| |
| |||||||
Log-Analyse und Auswertung: Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in TextenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.04.2014, 22:03
| #3 |
| |  Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten Hallo!
__________________Danke für die schnelle Antwort  Ich habe die Sachen, heruntergeladen, die ich aus anderen postingantworten herausgelesen habe, ich wollte sie im ersten post in der Nachricht einfügen, aber sie war dadurch zu lang und ich habe gelesen, ich soll die logfiles in die "history" schreiben. Ehrlich gesagt weiß ich nicht, was das ist (im ersten post habe ich deshalb alles in den "Grund" hineinkopiert). Aber hier einmal den logfile von frst: LG Franziska FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by Andriy (administrator) on MYNEWHP on 30-04-2014 01:17:42 Running from C:\Users\Andriy\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.exe (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe () C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe () C:\Windows\system32\valWBFPolicyService.exe (Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe () C:\Program Files (x86)\3DataManager\WTGService.exe (Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (AMD) C:\Windows\system32\atieclxx.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrkuEw.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (BitTorrent Inc.) C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Smartbar) C:\Users\Andriy\AppData\Local\Smartbar\Application\SnapDo.exe () C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe () C:\Users\Andriy\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe () C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (Local Weather LLC) C:\Users\Andriy\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe () C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe () C:\Users\Andriy\AppData\Local\Smartbar\Application\Lrcnta.exe (Microsoft Corporation) C:\Windows\syswow64\wwahost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [90655440 2014-03-31] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-03-20] (RealNetworks, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [Google Update] => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-05] (Google Inc.) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [uTorrent] => C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe [889176 2013-08-26] (BitTorrent Inc.) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Andriy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Andriy\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-04] (Smartbar) HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {0a4d6f29-7439-11e3-be99-6c3be584be5a} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758adea-fe60-11e2-be76-f4b7e2c41c42} - "F:\AutoRun.exe" HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758c4d5-fe60-11e2-be76-001e101ffe8f} - "F:\AutoRun.exe" HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f948a-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f94be-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f96da-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1 HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {b6d84743-05d7-11e3-be7a-001e101f9880} - "F:\AutoRun.exe" HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {dee233cd-01de-11e3-be77-001e101f8338} - "G:\AutoRun.exe" AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit) Startup: C:\Users\Andriy\Desktop\Programs\Startup\Launcher.lnk ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe () Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Andriy\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe () Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe () Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk ShortcutTarget: Weather Alerts.lnk -> C:\Users\Andriy\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mko_awfzxipyrztakq4j8nrc9pslljr98gagvz--sx9hmmckaq-yavakimc-at0yqxk48phzu_mlilw0a_s96ywu47yss74wc7orgg1nvjl1aesvx6kzywxelr1wxkvhoadormk9q6eeidkk5xfp2o5yw5clczgz0baqyfui581jquzmj0gzqadyp8rt1wqj6jb1pbzstmi8dzws HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=FC40001E101FAB38&affID=121565&tt=160913_m3&tsp=5014 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049761 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049761 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049761 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {2BDFF947-B67C-4B95-B36C-11B5373C2039} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=AT&userid=5d383a36-84b3-4976-8494-68b941621d64&searchtype=ds&q={searchTerms}&installDate=05/08/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Free Games 111 - {C45EC9F0-8333-465D-9728-074BD41985C9} - C:\Program Files (x86)\Free Games 111\ScriptHost64.dll (BestOffers) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) BHO-x32: Free Games 111 - {C45EC9F0-8333-465D-9728-074BD41985C9} - C:\Program Files (x86)\Free Games 111\ScriptHost.dll (BestOffers) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD) BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll No File Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies) Tcpip\..\Interfaces\{2A0AF25A-BA97-4976-9394-1E61D738996A}: [NameServer]213.94.78.16 213.94.78.17 Tcpip\..\Interfaces\{2D613361-0A59-4899-A707-83C2DCC523F6}: [NameServer]213.94.78.27 213.94.78.26 Tcpip\..\Interfaces\{72F086DE-F54D-457C-82B5-D973D7257BF9}: [NameServer]213.94.78.26 213.94.78.27 Tcpip\..\Interfaces\{790F3EC1-3D72-41F4-B12B-EC92CA16DCAC}: [NameServer]213.94.78.26 213.94.78.27 Tcpip\..\Interfaces\{7CEE4DAE-0262-44EC-8D69-27E28C760944}: [NameServer]213.94.78.26 213.94.78.27 Tcpip\..