Kristina\AppData\Local\Temp\SP54615.exe
C:\Users\Kristina\AppData\Local\Temp\SP54922.exe
C:\Users\Kristina\AppData\Local\Temp\SP55182.exe
C:\Users\Kristina\AppData\Local\Temp\SP56282.exe
C:\Users\Kristina\AppData\Local\Temp\SP57014.exe
C:\Users\Kristina\AppData\Local\Temp\SP57498.exe
C:\Users\Kristina\AppData\Local\Temp\SP57555.exe
C:\Users\Kristina\AppData\Local\Temp\SP57556.exe
C:\Users\Kristina\AppData\Local\Temp\SP57879.exe
C:\Users\Kristina\AppData\Local\Temp\SP58647.exe
C:\Users\Kristina\AppData\Local\Temp\SP58930.exe
C:\Users\Kristina\AppData\Local\Temp\SP59043.exe
C:\Users\Kristina\AppData\Local\Temp\SP59118.exe
C:\Users\Kristina\AppData\Local\Temp\SP59202.exe
C:\Users\Kristina\AppData\Local\Temp\SP59994.exe
C:\Users\Kristina\AppData\Local\Temp\SPSetup.exe
C:\Users\Kristina\AppData\Local\Temp\Sqlite3.dll
C:\Users\Kristina\AppData\Local\Temp\tbedrs.dll
C:\Users\Kristina\AppData\Local\Temp\uninst1.exe
C:\Users\Kristina\AppData\Local\Temp\Uninstall.exe
C:\Users\Kristina\AppData\Local\Temp\uttF90.tmp.exe
C:\Users\Kristina\AppData\Local\Temp\v2898966.70.exe
C:\Users\Kristina\AppData\Local\Temp\v2901072.838.exe
C:\Users\Kristina\AppData\Local\Temp\v2901197.482.exe
C:\Users\Kristina\AppData\Local\Temp\vp.exe
C:\Users\Kristina\AppData\Local\Temp\wajam_install.exe
C:\Users\Kristina\AppData\Local\Temp\YYZvFh1xPO.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 15:40
==================== End Of Log ============================
|
|
15.09.2014, 19:55
| #4 |
| | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinenCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Kristina at 2014-09-15 20:47:48
Running from C:\Users\Kristina\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Ãîòèêà II Çîëîòîå Èçäàíèå (HKLM-x32\...\Ãîòèêà II Çîëîòîå Èçäàíèå_is1) (Version: Ãîòèêà II Çîëîòîå Èçäàíèå - )
Amigo (HKCU\...\Amigo) (Version: 32.0.1705.153 - Mail.Ru)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Ask Toolbar (HKLM-x32\...\{434D452D-5637-006A-76A7-A758B70C0F00}) (Version: 12.15.0.175 - APN, LLC) <==== ATTENTION
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3955 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
BlockAndSurf (HKLM-x32\...\8857268B-8872-3007-D5E5-4EE686D90A97) (Version: - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carcassonne (HKLM-x32\...\{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}) (Version: - )
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.31 - Abelssoft)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
clicup (HKCU\...\clicup) (Version: 1.0 - Ad Businness Crown Solutions)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.1.0.1 - Hewlett-Packard Company)
Die Fisch-Oase (HKLM-x32\...\Die Fisch-Oase) (Version: 0.0.0.0 - INTENIUM GmbH)
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)
etranslator (HKLM-x32\...\etranslator) (Version: - etranslator)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy 3 Ice Age 1.00 (HKLM-x32\...\Farm Frenzy 3 Ice Age 1.00) (Version: - )
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
FreeFixer (HKLM-x32\...\FreeFixer1.11) (Version: 1.11 - Kephyr)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
hola Chrome Toolbar (HKLM-x32\...\hola Chrome Toolbar) (Version: - hola)
holasearch toolbar on IE (HKLM-x32\...\holasearch) (Version: 1.8.16.16 - holasearch) <==== ATTENTION
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{801EAD7A-7202-4BE4-84A1-299202AD17C0}) (Version: 2.0.7.1 - Hewlett-Packard Company)
HP HD Webcam [Fixed] (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.3.4.07 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Internet Sharing Manager (HKLM-x32\...\{6D5D9B6F-FA1C-4E19-A674-D7417D1EE61A}) (Version: 1.0.0.10 - Realtek)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.08.1017 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.08.1017 - Hewlett-Packard Company) Hidden
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}) (Version: 5.2.3.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{F4F3B985-9B21-4D67-B1B2-2829C5D392E8}) (Version: 2.4.2.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Image Editor Packages (HKCU\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Image Editor Packages 66 (HKCU\...\Image Editor Packages 66) (Version: - ) <==== ATTENTION
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKV File Player (HKLM-x32\...\{C2CDB6A0-9E2D-4E4E-8776-2D92F2F0FB3D}_is1) (Version: - mkvfileplayer.com)
Moonlight Match: Eine zauberhafte Nacht (HKLM-x32\...\Moonlight Match: Eine zauberhafte Nacht) (Version: 1.0.0.0 - INTENIUM GmbH)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyBestOffersToday 014.70 (HKLM-x32\...\mbot_de_70_is1) (Version: - MYBESTOFFERSTODAY)
Mystery Case Files Dire Grove Collectors Edition (Updated) 1.1.5 (HKLM-x32\...\Mystery Case Files Dire Grove Collectors Edition (Updated) 1.1.5) (Version: - )
Nightfall Mysteries Curse of the Opera (HKLM-x32\...\Nightfall Mysteries Curse of the Opera1.0) (Version: 1.0 - FishBone Games)
OffersWizard Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Opera Stable 24.0.1558.53 (HKLM-x32\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.64 - PDF Complete, Inc)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PennyBee (HKLM-x32\...\PennyBee) (Version: 1.0.3.0 - PennyBee)
PennyBeeUpdate (HKCU\...\PennyBee) (Version: - PennyBeeUpdate)
Phantasmat Crucible Peak Collectors 1.00 (HKLM-x32\...\Phantasmat Crucible Peak Collectors 1.00) (Version: 1.00 - Games)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plus-HD-2.3 (HKLM-x32\...\Plus-HD-2.3) (Version: 1.27.153.5 - Plus HD) <==== ATTENTION
Pop-Up Stopper Free Edition (HKLM-x32\...\Pop-Up Stopper Free Edition) (Version: 3.1.1014 - Panicware, Inc.)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
QtiPlot 0.9.8.9 (HKLM-x32\...\QtiPlot_is1) (Version: - Ion Vasilief)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
Realtek Motorola BC8 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.82.298 - Motorola Solutions, Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Röntgengerät (HKLM-x32\...\XRay) (Version: - LD DIDACTIC GmbH)
Salus (HKLM-x32\...\Salus) (Version: 1.0.4.9 - Salus)
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.9.62.1 - Conduit) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
SpectraLab (HKLM-x32\...\{19B68B91-3DB2-4B76-AEEC-E393FCB8B70B}) (Version: 1.13.5091 - LD DIDACTIC GmbH)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33 - Hewlett-Packard Company) Hidden
Update for Image Editor (HKCU\...\DSite) (Version: - ) <==== ATTENTION
Update Service YourFileDownloader (HKCU\...\Update Service YourFileDownloader) (Version: 2.14.37 - hxxp://www.yourfiledownloader.net) <==== ATTENTION
uTorrentControl_v2 Toolbar (HKLM-x32\...\uTorrentControl_v2 Toolbar) (Version: 6.9.0.16 - uTorrentControl_v2) <==== ATTENTION
Video Converter Packages (HKCU\...\Video Converter Packages) (Version: - ) <==== ATTENTION
VIP Access SDK x64(1.0.0.50) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YourFileDownloader (HKCU\...\YourFileDownloader) (Version: 2.14.37 - hxxp://www.yourfiledownloader.net) <==== ATTENTION
Аудио и видео скачивание (HKLM-x32\...\{28480FF5-A347-4C02-BEBD-FB8E306A49B0}_is1) (Version: - Аудио и видео скачивание)
Интернет (HKCU\...\Xpom) (Version: 28.0.1500.71 - Mail.Ru)
Служба автоматического обновления программ (HKCU\...\MailRuUpdater) (Version: - Mail.Ru)
Спутник@Mail.Ru (HKLM-x32\...\MailRuSputnik) (Version: 2.4.1.218 - Mail.Ru)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1710177085-3952504819-198495338-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1710177085-3952504819-198495338-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1710177085-3952504819-198495338-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1710177085-3952504819-198495338-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1710177085-3952504819-198495338-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1710177085-3952504819-198495338-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1710177085-3952504819-198495338-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1710177085-3952504819-198495338-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1710177085-3952504819-198495338-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
21-08-2014 11:47:57 Windows Update
13-09-2014 21:48:06 Windows Update
14-09-2014 10:05:25 RCP Sun, Sep 14, 14 12:05
14-09-2014 10:23:50 RegClean Pro So, Sep 14, 14 12:23
14-09-2014 15:05:03 Installed SpyHunter
14-09-2014 15:31:07 Removed SpyHunter
14-09-2014 15:32:33 Removed SpyHunter
14-09-2014 15:34:42 Removed SpyHunter
14-09-2014 15:37:34 Installed SpyHunter
14-09-2014 15:44:48 Removed SpyHunter
14-09-2014 15:45:14 Removed SpyHunter
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2013-08-08 19:57 - 00000852 ____N C:\Windows\system32\Drivers\etc\hosts
74.208.10.249 gs.apple.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {090AED69-4BB1-4BE6-B038-29DA45490AA2} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-07-01] (Plus HD)
Task: {1B6067DA-06DD-41D1-BAB8-BF3D09E681D5} - System32\Tasks\DSite => C:\Users\Kristina\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-07-01] () <==== ATTENTION
Task: {26B157AB-35AD-4EC7-90B1-B05EE4F8E534} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-09-02] (CHIP)
Task: {2A9398F0-D069-4E30-91A5-A766EB2BFCFE} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-01] (Plus HD)
Task: {348CF87E-710A-4859-B78D-8B57FE8F913F} - System32\Tasks\Update Service YourFileDownloader => C:\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe [2014-09-14] (hxxp://yourfiledownloader.net) <==== ATTENTION
Task: {3F51C26B-8DEA-4EC6-A528-59C8B6DFCC63} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{C96382BA-45C2-4D8A-8455-9FA7F416B2BC}.exe
Task: {415127C1-3C97-4FE2-B094-88FE9CDB3AC0} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver1BlockAndSurf\E3BlockAndSurft65.exe [2014-09-14] () <==== ATTENTION
Task: {49719E8A-17AF-4508-8F0B-BC6148240CB7} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe
Task: {4D13BBE6-A3B4-43D2-9190-942297320B46} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2011-11-18] (Microsoft Corporation)
Task: {503F46C1-264C-4A47-A069-06F8333D8756} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe
Task: {5D803EA2-6181-45F0-8E16-2C0343C9B915} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-09] (Hewlett-Packard Company)
Task: {63577186-6A1E-4CDF-96E1-D21708EF0CDD} - System32\Tasks\Opera scheduled Autoupdate 1410734508 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-27] (Opera Software)
Task: {66157474-359A-4EC3-AE74-C5062EF9900F} - System32\Tasks\PennyBee => C:\Users\Kristina\AppData\Roaming\PennyBee\UpdateProc\UpdateTask.exe [2014-09-11] ()
Task: {662537FC-DC15-4187-A0F4-3BD17159FD55} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-27] (Systweak Inc) <==== ATTENTION
Task: {67114C81-639E-4425-964C-256BA2CB6CB7} - System32\Tasks\AmiUpdXp => C:\Users\Kristina\AppData\Local\4718\a24151.exe <==== ATTENTION
Task: {6D2EB558-EC63-438A-BB38-60255B1A2C8C} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe
Task: {6D6DC220-DF99-4F94-BD60-0D06D6DF157A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-01-14] (Synaptics Incorporated)
Task: {76DA4B43-0A93-4829-84EE-D8DF0113C42F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated)
Task: {7CF03331-E133-4E57-8847-6B6C2C129026} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: {9D8BB379-A9D8-420A-B5DB-0DB4B72FE50E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-08-19] (Microsoft)
Task: {A8140119-F846-4058-BD28-E9267CD69FE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-09] (Hewlett-Packard Company)
Task: {A87BEA7D-A11F-471E-9016-7F07F2252034} - System32\Tasks\Digital Sites => C:\Users\Kristina\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {C214AAEF-EE71-45A2-A797-A9A40A28BE2E} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {DEE5A933-A391-4F90-A304-25EFAC9030B3} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-27] (Systweak Inc) <==== ATTENTION
Task: {EB7800C2-0745-4303-90D4-AFCAC4E3AD24} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Kristina\AppData\Local\4718\a24151.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{C96382BA-45C2-4D8A-8455-9FA7F416B2BC}.exe
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver1BlockAndSurf\E3BlockAndSurft65.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Kristina\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Kristina\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\Kristina\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-07-18 18:48 - 2011-07-18 18:48 - 00156216 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 13:04 - 2011-02-09 13:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-02-09 12:27 - 2011-02-09 12:27 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2014-09-14 12:48 - 2014-09-14 12:48 - 00104960 _____ () C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
2014-08-28 03:42 - 2014-08-28 03:42 - 00607024 _____ () C:\Program Files (x86)\Universal Updater\UpdaterService.exe
2014-08-11 23:44 - 2014-08-11 23:44 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-09-14 12:54 - 2014-09-11 12:43 - 03305464 _____ () C:\Users\Kristina\AppData\Local\mbot_de_70\upmbot_de_70.exe
2011-02-09 12:51 - 2011-02-09 12:51 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2012-12-24 18:08 - 2011-03-26 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-14 12:54 - 2014-09-14 12:54 - 00700430 _____ () C:\Users\Kristina\AppData\Roaming\InetStat\inetstat.exe
2010-11-26 13:31 - 2010-11-26 13:31 - 00267128 _____ () C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
2011-01-26 19:14 - 2011-01-26 19:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2014-02-25 19:00 - 2014-02-25 19:00 - 00550952 _____ () C:\Users\Kristina\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
2013-08-27 14:49 - 2014-09-13 22:05 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-09-05 16:14 - 2014-09-05 16:14 - 00981808 _____ () C:\Program Files (x86)\Salus\Salus.exe
2014-05-16 13:02 - 2014-09-14 11:15 - 00610872 _____ () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2011-01-26 19:13 - 2011-01-26 19:13 - 00080440 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-01-26 19:13 - 2011-01-26 19:13 - 00047160 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2012-12-24 17:56 - 2011-01-26 18:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-09-14 12:48 - 2014-09-14 12:48 - 00212992 _____ () C:\Program Files (x86)\ver1BlockAndSurf\178_x64.dll
2014-09-15 00:41 - 2014-08-27 11:07 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-11 23:44 - 2014-08-11 23:44 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-05-16 13:02 - 2014-09-14 11:15 - 36966968 _____ () C:\Users\Kristina\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-15 14:26 - 2014-09-15 14:26 - 00043008 _____ () c:\users\kristina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpywl0ib.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Kristina\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-04 10:25 - 2014-04-04 10:25 - 00102400 _____ () C:\Program Files (x86)\Salus\nfapi.dll
2014-06-05 06:41 - 2014-06-05 06:41 - 00331776 _____ () C:\Program Files (x86)\Salus\ProtocolFilters.dll
2014-07-21 10:27 - 2014-09-14 11:15 - 00867896 _____ () C:\Users\Kristina\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-05-16 13:02 - 2014-09-14 11:15 - 00886840 _____ () C:\Users\Kristina\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-05-16 13:02 - 2014-09-14 11:15 - 00108600 _____ () C:\Users\Kristina\AppData\Roaming\Spotify\Data\libegl.dll
2014-09-14 14:36 - 2014-09-14 14:36 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\60e3de33f3b7204f87483b97989a13b6\IsdiInterop.ni.dll
2012-12-24 18:07 - 2011-01-13 03:56 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-15 00:41 - 2014-08-27 11:07 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\libglesv2.dll
2014-09-15 00:41 - 2014-08-27 11:07 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\libegl.dll
2014-09-15 00:41 - 2014-08-27 11:07 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\ffmpegsumo.dll
2014-09-14 00:00 - 2014-09-14 00:00 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:11590865
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:587F3582
AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B
AlternateDataStreams: C:\ProgramData\TEMP:E0888117
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/15/2014 00:34:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12715611
Error: (09/15/2014 00:34:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12715611
Error: (09/15/2014 00:34:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/15/2014 00:34:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12714550
Error: (09/15/2014 00:34:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12714550
Error: (09/15/2014 00:34:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/15/2014 00:34:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12713427
Error: (09/15/2014 00:34:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12713427
Error: (09/15/2014 00:34:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/15/2014 00:34:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12712303
System errors:
=============
Error: (09/15/2014 02:33:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service hung on starting.
Error: (09/15/2014 02:30:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (09/15/2014 02:27:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PennyBee service service terminated unexpectedly. It has done this 1 time(s).
Error: (09/15/2014 02:25:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%2
Error: (09/15/2014 02:25:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5
Error: (09/15/2014 03:00:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (09/15/2014 03:00:42 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5
Error: (09/15/2014 03:00:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
Error: (09/14/2014 09:02:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpHotkeyMonitor service terminated unexpectedly. It has done this 1 time(s).
Error: (09/14/2014 08:06:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service hung on starting.
Microsoft Office Sessions:
=========================
Error: (09/15/2014 00:34:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12715611
Error: (09/15/2014 00:34:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12715611
Error: (09/15/2014 00:34:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/15/2014 00:34:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12714550
Error: (09/15/2014 00:34:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12714550
Error: (09/15/2014 00:34:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/15/2014 00:34:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12713427
Error: (09/15/2014 00:34:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12713427
Error: (09/15/2014 00:34:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/15/2014 00:34:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12712303
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 78%
Total physical RAM: 4030.37 MB
Available physical RAM: 872.59 MB
Total Pagefile: 10073.55 MB
Available Pagefile: 5300.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.98 GB) (Free:76.29 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:0.87 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: CB20CC52)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=0C)
==================== End Of Log ============================
|
|
16.09.2014, 12:24
| #5 |
| /// the machine /// TB-Ausbilder | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen hi, Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2014, 18:35
| #6 |
| | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinenCode:
ATTFilter ComboFix 14-09-16.01 - Kristina 16.09.2014 19:07:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4030.1472 [GMT 2:00]
Running from: c:\users\Kristina\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Config\uninstinethnfd.exe
c:\program files (x86)\Common Files\Config\ver.xml
c:\programdata\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
c:\programdata\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY\MyBestOffersToday.lnk
c:\users\Kristina\AppData\Local\TBHostSupport
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome.manifest
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\asyncDB.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\background.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\browserAction.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\contextMenu.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\dbManager.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\dom_bg.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\fileManager.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\firefox.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\firefoxNotifications.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\firefoxOmnibox.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\message.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\request.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\tabs.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\api\webRequest.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\background.html
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\baseObject.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\browser.xul
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\console.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\consts.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\delegate.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\httpObserver.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\IDBWrapper.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\installer.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\pluginsManager.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\prefs.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\progressListenerObserver.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\registry.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\reloadObserver.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\reports.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\requestObject.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\searchSettings.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\uninstallObserver.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\updateManager.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\utils.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\core\xhr.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\dialog.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\extensionCode\backgroundCode.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\extensionCode\pageCode.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\main.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\options.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\options.xul
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\search_dialog.xul
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\defaults\preferences\prefs.js
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\install.rdf
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\locale\en-US\translations.dtd
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\button1.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\button2.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\button3.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\button4.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\button5.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\crossrider_statusbar.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\icon128.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\icon16.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\icon24.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\icon48.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\panelarrow-up.png
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\popup.html
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\skin.css
c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\skin\update.css
c:\users\Kristina\AppData\Roaming\Zona
c:\users\Kristina\AppData\Roaming\Zona\init.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_CltMngSvc
.
.
((((((((((((((((((((((((( Files Created from 2014-08-16 to 2014-09-16 )))))))))))))))))))))))))))))))
.
.