\Interfaces\{EC82F58C-A7A2-4EE3-9575-10E0F6070704}: [NameServer]213.94.78.17 213.94.78.16 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-12-12] FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-02-15] FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-02-15] FF HKCU\...\Firefox\Extensions: [{5D056E8D-1A1A-00F2-3B64-B3AA342E469E}] - C:\Program Files (x86)\a2zLyrics-soft\158.xpi FF Extension: a2zLyrics - C:\Program Files (x86)\a2zLyrics-soft\158.xpi [2014-04-22] Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&SSPV= CHR StartupUrls: "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=FC40F4B7E2C41C43&affID=127842&tsp=5159", "hxxp://search.conduit.com/?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&SSPV=" CHR DefaultSearchKeyword: conduit.search CHR DefaultSearchProvider: Conduit Search CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&q={searchTerms}&SSPV= CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Andriy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) CHR Extension: (Buenosearch Toolbar) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk [2014-02-17] CHR Extension: (Snap.Do ) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-08-20] CHR Extension: (Google Docs) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-05] CHR Extension: (Google Drive) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-05] CHR Extension: (YouTube) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-05] CHR Extension: (Extended Protection) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-10-29] CHR Extension: (Google-Suche) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-05] CHR Extension: (a2zLyrics-16) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfocabhmkfcdibnkgogpaclhgblhnemn [2013-10-29] CHR Extension: (Delta Toolbar) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-23] CHR Extension: (Website Logon) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-08-05] CHR Extension: (RealPlayer Downloader) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-23] CHR Extension: (Lightning Newtab) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-03] CHR Extension: (a2zLyrics) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-22] CHR Extension: (Wajam) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2014-01-24] CHR Extension: (PricePeep) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb [2014-01-17] CHR Extension: (Norton Identity Protection) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-05] CHR Extension: (Google Wallet) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23] CHR Extension: (Google Mail) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-05] CHR HKLM-x32\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - C:\Users\Andriy\AppData\Roaming\BabSolution\CR\bueno.crx [2014-02-15] CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [2014-02-15] CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Andriy\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-23] CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-10-29] CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Andriy\AppData\Local\Wajam\Chrome\wajam.crx [2013-12-31] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26] ==================== Services (Whitelisted) ================= R2 a2zLyrics; C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.exe [141824 2014-04-22] () R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-06] (Just Develop It) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation) R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit) R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP) R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S2 Mobiles Internet. RunOuc; C:\Program Files (x86)\Mobiles Internet\UpdateDog\ouc.exe [246112 2013-08-06] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation) R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] () R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-20] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-10-25] (Wajam) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [343024 2012-07-05] () S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X] ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) U4 BthAvrcpTg; U4 BthHFEnum; U4 bthhfhid; R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-11] (Symantec Corporation) S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [229376 2013-08-05] (Huawei Technologies Co., Ltd.) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140428.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140429.001\ENG64.SYS [126040 2014-04-25] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140429.001\EX64.SYS [2099288 2014-04-25] (Symantec Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-12] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-30 01:18 - 2014-04-30 01:18 - 00156272 _____ () C:\Users\Andriy\Desktop\OTL.Txt 2014-04-30 01:17 - 2014-04-30 01:18 - 00039566 _____ () C:\Users\Andriy\Downloads\FRST.txt 2014-04-30 01:17 - 2014-04-30 01:17 - 00000000 ____D () C:\FRST 2014-04-30 01:12 - 2014-04-30 01:12 - 02061824 _____ (Farbar) C:\Users\Andriy\Downloads\FRST64.exe 2014-04-30 01:11 - 2014-04-30 01:11 - 01049600 _____ (Farbar) C:\Users\Andriy\Downloads\FRST.exe 2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log 2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable 2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe 2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt 2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt 2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe 2014-04-28 00:51 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-28 00:51 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-23 22:29 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-23 22:29 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-23 22:29 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-04-23 22:29 