2014-09-16 17:19 . 2014-09-16 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-16 16:09 . 2014-09-16 16:09 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-09-15 18:44 . 2014-09-15 18:49 -------- d-----w- C:\FRST
2014-09-14 22:42 . 2014-09-14 22:42 -------- d-----w- c:\users\Kristina\AppData\Local\Opera Software
2014-09-14 22:42 . 2014-09-14 22:42 -------- d-----w- c:\users\Kristina\AppData\Roaming\Opera Software
2014-09-14 22:42 . 2014-09-14 22:42 -------- d-----w- c:\users\Kristina\AppData\Roaming\Abelssoft
2014-09-14 22:42 . 2014-09-14 22:42 -------- d-----w- c:\programdata\XDMessagingv4
2014-09-14 22:41 . 2014-09-14 22:43 -------- d-----w- c:\users\Kristina\AppData\Local\Abelssoft
2014-09-14 22:40 . 2014-09-14 22:40 -------- d-----w- c:\program files (x86)\CHIP Updater
2014-09-14 22:40 . 2014-09-14 22:40 -------- d-----w- c:\users\Kristina\AppData\Roaming\DesktopIconGoodgame
2014-09-14 22:40 . 2011-03-25 18:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2014-09-14 22:40 . 2011-05-13 10:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2014-09-14 18:26 . 2014-09-14 18:47 -------- d-----w- c:\users\Kristina\AppData\Local\FreeFixer
2014-09-14 18:26 . 2014-09-14 18:26 -------- d-----w- c:\users\Kristina\AppData\Roaming\FreeFixer
2014-09-14 18:26 . 2014-09-14 18:26 -------- d-----w- c:\program files\FreeFixer
2014-09-14 16:00 . 2014-09-14 16:00 -------- d-----w- c:\users\Kristina\AppData\Local\MailRu
2014-09-14 15:38 . 2014-09-14 15:38 -------- d-----w- c:\program files (x86)\Enigma Software Group
2014-09-14 15:37 . 2014-09-14 15:48 -------- d-----w- c:\windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-09-14 15:06 . 2014-09-14 15:06 -------- d-----w- c:\program files\Enigma Software Group
2014-09-14 15:04 . 2014-09-14 15:38 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-14 15:04 . 2014-09-14 15:37 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-09-14 14:43 . 2014-09-14 14:43 -------- d-----w- c:\program files (x86)\Panicware
2014-09-14 12:14 . 2014-09-14 12:14 -------- d-----w- c:\users\Kristina\AppData\Local\Apps
2014-09-14 10:59 . 2014-09-14 10:59 687 ----a-w- C:\awhE33D.tmp
2014-09-14 10:56 . 2014-09-14 10:56 -------- d-----w- c:\users\Kristina\AppData\Roaming\MiniGet
2014-09-14 10:56 . 2014-09-14 16:03 -------- d-----w- c:\program files (x86)\MiniGet
2014-09-14 10:54 . 2014-09-14 11:34 -------- d-----w- c:\users\Kristina\AppData\Local\4718
2014-09-14 10:54 . 2014-09-14 14:38 -------- d-----w- c:\program files (x86)\Universal Updater
2014-09-14 10:54 . 2014-09-14 12:07 -------- d-----w- c:\program files (x86)\Salus
2014-09-14 10:54 . 2014-09-16 17:26 -------- d-----w- c:\users\Kristina\AppData\Local\mbot_de_70
2014-09-14 10:54 . 2014-09-14 11:34 -------- d-----w- c:\program files (x86)\mbot_de_70
2014-09-14 10:54 . 2014-09-14 10:54 -------- d-----w- c:\users\Kristina\AppData\Roaming\InetStat
2014-09-14 10:54 . 2014-09-16 17:18 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-09-14 10:49 . 2014-09-16 16:30 -------- d-----w- c:\users\Kristina\AppData\Roaming\VOPackage
2014-09-14 10:49 . 2014-09-14 10:48 58040 ----a-w- c:\windows\system32\drivers\webinstr.sys
2014-09-14 10:48 . 2014-09-16 16:51 -------- d-----w- c:\program files (x86)\YourFileDownloaderUpdater
2014-09-14 10:48 . 2014-09-14 15:00 -------- d-----w- c:\users\Kristina\AppData\Local\Genesis_09141048
2014-09-14 10:17 . 2014-09-14 10:24 -------- d-----w- C:\sitenav
2014-09-14 10:13 . 2014-09-14 10:14 -------- d-----w- c:\users\Kristina\AppData\Roaming\eTranslator
2014-09-14 10:12 . 2014-09-14 10:12 -------- d-----w- c:\progra~2\04CC~1
2014-09-14 10:01 . 2014-09-16 16:34 -------- d-----w- c:\users\Kristina\AppData\Roaming\Systweak
2014-09-14 10:00 . 2014-09-14 10:00 -------- d-----w- c:\users\Kristina\AppData\Roaming\PennyBee
2014-09-14 10:00 . 2013-05-27 14:01 20312 ----a-w- c:\windows\system32\roboot64.exe
2014-09-14 10:00 . 2014-09-16 08:24 -------- d-----w- c:\program files (x86)\PennyBee
2014-09-13 21:49 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-13 21:49 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-13 20:31 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-13 20:31 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-13 20:31 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-13 20:31 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-13 20:31 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-13 20:31 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-13 20:31 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-13 20:31 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-13 20:31 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-13 20:31 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-09-13 20:31 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-09-13 20:31 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-09-13 20:30 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-13 20:30 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-05 14:14 . 2014-09-05 14:14 47408 ----a-w- c:\windows\system32\drivers\salus.sys
2014-08-21 11:49 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-21 11:49 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-21 11:49 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-21 11:49 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-21 11:49 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-21 11:49 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-21 11:49 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-21 11:49 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-21 11:49 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-21 11:49 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-21 11:48 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-21 11:48 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-21 11:48 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-21 11:48 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 22:00 . 2012-12-28 22:49 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-13 22:00 . 2012-12-28 22:49 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-13 21:50 . 2013-01-07 22:08 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-11 21:44 . 2013-08-27 12:49 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-14 14:09 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-14 14:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-14 14:04 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 14:04 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-06-30 22:24 . 2014-08-16 01:02 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-16 01:02 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-14 14:08 14175744 ----a-w- c:\windows\system32\shell32.dll
2013-08-11 15:57 . 2013-08-11 15:57 51992 ----a-w- c:\program files (x86)\WBDesktop.Updater.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84C9B457-C48F-46CC-90C0-5A310C64108A}]
c:\program files (x86)\????? ? ????? ??????????\IE\x86\Downloader.dll [?]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-09-13 20:05 3627032 ----a-w- c:\program files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll" [2014-09-13 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE" [2012-02-27 283232]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"Spotify"="c:\users\Kristina\AppData\Roaming\Spotify\Spotify.exe" [2014-09-14 6621752]
"Spotify Web Helper"="c:\users\Kristina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-14 1245752]
"eTranslator Update"="c:\users\Kristina\AppData\Roaming\eTranslator\eTranslator.exe" [2014-09-14 2895800]
"InetStat"="c:\users\Kristina\AppData\Roaming\InetStat\inetstat.exe" [2014-09-14 700430]
"PopUpStopperFreeEdition"="c:\program files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 536576]
"amigo"="c:\users\Kristina\AppData\Local\Amigo\Application\amigo.exe" [2014-08-15 1112096]
"MailRuUpdater"="c:\users\Kristina\AppData\Local\Mail.Ru\MailRuUpdater.exe" [2014-08-20 6204136]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP HD Webcam [Fixed]_Monitor"="c:\program files (x86)\HP HD Webcam [Fixed]\monitor.exe" [2010-11-26 11:31 267128]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-11 658424]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-01-20 4411952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2014-09-13 2640408]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-12-12 186408]
"Salus"="c:\program files (x86)\Salus\Salus.exe" [2014-09-05 981808]
.
c:\users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-05-09 14:43 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 cpuz134;cpuz134;c:\users\Kristina\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Kristina\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 Salus;Salus;c:\windows\system32\drivers\Salus.sys;c:\windows\SYSNATIVE\drivers\Salus.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UniversalUpdater;Universal Updater Service;c:\program files (x86)\Universal Updater\UpdaterService.exe;c:\program files (x86)\Universal Updater\UpdaterService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe;c:\program files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe [x]
S2 webinstr;webinstr;c:\windows\system32\Drivers\webinstr.sys;c:\windows\SYSNATIVE\Drivers\webinstr.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-28 22:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Kristina\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-26 13880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-07 1424896]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2011-02-15 21709904]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-02-09 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-14 416024]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mail.ru/cnt/10445?gp=openpr2
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1410688861&from=cor&uid=TOSHIBAXMK3261GSYN_Y24BC49PTXXY24BC49PT&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1410688861&from=cor&uid=TOSHIBAXMK3261GSYN_Y24BC49PTXXY24BC49PT&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
mSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 82.212.62.62 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\
FF - prefs.js: browser.search.selectedEngine - Поиск@Mail.Ru
FF - prefs.js: browser.startup.homepage - hxxp://mail.ru/cnt/10445?gp=openpr2
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-TBHostSupport - c:\users\Kristina\AppData\Local\TBHostSupport\TBHostSupport_0.dll
Wow6432Node-HKCU-Run-APISupport - c:\users\Kristina\AppData\Local\TB\APISupport\APISupport.dll
Wow6432Node-HKCU-Run-BackgroundContainerV2 - c:\users\Kristina\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{434D452D-5637-006A-76A7-7A786E7484D7} - (no file)
BHO-{6585232B-6BBD-0BD4-B1BB-66EAE0DEBE27} - c:\program files (x86)\ver1BlockAndSurf\178_x64.dll
AddRemove-{28480FF5-A347-4C02-BEBD-FB8E306A49B0}_is1 - c:\program files (x86)\????? ? ????? ??????????\unins000.exe
AddRemove-{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289} - c:\program files (x86)\InstallShield Installation Information\{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}\setup.exe
AddRemove-clicup - c:\users\Kristina\AppData\Local\Temp\clicup\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-09-16 19:32:45 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-16 17:32
.
Pre-Run: 81.720.696.832 bytes free
Post-Run: 85.124.976.640 bytes free
.
- - End Of File - - 29302D238906112A14C0AD35B93765F7
|
|
17.09.2014, 18:44
| #7 |
| /// the machine /// TB-Ausbilder | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.09.2014, 21:32
| #8 |
| | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 17.09.2014 20:24:08, SYSTEM, KRISTINA-PC, Protection, Malware Protection, Starting, Protection, 17.09.2014 20:24:09, SYSTEM, KRISTINA-PC, Protection, Malware Protection, Started, Protection, 17.09.2014 20:24:09, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, Starting, Update, 17.09.2014 20:24:15, SYSTEM, KRISTINA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.9.15.1, Update, 17.09.2014 20:24:23, SYSTEM, KRISTINA-PC, Manual, Malware Database, 2014.3.4.9, 2014.9.17.8, Protection, 17.09.2014 20:24:24, SYSTEM, KRISTINA-PC, Protection, Refresh, Starting, Protection, 17.09.2014 20:26:27, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, Started, Protection, 17.09.2014 20:26:27, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, Stopping, Protection, 17.09.2014 20:26:27, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, Stopped, Protection, 17.09.2014 20:26:32, SYSTEM, KRISTINA-PC, Protection, Refresh, Success, Protection, 17.09.2014 20:26:32, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, Starting, Protection, 17.09.2014 20:26:32, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, Started, Detection, 17.09.2014 20:32:05, SYSTEM, KRISTINA-PC, Protection, Malware Protection, File, PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_70\mybestofferstoday_widget.exe, Quarantine, [6c500ce21467bd79c175c43017eb5ea2] Detection, 17.09.2014 20:36:32, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 185.21.216.133, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:36:32, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 185.21.216.133, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:39:58, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 95.79.91.21, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:39:58, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 95.79.91.21, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:40:36, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 93.170.49.219, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:40:37, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 93.170.49.219, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:40:58, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 91.188.62.225, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:40:58, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 91.188.62.225, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:46:54, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 91.188.48.225, 6881, Inbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:46:55, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 91.188.48.225, 6881, Inbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:56:47, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 93.103.86.103, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 20:56:47, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 93.103.86.103, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 21:05:07, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 188.65.50.39, 6881, Inbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 21:05:07, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 188.65.50.39, 6881, Inbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 21:18:50, SYSTEM, KRISTINA-PC, Protection, Malware Protection, File, PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\ProtocolFilters.dll, Quarantine, [fdbf826c07742b0b7cec91dec73d47b9] Detection, 17.09.2014 21:19:26, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater1.com, 64058, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:19:26, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater1.com, 64058, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:19:27, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater1.com, 64064, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:19:38, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64119, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:19:38, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64119, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:19:48, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater3.com, 64121, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:19:48, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater3.com, 64121, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:19:59, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater4.com, 64123, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:19:59, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater4.com, 64123, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:20:09, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater5.com, 64125, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:20:09, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater5.com, 64125, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:20:10, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater1.com, 64126, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:20:11, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64127, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:20:22, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater3.com, 64132, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:20:32, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater4.com, 64136, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:20:42, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater5.com, 64138, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:20:52, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater1.com, 64140, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:02, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater1.com, 64142, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:02, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater1.com, 64142, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:12, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater2.com, 64144, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:12, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater2.com, 64144, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:22, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater3.com, 64146, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:22, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater3.com, 64146, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:32, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater4.com, 64149, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:32, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater4.com, 64149, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:42, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater4.com, 64151, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:52, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater2.com, 64154, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:21:52, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater2.com, 64154, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:02, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater3.com, 64159, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:02, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater3.com, 64159, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:13, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater4.com, 64161, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:13, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater4.com, 64161, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:23, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater5.com, 64165, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:23, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater5.com, 64165, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:33, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater1.com, 64170, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:43, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64177, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:44, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64179, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:53, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater3.com, 64181, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:22:54, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater3.com, 64183, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:23:03, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater1.com, 64184, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:23:03, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater1.com, 64184, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:23:13, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64187, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:23:23, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater3.com, 64189, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:23:23, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater3.com, 64189, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:23:33, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64192, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:23:43, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater3.com, 64195, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:23:54, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater4.com, 64197, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:23:54, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater4.com, 64197, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:24:04, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater5.com, 64200, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:24:14, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater1.com, 64202, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:24:24, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater2.com, 64205, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:24:25, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater2.com, 64207, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:24:34, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater3.com, 64213, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:24:35, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater3.com, 64215, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:24:44, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater1.com, 64216, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:24:54, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater2.com, 64218, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:25:04, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater3.com, 64222, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:25:14, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater2.com, 64227, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:25:15, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater3.com, 64228, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:25:26, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater4.com, 64230, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:25:36, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater5.com, 64234, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:25:36, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater5.com, 64234, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:25:37, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater1.com, 64235, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:25:47, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater1.com, 64238, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:26:04, SYSTEM, KRISTINA-PC, Protection, Malware Protection, File, PUP.Optional.MBot.A, C:\Users\Kristina\AppData\Local\mbot_de_70\upmbot_de_70.exe, Quarantine, [823aad414338cf6775c0c133020043bd] Detection, 17.09.2014 21:26:32, SYSTEM, KRISTINA-PC, Protection, Malware Protection, File, PUP.Optional.WebCake.A, C:\Users\Kristina\AppData\Roaming\Betcat\WebCakeDesktop.exe, Quarantine, [8b318e601f5c979fed73d945748c13ed] Detection, 17.09.2014 21:46:04, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater3.com, 64248, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:46:18, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 218.7.166.165, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 21:46:19, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 218.7.166.165, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 21:46:20, SYSTEM, KRISTINA-PC, Protection, Malware Protection, File, PUP.Optional.BitGuard.A, C:\Windows\System32\Tasks\BitGuard, Quarantine, [526a618d3645c472e9cf62b0fb088878] Detection, 17.09.2014 21:46:24, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater4.com, 64273, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:46:34, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater5.com, 64279, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:46:44, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater1.com, 64283, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:46:44, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater1.com, 64283, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:46:54, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64286, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:47:04, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater3.com, 64294, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:47:14, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater4.com, 64297, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:47:24, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater5.com, 64302, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:47:34, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater1.com, 64304, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:47:44, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64306, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:47:54, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater3.com, 64309, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:48:05, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater4.com, 64330, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:48:06, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater4.com, 64332, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:48:15, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater5.com, 64341, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:48:16, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater5.com, 64343, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:48:25, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater3.com, 64344, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:48:35, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater4.com, 64347, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:48:36, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.132, etranslater5.com, 64351, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:48:46, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.158, etranslater4.com, 64353, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:48:56, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater5.com, 64355, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:49:06, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.157, etranslater1.com, 64359, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 17.09.2014 21:49:16, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 5.149.255.151, etranslater2.com, 64363, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Protection, 17.09.2014 21:53:48, SYSTEM, KRISTINA-PC, Protection, Malware Protection, Starting, Protection, 17.09.2014 21:53:51, SYSTEM, KRISTINA-PC, Protection, Malware Protection, Started, Protection, 17.09.2014 21:53:51, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, Starting, Protection, 17.09.2014 21:57:51, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, Started, Detection, 17.09.2014 21:58:52, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 218.7.167.130, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 21:58:52, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 218.7.167.130, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 22:00:19, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 91.188.62.194, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, Detection, 17.09.2014 22:00:19, SYSTEM, KRISTINA-PC, Protection, Malicious Website Protection, IP, 91.188.62.194, 6881, Outbound, C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe, (end) Code:
ATTFilter # AdwCleaner v3.310 - Report created 17/09/2014 at 22:11:30
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kristina - KRISTINA-PC
# Running from : C:\Users\Kristina\Downloads\AdwCleaner_3.310.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Betcat
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mail.Ru
Folder Deleted : C:\Program Files (x86)\Universal Updater
Folder Deleted : C:\Program Files (x86)\VideoConverter
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\FreeFixer
Folder Deleted : C:\Users\Kristina\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Kristina\AppData\Local\Conduit
Folder Deleted : C:\Users\Kristina\AppData\Local\FreeFixer
Folder Deleted : C:\Users\Kristina\AppData\Local\HD Streamer
Folder Deleted : C:\Users\Kristina\AppData\Local\Mail.Ru
Folder Deleted : C:\Users\Kristina\AppData\Local\MailRu
Folder Deleted : C:\Users\Kristina\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Kristina\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Kristina\AppData\Local\AlawarWrapper
Folder Deleted : C:\Users\Kristina\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Kristina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kristina\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Kristina\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Kristina\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Kristina\AppData\Roaming\Betcat
Folder Deleted : C:\Users\Kristina\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Kristina\AppData\Roaming\DSite
Folder Deleted : C:\Users\Kristina\AppData\Roaming\FreeFixer
Folder Deleted : C:\Users\Kristina\AppData\Roaming\InetStat
Folder Deleted : C:\Users\Kristina\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Kristina\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Kristina\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Deleted : C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Public\Documents\AlawarWrapper
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\user.js
File Deleted : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : ASP
Task Deleted : BitGuard
Task Deleted : QtraxPlayer
Task Deleted : Update Service YourFileDownloader
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{644BE2B3-0CA6-0E79-C394-5C27BEBC4FEB}]
Key Deleted : HKCU\Software\Classes\Applications\inetstat.exe
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\957888bb639e413
Key Deleted : HKLM\SOFTWARE\957888bb639e413
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-to-sketch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-to-sketch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\clicup
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\genesis
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\PennyBee
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeFixer1.11
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hola Chrome Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v31.0 (x86 de)
[ File : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\prefs.js ]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/*****************************************************************************[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n /************************************************************************************\[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "appAPI.internal.monetization = appAPI.internal.monetization || {};\nif [...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_177.code", "(function(){if(!(appAPI.isMatchPages&&appAPI.isMatchPages(\"*crossrider[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_177.name", "crossriderDashboard");