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-04-23 22:29 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2014-04-23 22:29 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-23 22:29 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-23 22:29 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-04-23 22:29 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2014-04-23 22:29 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-23 22:29 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-23 22:29 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-23 22:29 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-04-23 22:29 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-23 22:29 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-04-23 22:29 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-23 22:29 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-23 22:29 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-04-23 22:29 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-04-23 22:28 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-23 22:28 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-23 22:28 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-23 22:28 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-23 22:28 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-04-23 22:28 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-04-23 22:28 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-23 22:28 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-23 22:28 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-23 22:28 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-23 22:28 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-23 22:28 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-23 22:27 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-23 22:27 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-23 22:27 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-23 22:27 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-23 22:27 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-23 22:27 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-04-23 22:27 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-04-23 22:27 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-04-23 22:27 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-23 22:27 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-23 22:27 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-23 22:27 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-23 22:27 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-04-23 22:27 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-23 22:26 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-23 22:26 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-23 22:26 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-22 13:29 - 2014-04-29 00:38 - 00000000 ____D () C:\Program Files (x86)\a2zLyrics-soft 2014-04-22 13:29 - 2014-04-28 09:05 - 00000414 _____ () C:\Windows\Tasks\a2zLyrics_wd.job 2014-04-22 13:29 - 2014-04-22 13:29 - 00002996 _____ () C:\Windows\System32\Tasks\a2zLyrics_wd 2014-04-22 13:29 - 2014-04-22 13:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls 2014-04-20 06:54 - 2014-04-21 18:00 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls 2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z 2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls 2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx 2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-04-07 08:32 - 2014-04-07 23:51 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx 2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx ==================== One Month Modified Files and Folders ======= 2014-04-30 01:18 - 2014-04-30 01:18 - 00156272 _____ () C:\Users\Andriy\Desktop\OTL.Txt 2014-04-30 01:18 - 2014-04-30 01:17 - 00039566 _____ () C:\Users\Andriy\Downloads\FRST.txt 2014-04-30 01:18 - 2013-08-05 14:49 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\uTorrent 2014-04-30 01:18 - 2013-08-05 12:47 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA.job 2014-04-30 01:17 - 2014-04-30 01:17 - 00000000 ____D () C:\FRST 2014-04-30 01:12 - 2014-04-30 01:12 - 02061824 _____ (Farbar) C:\Users\Andriy\Downloads\FRST64.exe 2014-04-30 01:11 - 2014-04-30 01:11 - 01049600 _____ (Farbar) C:\Users\Andriy\Downloads\FRST.exe 2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log 2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable 2014-04-30 01:09 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy 2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe 2014-04-30 01:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-04-30 00:50 - 2013-08-05 12:11 - 01346999 _____ () C:\Windows\WindowsUpdate.log 2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt 2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt 2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe 2014-04-30 00:10 - 2014-01-17 12:51 - 00000000 ____D () C:\Users\Andriy\AppData\Local\WeatherAlerts 2014-04-29 23:57 - 2012-09-26 10:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini 2014-04-29 23:55 - 2013-09-30 09:55 - 00000000 ____D () C:\movies 2014-04-29 23:54 - 2013-03-17 20:02 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-04-29 23:54 - 2013-03-17 20:02 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-04-29 20:27 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy\AppData\Local\Packages 2014-04-29 09:44 - 2014-01-03 18:18 - 00000138 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI 2014-04-29 09:17 - 2013-08-05 15:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\vlc 2014-04-29 00:38 - 2014-04-22 13:29 - 00000000 ____D () C:\Program Files (x86)\a2zLyrics-soft 2014-04-28 09:10 - 2013-08-05 14:13 - 01090562 _____ () C:\Windows\system32\perfh019.dat 2014-04-28 09:10 - 2013-08-05 14:13 - 00448782 _____ () C:\Windows\system32\perfc019.dat 2014-04-28 09:10 - 2012-10-31 20:56 - 01857092 _____ () C:\Windows\system32\perfh007.dat 2014-04-28 09:10 - 2012-10-31 20:56 - 00495794 _____ () C:\Windows\system32\perfc007.dat 2014-04-28 09:10 - 2012-07-26 09:28 - 00006786 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-28 09:09 - 2014-01-17 12:48 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\newnext.me 2014-04-28 09:08 - 2013-08-16 11:42 - 00000000 ____D () C:\Users\Andriy\AppData\Local\CrashDumps 2014-04-28 09:06 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-28 09:06 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-28 09:05 - 2014-04-22 13:29 - 00000414 _____ () C:\Windows\Tasks\a2zLyrics_wd.job 2014-04-28 01:20 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-04-28 00:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-04-28 00:49 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-28 00:47 - 2012-08-04 00:23 - 00044968 _____ () C:\Windows\PFRO.log 2014-04-28 00:47 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-04-28 00:44 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-04-26 23:32 - 2013-10-29 19:38 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndriy 2014-04-26 23:32 - 2013-10-29 19:38 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForAndriy.job 2014-04-26 10:18 - 2013-08-05 12:47 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core.job 2014-04-24 21:15 - 2014-03-21 08:58 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1983903431-3382947560-1226906540-1001 2014-04-24 21:15 - 2014-03-21 08:58 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1983903431-3382947560-1226906540-1001 2014-04-24 06:29 - 2013-09-30 16:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-22 17:31 - 2013-10-08 17:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-04-22 17:31 - 2013-10-08 17:22 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-22 15:02 - 2014-02-15 20:47 - 00000294 _____ () C:\Windows\Tasks\PC Performer_DEFAULT.job 2014-04-22 15:01 - 2014-02-15 20:47 - 00003118 _____ () C:\Windows\System32\Tasks\PC Performer 2014-04-22 13:29 - 2014-04-22 13:29 - 00002996 _____ () C:\Windows\System32\Tasks\a2zLyrics_wd 2014-04-22 13:29 - 2014-04-22 13:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-22 13:29 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-22 13:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-22 13:28 - 2013-10-29 14:28 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck 2014-04-22 13:28 - 2013-10-29 14:28 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor 2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls 2014-04-22 07:00 - 2013-08-06 22:02 - 00502272 ___SH () C:\Users\Andriy\Desktop\Thumbs.db 2014-04-21 18:00 - 2014-04-20 06:54 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls 2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z 2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z 2014-04-19 11:20 - 2013-08-05 14:23 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-18 17:15 - 2013-08-10 18:03 - 00000000 ____D () C:\Users\Andriy\AppData\Local\SoulseekQt 2014-04-16 19:47 - 2014-02-15 20:47 - 00000302 _____ () C:\Windows\Tasks\PC Performer_UPDATES.job 2014-04-16 18:36 - 2013-08-05 12:22 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1983903431-3382947560-1226906540-1001 2014-04-14 20:14 - 2013-08-08 17:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\foobar2000 2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls 2014-04-10 23:21 - 2013-08-05 12:48 - 00002364 _____ () C:\Users\Andriy\Desktop\Google Chrome.lnk 2014-04-07 23:51 - 2014-04-07 08:32 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx 2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx 2014-04-07 10:13 - 2013-08-05 12:47 - 00004092 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA 2014-04-07 10:13 - 2013-08-05 12:47 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core 2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-04-07 09:30 - 2013-03-17 20:19 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-04-07 09:30 - 2013-03-17 20:19 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-04-07 09:30 - 2013-03-17 20:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx 2014-03-31 23:18 - 2014-04-28 00:51 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-31 23:18 - 2014-04-28 00:51 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-31 03:51 - 2013-09-30 16:38 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Andriy\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe C:\Users\Andriy\AppData\Local\Temp\BackupSetup.exe C:\Users\Andriy\AppData\Local\Temp\ffdshow.exe C:\Users\Andriy\AppData\Local\Temp\MatroskaSplitter.exe C:\Users\Andriy\AppData\Local\Temp\nsc6163.exe C:\Users\Andriy\AppData\Local\Temp\nsc8D0.exe C:\Users\Andriy\AppData\Local\Temp\nsg5E74.exe C:\Users\Andriy\AppData\Local\Temp\nsuD75.exe C:\Users\Andriy\AppData\Local\Temp\OfficeSetup.exe C:\Users\Andriy\AppData\Local\Temp\setup__1567.exe C:\Users\Andriy\AppData\Local\Temp\smt_ar_dosearches.exe C:\Users\Andriy\AppData\Local\Temp\SPSetup.exe C:\Users\Andriy\AppData\Local\Temp\stubhelper.dll C:\Users\Andriy\AppData\Local\Temp\vcredist_x64_VS2008SP1.exe C:\Users\Andriy\AppData\Local\Temp\?odec Performer803975.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 03:47 ==================== End Of Log ============================ |
| Themen zu Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten |
| automatisch, computer, dasselbe, doppel, doppelt, fenster, gmer, interne, internet, links, maus, neues, nutze, offline, opera, pop-up, pop-ups, problem, recht, seite, seiten, texte, werbung, windows, windows 8, würde, öffnet |
Baum-Darstellung