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_182.code", "(function(){if(typeof $jquery_171===\"undefined\"){return;}var c={DUMMY[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_194.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_91.code", "(function(t){var v=\"06-15\";if(!appAPI.isBackground&&appAPI.dom&&appAPI[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.backgroundjs", "\n\n/************************************************************************************\n This is your bac[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.js", "\n\n /************************************************************************************\n This is your Page Code. [...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_119.code", "appAPI.internal.monetization = appAPI.internal.monetization || {};\nif (typeof appAPI.internal.mon[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefine[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_177.code", "(function(){if(!(appAPI.isMatchPages&&appAPI.isMatchPages(\"*crossrider.com/extension_dashboard/da[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_177.name", "crossriderDashboard");
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_182.code", "(function(){if(typeof $jquery_171===\"undefined\"){return;}var c={DUMMY_PAGE_URL:\"hxxp://page.our[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_194.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.monetization={};}if(typeof[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_confi[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Defe[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesMana[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var f={keyDelay:1000},e,h;retur[...]
Line Deleted : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_91.code", "(function(t){var v=\"06-15\";if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}va[...]
Line Deleted : user_pref("extensions.crossrider.bic", "146ab2ed651182a3744895efc28a8f08");
*************************
AdwCleaner[R0].txt - [22243 octets] - [17/09/2014 22:03:26]
AdwCleaner[S0].txt - [21480 octets] - [17/09/2014 22:11:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21541 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kristina on 17.09.2014 at 22:22:33,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1710177085-3952504819-198495338-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{27F3ACCF-4486-405B-BFAB-1D141135B5F4}
~~~ Files
Successfully deleted: [File] "C:\Users\Kristina\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Kristina\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Kristina\music\qtrax media library"
~~~ FireFox
Successfully deleted the following from C:\Users\Kristina\AppData\Roaming\mozilla\firefox\profiles\1s79ufxz.default\prefs.js
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_220.code", "if(appAPI.isBackground){var ICMBaseManager=fun
user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_220.code", "if(appAPI.isBackground){var ICMBaseManager=function(a){return function(){
Emptied folder: C:\Users\Kristina\AppData\Roaming\mozilla\firefox\profiles\1s79ufxz.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.09.2014 at 22:28:56,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by Kristina (administrator) on KRISTINA-PC on 17-09-2014 22:30:29 Running from C:\Users\Kristina\Desktop\Antiviren Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Spotify Ltd) C:\Users\Kristina\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (Panicware, Inc.) C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe () C:\Program Files (x86)\Opera\24.0.1558.61\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] () HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] => C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] () HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [DTRun] => C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.) HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [Salus CrashMon] => "C:\Program Files (x86)\Salus\CrashMon.exe" "Salus.exe" "hxxp://log.data-url.com/salus/crash" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [Spotify] => C:\Users\Kristina\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-09-14] (Spotify Ltd) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [Spotify Web Helper] => C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-14] (Spotify Ltd) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [eTranslator Update] => C:\Users\Kristina\AppData\Roaming\eTranslator\eTranslator.exe [2895800 2014-09-14] () HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [PopUpStopperFreeEdition] => C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe [536576 2005-03-17] (Panicware, Inc.) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [MailRuUpdater] => C:\Users\Kristina\AppData\Local\Mail.Ru\MailRuUpdater.exe HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=openpr2 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D0832545831CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: No Name -> {434D452D-5637-006A-76A7-7A786E7484D7} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: AVdowloads -> {84C9B457-C48F-46CC-90C0-5A310C64108A} -> C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll (Audio and video downloads) BHO-x32: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default FF DefaultSearchEngine: ?????@Mail.Ru FF SelectedSearchEngine: ?????@Mail.Ru FF Homepage: hxxp://mail.ru/cnt/10445?gp=openpr2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\searchplugins\mailru.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Переводчик для FireFox - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\info4@etranslator.pro [2014-09-14] FF Extension: Аудио и видео скачивание - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\avdownloader-sk17@sk-sdk.com.xpi [2014-09-14] FF Extension: Cliqz Beta - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\cliqz@cliqz.com.xpi [2014-09-17] FF Extension: Adblock Plus - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-17] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-14] FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\cliqz@cliqz.com FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\92f62b97-e4e9-4505-ab9d-bd29c855bdfe@gmail.com [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [nmghlnjjldbehnfaejmbpophglopclgn] - C:\Program Files (x86)\Аудио и видео скачивание\avdownloader-sk.crx [2014-09-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.) S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2012-12-24] (Macrovision Europe Ltd.) [File not signed] R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2012-12-24] (Macrovision Europe Ltd.) [File not signed] R2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc) R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.) S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-09] (Hewlett-Packard Company) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-25] (DT Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2611704 2011-01-12] (Sunplus Technology) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Kristina\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 22:22 - 2014-09-17 22:22 - 00000000 ____D () C:\Windows\ERUNT 2014-09-17 22:21 - 2014-09-17 22:21 - 01016035 _____ (Thisisu) C:\Users\Kristina\Downloads\JRT.exe 2014-09-17 22:03 - 2014-09-17 22:12 - 00000000 ____D () C:\AdwCleaner 2014-09-17 22:02 - 2014-09-17 22:02 - 01373475 _____ () C:\Users\Kristina\Downloads\AdwCleaner_3.310.exe 2014-09-17 20:24 - 2014-09-17 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-17 20:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-17 20:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-17 20:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-17 20:21 - 2014-09-17 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kristina\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-16 19:37 - 2014-09-16 19:37 - 00003274 _____ () C:\Windows\System32\Tasks\{4267A5D8-4554-4E99-ABA8-B30AE40B75BF} 2014-09-16 19:32 - 2014-09-16 19:32 - 00046303 _____ () C:\ComboFix.txt 2014-09-16 19:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-16 19:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-16 19:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-16 19:03 - 2014-09-16 19:32 - 00000000 ____D () C:\Qoobox 2014-09-16 19:03 - 2014-09-16 19:30 - 00000000 ____D () C:\Windows\erdnt 2014-09-16 18:57 - 2014-09-16 18:57 - 05579386 ____R (Swearware) C:\Users\Kristina\Desktop\ComboFix.exe 2014-09-16 18:09 - 2014-09-16 18:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-16 10:29 - 2014-09-16 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-15 20:44 - 2014-09-17 22:30 - 00000000 ____D () C:\FRST 2014-09-15 20:43 - 2014-09-17 22:30 - 00000000 ____D () C:\Users\Kristina\Desktop\Antiviren 2014-09-15 00:42 - 2014-09-17 13:30 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410734508 2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Opera Software 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Opera Software 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-09-15 00:41 - 2014-09-15 00:43 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Abelssoft 2014-09-15 00:40 - 2014-09-15 00:40 - 00001468 _____ () C:\Users\Kristina\Desktop\Goodgame Empire.lnk 2014-09-15 00:40 - 2014-09-15 00:40 - 00001050 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\DesktopIconGoodgame 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-09-15 00:40 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-09-15 00:40 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-09-14 20:26 - 2014-09-14 20:26 - 02602023 _____ (Kephyr) C:\Users\Kristina\Downloads\freefixersetup.exe 2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk 2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk 2014-09-14 17:38 - 2014-09-14 17:38 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2014-09-14 17:37 - 2014-09-14 17:48 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP 2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 _____ () C:\autoexec.bat 2014-09-14 17:04 - 2014-09-14 17:38 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-09-14 16:43 - 2014-09-14 16:43 - 00001144 _____ () C:\Users\Kristina\Desktop\Pop-Up Stopper Free Edition.lnk 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panicware 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Panicware 2014-09-14 14:14 - 2014-09-14 14:14 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apps\2.0 2014-09-14 12:59 - 2014-09-14 12:59 - 00000687 _____ () C:\awhE33D.tmp 2014-09-14 12:56 - 2014-09-14 18:03 - 00000000 ____D () C:\Program Files (x86)\MiniGet 2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\MiniGet 2014-09-14 12:54 - 2014-09-17 21:49 - 00000000 ____D () C:\Program Files (x86)\Salus 2014-09-14 12:54 - 2014-09-14 13:34 - 00000000 ____D () C:\Users\Kristina\AppData\Local\4718 2014-09-14 12:49 - 2014-09-14 12:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf 2014-09-14 12:48 - 2014-09-16 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader 2014-09-14 12:48 - 2014-09-14 12:48 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-09-14 12:17 - 2014-09-14 12:24 - 00000000 ____D () C:\sitenav 2014-09-14 12:14 - 2014-09-14 12:14 - 00003172 _____ () C:\Windows\System32\Tasks\{E894B150-7AF5-4F7D-93B1-3F6683EF799A} 2014-09-14 12:13 - 2014-09-14 12:14 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\eTranslator 2014-09-14 12:12 - 2014-09-14 12:12 - 00000000 ____D () C:\Program Files (x86)\Аудио и видео скачивание 2014-09-14 12:00 - 2014-09-14 11:59 - 00853960 _____ (Reimage®) C:\Users\Kristina\Downloads\ReimageRepair [1].exe 2014-09-14 11:38 - 2014-09-14 11:40 - 00000156 _____ () C:\Windows\Reimage.ini 2014-09-14 00:11 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-14 00:11 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-14 00:11 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-14 00:11 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-14 00:11 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-14 00:11 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-14 00:11 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-14 00:11 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-14 00:11 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-14 00:11 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-14 00:11 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-14 00:11 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-14 00:11 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-14 00:11 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-14 00:11 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-14 00:11 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-14 00:11 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-14 00:11 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-14 00:11 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-14 00:11 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-14 00:11 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-14 00:11 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-14 00:11 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-14 00:11 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-14 00:11 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-14 00:11 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-14 00:11 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-14 00:11 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-14 00:11 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-14 00:11 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-14 00:11 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-14 00:11 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-14 00:11 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-14 00:11 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-14 00:11 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-14 00:11 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-14 00:11 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-14 00:11 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-14 00:11 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-14 00:11 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-14 00:11 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-14 00:11 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-14 00:11 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-14 00:11 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-14 00:11 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-14 00:11 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-14 00:11 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-14 00:11 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-14 00:11 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-14 00:11 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-14 00:11 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-14 00:11 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-14 00:11 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-14 00:11 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-14 00:11 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-14 00:11 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-13 23:49 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-13 23:49 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 22:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-13 22:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-13 22:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-13 22:31 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-13 22:31 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-13 22:31 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-13 22:31 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-13 22:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-13 22:31 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-13 22:31 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-13 22:31 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-13 22:31 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-13 22:30 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-13 22:30 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-21 13:49 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-21 13:49 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-21 13:49 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-21 13:49 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-21 13:48 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-21 13:48 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-21 13:48 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-21 13:48 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-17 22:30 - 2014-09-15 20:44 - 00000000 ____D () C:\FRST 2014-09-17 22:30 - 2014-09-15 20:43 - 00000000 ____D () C:\Users\Kristina\Desktop\Antiviren 2014-09-17 22:25 - 2014-05-16 13:01 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Spotify 2014-09-17 22:24 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-17 22:24 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-17 22:22 - 2014-09-17 22:22 - 00000000 ____D () C:\Windows\ERUNT 2014-09-17 22:21 - 2014-09-17 22:21 - 01016035 _____ (Thisisu) C:\Users\Kristina\Downloads\JRT.exe 2014-09-17 22:18 - 2014-09-17 20:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 22:15 - 2013-11-11 18:10 - 00000000 ___RD () C:\Users\Kristina\Dropbox 2014-09-17 22:15 - 2013-11-11 18:04 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Dropbox 2014-09-17 22:14 - 2012-12-24 18:26 - 00000000 ____D () C:\ProgramData\PDFC 2014-09-17 22:13 - 2012-12-24 18:16 - 00420172 _____ () C:\Windows\PFRO.log 2014-09-17 22:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-17 22:13 - 2009-07-14 06:51 - 00059232 _____ () C:\Windows\setupact.log 2014-09-17 22:12 - 2014-09-17 22:03 - 00000000 ____D () C:\AdwCleaner 2014-09-17 22:12 - 2012-12-24 18:35 - 02085380 _____ () C:\Windows\WindowsUpdate.log 2014-09-17 22:02 - 2014-09-17 22:02 - 01373475 _____ () C:\Users\Kristina\Downloads\AdwCleaner_3.310.exe 2014-09-17 22:00 - 2012-12-29 00:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-17 21:49 - 2014-09-14 12:54 - 00000000 ____D () C:\Program Files (x86)\Salus 2014-09-17 21:49 - 2014-04-03 18:50 - 00000000 ____D () C:\Users\Kristina\AppData\Local\TB 2014-09-17 21:49 - 2012-12-24 19:08 - 00000000 ____D () C:\Users\Kristina\AppData\Local\CRE 2014-09-17 21:19 - 2012-12-24 19:06 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Skype 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-17 20:21 - 2014-09-17 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kristina\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-17 17:37 - 2012-12-24 18:56 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-17 13:30 - 2014-09-15 00:42 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410734508 2014-09-17 13:30 - 2012-12-24 19:03 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-09-17 13:23 - 2012-12-27 12:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-17 13:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-09-16 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-16 19:37 - 2014-09-16 19:37 - 00003274 _____ () C:\Windows\System32\Tasks\{4267A5D8-4554-4E99-ABA8-B30AE40B75BF} 2014-09-16 19:32 - 2014-09-16 19:32 - 00046303 _____ () C:\ComboFix.txt 2014-09-16 19:32 - 2014-09-16 19:03 - 00000000 ____D () C:\Qoobox 2014-09-16 19:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-09-16 19:30 - 2014-09-16 19:03 - 00000000 ____D () C:\Windows\erdnt 2014-09-16 19:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-16 19:22 - 2009-07-14 04:34 - 91226112 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-09-16 19:22 - 2009-07-14 04:34 - 17825792 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-09-16 19:22 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-09-16 19:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-09-16 19:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-09-16 18:57 - 2014-09-16 18:57 - 05579386 ____R (Swearware) C:\Users\Kristina\Desktop\ComboFix.exe 2014-09-16 18:54 - 2014-05-16 13:02 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Spotify 2014-09-16 18:46 - 2014-09-14 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader 2014-09-16 18:09 - 2014-09-16 18:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-16 10:31 - 2012-12-24 19:05 - 00000000 ____D () C:\ProgramData\Skype 2014-09-16 10:29 - 2014-09-16 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-16 10:29 - 2013-01-28 20:03 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-16 00:13 - 2013-07-27 00:10 - 00000090 _____ () C:\Users\Kristina\AppData\Roaming\WB.CFG 2014-09-15 15:44 - 2013-01-01 18:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-09-15 14:26 - 2012-12-24 17:58 - 00111336 _____ () C:\Users\Kristina\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-15 14:24 - 2009-07-14 06:45 - 00412376 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-15 00:43 - 2014-09-15 00:41 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Opera Software 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Opera Software 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-09-15 00:40 - 2014-09-15 00:40 - 00001468 _____ () C:\Users\Kristina\Desktop\Goodgame Empire.lnk 2014-09-15 00:40 - 2014-09-15 00:40 - 00001050 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\DesktopIconGoodgame 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-09-14 20:26 - 2014-09-14 20:26 - 02602023 _____ (Kephyr) C:\Users\Kristina\Downloads\freefixersetup.exe 2014-09-14 20:19 - 2012-12-27 12:10 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-14 20:18 - 2012-12-27 12:11 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Google 2014-09-14 20:01 - 2013-07-22 11:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-14 19:55 - 2012-12-24 19:03 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Opera 2014-09-14 19:54 - 2012-12-24 19:17 - 00000000 ___RD () C:\Users\Kristina\Desktop\Programms 2014-09-14 19:54 - 2012-12-24 19:03 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Opera 2014-09-14 19:45 - 2013-10-22 14:34 - 00000000 ____D () C:\Users\Kristina\Desktop\Uni 2014-09-14 18:03 - 2014-09-14 12:56 - 00000000 ____D () C:\Program Files (x86)\MiniGet 2014-09-14 18:01 - 2014-03-16 20:48 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Amigo 2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk 2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk 2014-09-14 18:00 - 2014-03-16 20:48 - 00002258 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk 2014-09-14 17:48 - 2014-09-14 17:37 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP 2014-09-14 17:44 - 2014-06-17 00:36 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-14 17:44 - 2014-06-17 00:36 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-09-14 17:44 - 2012-12-24 17:42 - 00001413 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-14 17:38 - 2014-09-14 17:38 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2014-09-14 17:38 - 2014-09-14 17:04 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 _____ () C:\autoexec.bat 2014-09-14 16:43 - 2014-09-14 16:43 - 00001144 _____ () C:\Users\Kristina\Desktop\Pop-Up Stopper Free Edition.lnk 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panicware 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Panicware 2014-09-14 14:14 - 2014-09-14 14:14 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apps\2.0 2014-09-14 13:34 - 2014-09-14 12:54 - 00000000 ____D () C:\Users\Kristina\AppData\Local\4718 2014-09-14 12:59 - 2014-09-14 12:59 - 00000687 _____ () C:\awhE33D.tmp 2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\MiniGet 2014-09-14 12:49 - 2014-09-14 12:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf 2014-09-14 12:48 - 2014-09-14 12:48 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-09-14 12:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-09-14 12:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-09-14 12:24 - 2014-09-14 12:17 - 00000000 ____D () C:\sitenav 2014-09-14 12:14 - 2014-09-14 12:14 - 00003172 _____ () C:\Windows\System32\Tasks\{E894B150-7AF5-4F7D-93B1-3F6683EF799A} 2014-09-14 12:14 - 2014-09-14 12:13 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\eTranslator 2014-09-14 12:12 - 2014-09-14 12:12 - 00000000 ____D () C:\Program Files (x86)\Аудио и видео скачивание 2014-09-14 11:59 - 2014-09-14 12:00 - 00853960 _____ (Reimage®) C:\Users\Kristina\Downloads\ReimageRepair [1].exe 2014-09-14 11:40 - 2014-09-14 11:38 - 00000156 _____ () C:\Windows\Reimage.ini 2014-09-14 00:00 - 2012-12-29 00:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-14 00:00 - 2012-12-29 00:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-14 00:00 - 2012-12-29 00:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-13 23:50 - 2013-01-08 00:08 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-13 23:48 - 2014-05-01 14:18 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-05 04:10 - 2014-09-13 22:30 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-13 22:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-23 04:07 - 2014-09-13 22:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-09-13 22:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-09-13 22:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-19 21:36 - 2014-06-26 13:26 - 00000000 ____D () C:\Users\Kristina\Desktop\WiW 2014-08-19 20:05 - 2014-09-14 00:11 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-19 19:39 - 2014-09-14 00:11 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-19 01:01 - 2014-09-14 00:11 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-19 00:29 - 2014-09-14 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-19 00:29 - 2014-09-14 00:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-19 00:26 - 2014-09-14 00:11 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-19 00:20 - 2014-09-14 00:11 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-19 00:19 - 2014-09-14 00:11 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-19 00:15 - 2014-09-14 00:11 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-19 00:15 - 2014-09-14 00:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-19 00:14 - 2014-09-14 00:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-19 00:14 - 2014-09-14 00:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-19 00:08 - 2014-09-14 00:11 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-19 00:08 - 2014-09-14 00:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-19 00:08 - 2014-09-14 00:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-19 00:05 - 2014-09-14 00:11 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-19 00:03 - 2014-09-14 00:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-19 00:03 - 2014-09-14 00:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-19 00:03 - 2014-09-14 00:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-18 23:57 - 2014-09-14 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-18 23:56 - 2014-09-14 00:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:51 - 2014-09-14 00:11 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-18 23:46 - 2014-09-14 00:11 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-18 23:45 - 2014-09-14 00:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:45 - 2014-09-14 00:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-18 23:44 - 2014-09-14 00:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-14 00:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-14 00:11 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-18 23:40 - 2014-09-14 00:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-18 23:39 - 2014-09-14 00:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-18 23:39 - 2014-09-14 00:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-18 23:39 - 2014-09-14 00:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-18 23:38 - 2014-09-14 00:11 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-18 23:37 - 2014-09-14 00:11 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-18 23:36 - 2014-09-14 00:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-18 23:35 - 2014-09-14 00:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-18 23:27 - 2014-09-14 00:11 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-18 23:25 - 2014-09-14 00:11 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-18 23:25 - 2014-09-14 00:11 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-18 23:23 - 2014-09-14 00:11 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-18 23:23 - 2014-09-14 00:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-18 23:22 - 2014-09-14 00:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-14 00:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-18 23:17 - 2014-09-14 00:11 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-18 23:17 - 2014-09-14 00:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-18 23:16 - 2014-09-14 00:11 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-18 23:15 - 2014-09-14 00:11 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-18 23:15 - 2014-09-14 00:11 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-18 23:09 - 2014-09-14 00:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-18 23:08 - 2014-09-14 00:11 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-18 23:07 - 2014-09-14 00:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-18 22:55 - 2014-09-14 00:11 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-18 22:46 - 2014-09-14 00:11 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-18 22:38 - 2014-09-14 00:11 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-18 22:38 - 2014-09-14 00:11 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-18 22:36 - 2014-09-14 00:11 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Kristina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprxfxn0.dll C:\Users\Kristina\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 20:25 ==================== End Of Log ============================ --- --- --- |
|
18.09.2014, 13:52
| #9 |
| /// the machine /// TB-Ausbilder | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.09.2014, 17:24
| #10 |
| | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen Soll ich die gefundenen Bedrohungen von ESET deinstallieren ? (Hacken auf der Seite von "fertig stellen") Code:
ATTFilter # product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7a20f82cc83faa4a8ee3546e4b8557fa
# engine=20232
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-19 03:18:59
# local_time=2014-09-19 05:18:59 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2013'
# compatibility_mode=1044 16777213 100 87 86744 98273923 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 33532800 162769789 0 0
# scanned=348893
# found=36
# cleaned=0
# scan_time=11010
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=3096A6D6D5007B947C86A7FE8E72EEB3C86E80B3 ft=1 fh=6df4c99aadb2d5ea vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\APISupport.dll.vir"
sh=3661EDB38BCB034EA00F78F9144D975333C786BA ft=1 fh=0c96e457c8798f6f vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\APISupport.old.vir"
sh=E0C40AC460D16773DA3546A23508774E7898D893 ft=1 fh=3e6b5ab950259002 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\APISupport_2.0.1.0\ApiSupport.dll.vir"
sh=D68B6F04BDEAE5E8335F52C4A32E08D91A80505E ft=1 fh=adf7011657306ae6 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\APISupport_2.0.1.1\ApiSupport.dll.vir"
sh=88F0020FC52EC4C7F80519D64F0C49D56210C499 ft=1 fh=df4b907de8b072e5 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\APISupport_2.0.1.3\ApiSupport.dll.vir"
sh=0E7E5F4C697E7E0A77575D8D62C4C6357CCD3B02 ft=1 fh=cb46e2c2bd0b7bca vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\APISupport_2.0.2.0\ApiSupport.dll.vir"
sh=3661EDB38BCB034EA00F78F9144D975333C786BA ft=1 fh=0c96e457c8798f6f vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\APISupport_2.0.4.3\ApiSupport.dll.vir"
sh=3096A6D6D5007B947C86A7FE8E72EEB3C86E80B3 ft=1 fh=6df4c99aadb2d5ea vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll.vir"
sh=17CCE05F40D9ECE31DB0841419226BBCDEA130B7 ft=1 fh=24fc0f30760f8ecb vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.51\MiniSP.dll.vir"
sh=4694896D296941721C0D8D609E512AE1B7FD2FF4 ft=1 fh=1053b6b83f30c1d5 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.55\MiniSP.dll.vir"
sh=C5F21C12A5C2066BBAE8587380FAAFA01F739B38 ft=1 fh=67bd6377e7694521 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.60\MiniSP.dll.vir"
sh=7B747225FCFD7B718513C61724F85F9DE3A3DEB1 ft=1 fh=741c83cdb80b287a vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.76\MiniSP.dll.vir"
sh=9CF16FBA745174DB1541FD0F4F64C22ED4928AED ft=1 fh=b6c6f78f2929b8a0 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.93\MiniSP.dll.vir"
sh=41F23E459EFF023AB1B26586463360E45528ABC7 ft=1 fh=5a93daf7e0cc20e5 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\NativeMessaging\CT3220468\1_0_0_10\TBMessagingHost.exe.vir"
sh=B0B26548D636CFADD954E4B3DFD30E8F2D61D487 ft=1 fh=5129ed505060d1fb vn="Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\NativeMessaging\CT3220468\1_0_0_4\TBMessagingHost.exe.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\NativeMessaging\CT3220468\1_0_0_6\TBMessagingHost.exe.vir"
sh=D4D640E4A04D91DEF41DAD844D1EC046FA1D5F3E ft=1 fh=f32a1de57c3d142e vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\NativeMessaging\CT3220468\1_0_0_7\TBMessagingHost.exe.vir"
sh=47684BC9F96872C4134DD46689D013BD8E51A14A ft=1 fh=47ffb6bc73749a57 vn="Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\NativeMessaging\CT3220468\1_0_0_9\TBMessagingHost.exe.vir"
sh=FADE4553CF63ABD446132E31C7F927AC9D191F5D ft=1 fh=cfebcaa46fcaed43 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\NativeMessaging\CT3220468\1_0_1_6\TBMessagingHost.exe.vir"
sh=95D6172E485A8CE4E67FC5544335FB317B8D989B ft=1 fh=1a7ba23778e9464f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Local\NativeMessaging\CT3220468\1_0_2_0\TBMessagingHost.exe.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=97D10A94D3A5CBD227545D6B595106D8C8CF71EB ft=1 fh=66b5464a9db41a46 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Roaming\Betcat\dat\Desktop.OS.dll.vir"
sh=5E9AF9B16CADF60371BD946E05C62E88BB3C8CA3 ft=1 fh=49cf5f646ed154fe vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Roaming\Betcat\dat\Dora.dat.vir"
sh=378D3832CC54A7B09A8D2750967DCCA6C03AC130 ft=1 fh=e791232433ea870a vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Roaming\Betcat\dat\Maintain.dat.vir"
sh=3463A5C8EEB00DCD4F1DAE530D9D4F997DE360F9 ft=1 fh=97a108d1f83f7f9b vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Roaming\Betcat\dat\Paladin.dat.vir"
sh=A9E528007F510A7E46D3E1E375443AF378F57CF0 ft=1 fh=cb1e91dcdcc6c9aa vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kristina\AppData\Roaming\Betcat\dat\Phoenix.dat.vir"
sh=0A7B0B42E890761457162FF5B6AFA4CACD03ADA7 ft=1 fh=f3588219254e4f42 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=BEC3400A1DB41854B81A1764807964AED9F9AAC9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kristina\AppData\Local\Mozilla\Firefox\Profiles\1s79ufxz.default\Cache\C\92\08519d01"
sh=EE4B0E3BA23F08B1224B1CDE47E3CA536A068E22 ft=1 fh=aba844644e7b80e6 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\Users\Kristina\Desktop\Kris\_music_to_accompany_the_world_traveller_(192kbs).exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kristina\Desktop\Programms\PDFCreator-1_7_3_setup.exe"
sh=2ED8972BE58873233E0321BFE9C7C63AFD5A95DC ft=1 fh=526bec6753d476a6 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kristina\Desktop\Programms\SoftonicDownloader_fuer_pop-up-stopper-free-edition.exe"
sh=BC187681AABEE8E29BAD8FEB19372CFD88BD5B4D ft=1 fh=f520ba823e6c8604 vn="Win32/InstallMonstr.FP evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kristina\Desktop\Programms\SpyHunter.4.16.5.4290.exe"
sh=E90F1018D4E73C26E3E5B9BB88EF0A3B729C2B84 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kristina\Desktop\Programms\regcleaner 6 2 key\RegCleaner 6.2 + key.rar"
sh=4DFC1604A0FEEE1AE302EFA0CFA955EB0092E65A ft=1 fh=1fd97771b94098cf vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kristina\Desktop\Programms\regcleaner 6 2 key\RegCleanPRO_Trial_Rus_Setup.exe"
sh=40190F48C90FEA66BC40A42ECA82A829A1E14847 ft=1 fh=13c38e2475f3b48b vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Kristina\Downloads\Games\Awakening The Dreamless Castle (aka The Enchanted Castle) - HOG - Cracked\DreamCastle.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 25 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (31.0) Google Chrome 35.0.1916.114 Google Chrome 37.0.2062.120 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by Kristina (administrator) on KRISTINA-PC on 19-09-2014 18:22:51 Running from C:\Users\Kristina\Desktop\Antiviren Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIVE.EXE (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (Spotify Ltd) C:\Users\Kristina\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Panicware, Inc.) C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dropbox, Inc.) C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe () C:\Program Files (x86)\Opera\24.0.1558.61\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Opera Software) C:\Program Files (x86)\Opera\24.0.1558.61\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] () HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] => C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] () HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [DTRun] => C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.) HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [Salus CrashMon] => "C:\Program Files (x86)\Salus\CrashMon.exe" "Salus.exe" "hxxp://log.data-url.com/salus/crash" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [Spotify] => C:\Users\Kristina\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-09-14] (Spotify Ltd) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [Spotify Web Helper] => C:\Users\Kristina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-14] (Spotify Ltd) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [eTranslator Update] => C:\Users\Kristina\AppData\Roaming\eTranslator\eTranslator.exe [2895800 2014-09-14] () HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [PopUpStopperFreeEdition] => C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe [536576 2005-03-17] (Panicware, Inc.) HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [MailRuUpdater] => C:\Users\Kristina\AppData\Local\Mail.Ru\MailRuUpdater.exe HKU\S-1-5-21-1710177085-3952504819-198495338-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Kristina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=openpr2 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D0832545831CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: No Name -> {434D452D-5637-006A-76A7-7A786E7484D7} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: AVdowloads -> {84C9B457-C48F-46CC-90C0-5A310C64108A} -> C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll (Audio and video downloads) BHO-x32: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default FF DefaultSearchEngine: ?????@Mail.Ru FF SelectedSearchEngine: ?????@Mail.Ru FF Homepage: hxxp://mail.ru/cnt/10445?gp=openpr2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\searchplugins\mailru.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Переводчик для FireFox - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\info4@etranslator.pro [2014-09-14] FF Extension: Аудио и видео скачивание - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\avdownloader-sk17@sk-sdk.com.xpi [2014-09-14] FF Extension: Cliqz Beta - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\cliqz@cliqz.com.xpi [2014-09-17] FF Extension: Adblock Plus - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-17] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-14] FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\cliqz@cliqz.com FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\1s79ufxz.default\extensions\92f62b97-e4e9-4505-ab9d-bd29c855bdfe@gmail.com [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [nmghlnjjldbehnfaejmbpophglopclgn] - C:\Program Files (x86)\Аудио и видео скачивание\avdownloader-sk.crx [2014-09-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.) S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2012-12-24] (Macrovision Europe Ltd.) [File not signed] R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2012-12-24] (Macrovision Europe Ltd.) [File not signed] R2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc) R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.) S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-09] (Hewlett-Packard Company) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-25] (DT Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2611704 2011-01-12] (Sunplus Technology) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Kristina\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 18:14 - 2014-09-19 18:14 - 00854417 _____ () C:\Users\Kristina\Downloads\SecurityCheck.exe 2014-09-19 14:11 - 2014-09-19 14:12 - 02347384 _____ (ESET) C:\Users\Kristina\Downloads\esetsmartinstaller_deu.exe 2014-09-19 14:08 - 2014-09-19 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-19 14:08 - 2014-09-19 14:08 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-09-18 11:19 - 2014-09-19 17:30 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-18 11:19 - 2014-09-19 13:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-18 11:19 - 2014-09-18 11:35 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-18 11:19 - 2014-09-18 11:25 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-09-18 11:19 - 2014-09-18 11:25 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-09-18 11:19 - 2014-09-18 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-17 22:22 - 2014-09-17 22:22 - 00000000 ____D () C:\Windows\ERUNT 2014-09-17 22:21 - 2014-09-17 22:21 - 01016035 _____ (Thisisu) C:\Users\Kristina\Downloads\JRT.exe 2014-09-17 22:03 - 2014-09-17 22:12 - 00000000 ____D () C:\AdwCleaner 2014-09-17 22:02 - 2014-09-17 22:02 - 01373475 _____ () C:\Users\Kristina\Downloads\AdwCleaner_3.310.exe 2014-09-17 20:24 - 2014-09-19 17:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-17 20:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-17 20:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-17 20:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-17 20:21 - 2014-09-17 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kristina\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-16 19:37 - 2014-09-16 19:37 - 00003274 _____ () C:\Windows\System32\Tasks\{4267A5D8-4554-4E99-ABA8-B30AE40B75BF} 2014-09-16 19:32 - 2014-09-16 19:32 - 00046303 _____ () C:\ComboFix.txt 2014-09-16 19:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-16 19:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-16 19:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-16 19:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-16 19:03 - 2014-09-16 19:32 - 00000000 ____D () C:\Qoobox 2014-09-16 19:03 - 2014-09-16 19:30 - 00000000 ____D () C:\Windows\erdnt 2014-09-16 18:57 - 2014-09-16 18:57 - 05579386 ____R (Swearware) C:\Users\Kristina\Desktop\ComboFix.exe 2014-09-16 18:09 - 2014-09-16 18:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-16 10:29 - 2014-09-16 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-15 20:44 - 2014-09-19 18:22 - 00000000 ____D () C:\FRST 2014-09-15 20:43 - 2014-09-19 18:22 - 00000000 ____D () C:\Users\Kristina\Desktop\Antiviren 2014-09-15 00:42 - 2014-09-17 13:30 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410734508 2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Opera Software 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Opera Software 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-09-15 00:41 - 2014-09-15 00:43 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Abelssoft 2014-09-15 00:40 - 2014-09-15 00:40 - 00001468 _____ () C:\Users\Kristina\Desktop\Goodgame Empire.lnk 2014-09-15 00:40 - 2014-09-15 00:40 - 00001050 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\DesktopIconGoodgame 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-09-15 00:40 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-09-15 00:40 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-09-14 20:26 - 2014-09-14 20:26 - 02602023 _____ (Kephyr) C:\Users\Kristina\Downloads\freefixersetup.exe 2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk 2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk 2014-09-14 17:38 - 2014-09-14 17:38 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2014-09-14 17:37 - 2014-09-14 17:48 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP 2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 _____ () C:\autoexec.bat 2014-09-14 17:04 - 2014-09-14 17:38 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-09-14 16:43 - 2014-09-14 16:43 - 00001144 _____ () C:\Users\Kristina\Desktop\Pop-Up Stopper Free Edition.lnk 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panicware 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Panicware 2014-09-14 14:14 - 2014-09-14 14:14 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apps\2.0 2014-09-14 12:59 - 2014-09-14 12:59 - 00000687 _____ () C:\awhE33D.tmp 2014-09-14 12:56 - 2014-09-14 18:03 - 00000000 ____D () C:\Program Files (x86)\MiniGet 2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\MiniGet 2014-09-14 12:54 - 2014-09-17 21:49 - 00000000 ____D () C:\Program Files (x86)\Salus 2014-09-14 12:54 - 2014-09-14 13:34 - 00000000 ____D () C:\Users\Kristina\AppData\Local\4718 2014-09-14 12:49 - 2014-09-14 12:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf 2014-09-14 12:48 - 2014-09-16 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader 2014-09-14 12:48 - 2014-09-14 12:48 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-09-14 12:17 - 2014-09-14 12:24 - 00000000 ____D () C:\sitenav 2014-09-14 12:14 - 2014-09-14 12:14 - 00003172 _____ () C:\Windows\System32\Tasks\{E894B150-7AF5-4F7D-93B1-3F6683EF799A} 2014-09-14 12:13 - 2014-09-14 12:14 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\eTranslator 2014-09-14 12:12 - 2014-09-14 12:12 - 00000000 ____D () C:\Program Files (x86)\Аудио и видео скачивание 2014-09-14 12:00 - 2014-09-14 11:59 - 00853960 _____ (Reimage®) C:\Users\Kristina\Downloads\ReimageRepair [1].exe 2014-09-14 11:38 - 2014-09-14 11:40 - 00000156 _____ () C:\Windows\Reimage.ini 2014-09-14 00:11 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-14 00:11 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-14 00:11 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-14 00:11 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-14 00:11 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-14 00:11 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-14 00:11 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-14 00:11 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-14 00:11 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-14 00:11 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-14 00:11 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-14 00:11 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-14 00:11 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-14 00:11 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-14 00:11 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-14 00:11 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-14 00:11 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-14 00:11 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-14 00:11 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-14 00:11 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-14 00:11 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-14 00:11 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-14 00:11 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-14 00:11 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-14 00:11 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-14 00:11 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-14 00:11 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-14 00:11 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-14 00:11 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-14 00:11 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-14 00:11 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-14 00:11 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-14 00:11 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-14 00:11 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-14 00:11 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-14 00:11 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-14 00:11 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-14 00:11 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-14 00:11 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-14 00:11 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-14 00:11 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-14 00:11 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-14 00:11 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-14 00:11 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-14 00:11 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-14 00:11 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-14 00:11 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-14 00:11 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-14 00:11 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-14 00:11 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-14 00:11 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-14 00:11 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-14 00:11 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-14 00:11 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-14 00:11 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-14 00:11 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-13 23:49 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-13 23:49 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 22:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-13 22:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-13 22:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-13 22:31 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-13 22:31 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-13 22:31 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-13 22:31 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-13 22:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-13 22:31 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-13 22:31 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-13 22:31 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-13 22:31 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-13 22:30 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-13 22:30 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-21 13:49 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-21 13:49 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-21 13:49 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-21 13:49 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-21 13:49 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-21 13:48 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-21 13:48 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-21 13:48 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-21 13:48 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 18:22 - 2014-09-15 20:44 - 00000000 ____D () C:\FRST 2014-09-19 18:22 - 2014-09-15 20:43 - 00000000 ____D () C:\Users\Kristina\Desktop\Antiviren 2014-09-19 18:14 - 2014-09-19 18:14 - 00854417 _____ () C:\Users\Kristina\Downloads\SecurityCheck.exe 2014-09-19 18:00 - 2012-12-29 00:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-19 17:53 - 2014-09-17 20:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 17:53 - 2014-05-16 13:01 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Spotify 2014-09-19 17:48 - 2012-12-24 18:56 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-19 17:47 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-09-19 17:30 - 2014-09-18 11:19 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-19 16:20 - 2012-12-24 18:35 - 01071057 _____ () C:\Windows\WindowsUpdate.log 2014-09-19 14:14 - 2009-07-14 07:13 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-19 14:12 - 2014-09-19 14:11 - 02347384 _____ (ESET) C:\Users\Kristina\Downloads\esetsmartinstaller_deu.exe 2014-09-19 14:11 - 2009-07-14 06:51 - 00060084 _____ () C:\Windows\setupact.log 2014-09-19 14:08 - 2014-09-19 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-19 14:08 - 2014-09-19 14:08 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-09-19 14:08 - 2013-08-08 19:40 - 00000000 ____D () C:\Program Files (x86)\Java 2014-09-19 14:04 - 2012-12-24 19:06 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Skype 2014-09-19 13:48 - 2014-09-18 11:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-18 11:35 - 2014-09-18 11:19 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-18 11:25 - 2014-09-18 11:19 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-09-18 11:25 - 2014-09-18 11:19 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-09-18 11:19 - 2014-09-18 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-18 11:19 - 2012-12-27 12:12 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Adobe 2014-09-18 11:19 - 2012-12-27 12:10 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-18 11:18 - 2012-12-29 00:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-18 11:18 - 2012-12-29 00:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-18 11:18 - 2012-12-29 00:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-18 09:33 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-18 09:33 - 2009-07-14 06:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-18 09:26 - 2013-11-11 18:10 - 00000000 ___RD () C:\Users\Kristina\Dropbox 2014-09-18 09:26 - 2013-11-11 18:04 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Dropbox 2014-09-18 09:24 - 2012-12-24 18:26 - 00000000 ____D () C:\ProgramData\PDFC 2014-09-18 09:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-18 02:17 - 2013-11-11 18:07 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-17 22:22 - 2014-09-17 22:22 - 00000000 ____D () C:\Windows\ERUNT 2014-09-17 22:21 - 2014-09-17 22:21 - 01016035 _____ (Thisisu) C:\Users\Kristina\Downloads\JRT.exe 2014-09-17 22:13 - 2012-12-24 18:16 - 00420172 _____ () C:\Windows\PFRO.log 2014-09-17 22:12 - 2014-09-17 22:03 - 00000000 ____D () C:\AdwCleaner 2014-09-17 22:02 - 2014-09-17 22:02 - 01373475 _____ () C:\Users\Kristina\Downloads\AdwCleaner_3.310.exe 2014-09-17 21:49 - 2014-09-14 12:54 - 00000000 ____D () C:\Program Files (x86)\Salus 2014-09-17 21:49 - 2014-04-03 18:50 - 00000000 ____D () C:\Users\Kristina\AppData\Local\TB 2014-09-17 21:49 - 2012-12-24 19:08 - 00000000 ____D () C:\Users\Kristina\AppData\Local\CRE 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-17 20:23 - 2014-09-17 20:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-17 20:21 - 2014-09-17 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kristina\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-17 13:30 - 2014-09-15 00:42 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410734508 2014-09-17 13:30 - 2012-12-24 19:03 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-09-17 13:23 - 2012-12-27 12:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-16 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-16 19:37 - 2014-09-16 19:37 - 00003274 _____ () C:\Windows\System32\Tasks\{4267A5D8-4554-4E99-ABA8-B30AE40B75BF} 2014-09-16 19:32 - 2014-09-16 19:32 - 00046303 _____ () C:\ComboFix.txt 2014-09-16 19:32 - 2014-09-16 19:03 - 00000000 ____D () C:\Qoobox 2014-09-16 19:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-09-16 19:30 - 2014-09-16 19:03 - 00000000 ____D () C:\Windows\erdnt 2014-09-16 19:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-16 19:22 - 2009-07-14 04:34 - 91226112 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-09-16 19:22 - 2009-07-14 04:34 - 17825792 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-09-16 19:22 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-09-16 19:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-09-16 19:22 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-09-16 18:57 - 2014-09-16 18:57 - 05579386 ____R (Swearware) C:\Users\Kristina\Desktop\ComboFix.exe 2014-09-16 18:54 - 2014-05-16 13:02 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Spotify 2014-09-16 18:46 - 2014-09-14 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader 2014-09-16 18:09 - 2014-09-16 18:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-16 10:31 - 2012-12-24 19:05 - 00000000 ____D () C:\ProgramData\Skype 2014-09-16 10:29 - 2014-09-16 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-16 10:29 - 2013-01-28 20:03 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-09-16 00:13 - 2013-07-27 00:10 - 00000090 _____ () C:\Users\Kristina\AppData\Roaming\WB.CFG 2014-09-15 15:44 - 2013-01-01 18:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-09-15 14:26 - 2012-12-24 17:58 - 00111336 _____ () C:\Users\Kristina\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-15 14:24 - 2009-07-14 06:45 - 00412376 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-15 00:43 - 2014-09-15 00:41 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-09-15 00:42 - 2014-09-15 00:42 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Opera Software 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Abelssoft 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Opera Software 2014-09-15 00:42 - 2014-09-15 00:42 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-09-15 00:40 - 2014-09-15 00:40 - 00001468 _____ () C:\Users\Kristina\Desktop\Goodgame Empire.lnk 2014-09-15 00:40 - 2014-09-15 00:40 - 00001050 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\DesktopIconGoodgame 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-09-15 00:40 - 2014-09-15 00:40 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-09-14 20:26 - 2014-09-14 20:26 - 02602023 _____ (Kephyr) C:\Users\Kristina\Downloads\freefixersetup.exe 2014-09-14 20:18 - 2012-12-27 12:11 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Google 2014-09-14 20:01 - 2013-07-22 11:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-14 19:55 - 2012-12-24 19:03 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Opera 2014-09-14 19:54 - 2012-12-24 19:17 - 00000000 ___RD () C:\Users\Kristina\Desktop\Programms 2014-09-14 19:54 - 2012-12-24 19:03 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Opera 2014-09-14 19:45 - 2013-10-22 14:34 - 00000000 ____D () C:\Users\Kristina\Desktop\Uni 2014-09-14 18:03 - 2014-09-14 12:56 - 00000000 ____D () C:\Program Files (x86)\MiniGet 2014-09-14 18:01 - 2014-03-16 20:48 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Amigo 2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk 2014-09-14 18:00 - 2014-09-14 18:00 - 00002295 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk 2014-09-14 18:00 - 2014-03-16 20:48 - 00002258 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk 2014-09-14 17:48 - 2014-09-14 17:37 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP 2014-09-14 17:44 - 2014-06-17 00:36 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-14 17:44 - 2014-06-17 00:36 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-09-14 17:44 - 2012-12-24 17:42 - 00001413 _____ () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-14 17:38 - 2014-09-14 17:38 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2014-09-14 17:38 - 2014-09-14 17:04 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-14 17:06 - 2014-09-14 17:06 - 00000000 _____ () C:\autoexec.bat 2014-09-14 16:43 - 2014-09-14 16:43 - 00001144 _____ () C:\Users\Kristina\Desktop\Pop-Up Stopper Free Edition.lnk 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panicware 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware 2014-09-14 16:43 - 2014-09-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Panicware 2014-09-14 14:14 - 2014-09-14 14:14 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Apps\2.0 2014-09-14 13:34 - 2014-09-14 12:54 - 00000000 ____D () C:\Users\Kristina\AppData\Local\4718 2014-09-14 12:59 - 2014-09-14 12:59 - 00000687 _____ () C:\awhE33D.tmp 2014-09-14 12:56 - 2014-09-14 12:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\MiniGet 2014-09-14 12:49 - 2014-09-14 12:49 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf 2014-09-14 12:48 - 2014-09-14 12:48 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-09-14 12:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-09-14 12:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-09-14 12:24 - 2014-09-14 12:17 - 00000000 ____D () C:\sitenav 2014-09-14 12:14 - 2014-09-14 12:14 - 00003172 _____ () C:\Windows\System32\Tasks\{E894B150-7AF5-4F7D-93B1-3F6683EF799A} 2014-09-14 12:14 - 2014-09-14 12:13 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\eTranslator 2014-09-14 12:12 - 2014-09-14 12:12 - 00000000 ____D () C:\Program Files (x86)\Аудио и видео скачивание 2014-09-14 11:59 - 2014-09-14 12:00 - 00853960 _____ (Reimage®) C:\Users\Kristina\Downloads\ReimageRepair [1].exe 2014-09-14 11:40 - 2014-09-14 11:38 - 00000156 _____ () C:\Windows\Reimage.ini 2014-09-13 23:50 - 2013-01-08 00:08 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-13 23:48 - 2014-05-01 14:18 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-05 04:10 - 2014-09-13 22:30 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-13 22:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-23 04:07 - 2014-09-13 22:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-09-13 22:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-09-13 22:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Some content of TEMP: ==================== C:\Users\Kristina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmny17d.dll C:\Users\Kristina\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Kristina\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 20:25 ==================== End Of Log ============================ --- --- --- |
|
20.09.2014, 15:07
| #11 | |
| /// the machine /// TB-Ausbilder | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen Java updaten. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2014, 18:09
| #12 |
| | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen Hi, vielen Dank für deine Hilfe !! Bei mir zeigt Anti-Malware Programm, das ich runterladen sollte die ganze Zeit die Meldung: Bösartige Webseiten blockiert: eTranslator und Spyware Terminator. Ist es schlimm ? |
|
21.09.2014, 09:45
| #13 |
| /// the machine /// TB-Ausbilder | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen Screenshot von der Meldung bitte. Wann genau kommt die? Wurde der Desktop Programme Ordner gelöscht? FInde ich noch einen Crack ist der Support direkt beendet.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.09.2014, 21:04
| #14 |
| | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen Ich habe an dem Laptop keine Aktivitäten vorgenommen, nur das von Ihnen vorgegebene Handeln. Naja whatever, ich bedanke mich vielmals für die Hilfe. Das Hauptproblem wurde gelöst, mehr habe ich nicht erwartet. Danke, lg Sabrina |
|
22.09.2014, 10:55
| #15 |
| /// the machine /// TB-Ausbilder | DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen wenn da bösartige Seiten geblockt werden sind wir aber noch nit fertig.....
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu DLL-Datei-Meldungen, die immer bei hochfahren des Laptop erscheinen |
| aufgegeben, conduit.search, conduit.search entfernen, conduitsearch, conduitsearch entfernen, dll-meldung, genesisoffers, js/toolbar.crossrider.b, msil/webcake.a, opera, reimage, spyhunter, spyhunter entfernen, sweet-page, sweet-page entfernen, win32/adware.1clickdownload.at, win32/conduit.searchprotect.h, win32/conduit.searchprotect.p, win32/installmonetizer.aq, win32/installmonstr.fp, win32/softonicdownloader.g, win32/toolbar.babylon.i, win32/toolbar.conduit.ah, win32/toolbar.conduit.y, win64/systweak.a |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
