Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.04.2014, 01:18   #1
Franziska123
 
Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten - Standard

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten



Hallo!

Seit ein paar Tagen habe ich das Problem, dass sobald ich im Internet bin (ich nutze Opera, aber auf IE passiert dasselbe) mehrere pop-ups auf den Homepages (an den Seiten entlang oben, unten, links und rechts) auftauchen und extrem viele Wörter im Text grün unterstrichen sind und wiederum Werbung darstellen, sobald ich mit der Maus drüberfahre. Automatisch öffnet sich auch manchmal ein neues Fenster wenn ich innerhalb einer Homepage einen Mausklick mache (Windows Werbung für Antivirenschutz).
Offline habe ich keine Probleme.
Ich habe mittlerweile defogger, frst, gmer und otl heruntergeladen/ausgeführt, bei defogger kam aber, obwohl ich der Meinung war, dass alle Anwendungen geschlossen waren, zweimal die Meldung, dass der Prozess auf eine Datei nicht zugreifen kann, weil sie von einem anderen Prozess verwendet wird.
Ich würde mich sehr freuen, wenn mir jemand helfen kann, das loszuwerden!

Vielen Dank und liebe Grüße
Franziska

Geändert von Franziska123 (30.04.2014 um 01:36 Uhr) Grund: [CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014 Ran by Andriy at 2014-04-30 01:18:57 Runn

Alt 30.04.2014, 08:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten - Standard

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 30.04.2014, 22:03   #3
Franziska123
 
Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten - Standard

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten



Hallo!

Danke für die schnelle Antwort
Ich habe die Sachen, heruntergeladen, die ich aus anderen postingantworten herausgelesen habe, ich wollte sie im ersten post in der Nachricht einfügen, aber sie war dadurch zu lang und ich habe gelesen, ich soll die logfiles in die "history" schreiben. Ehrlich gesagt weiß ich nicht, was das ist (im ersten post habe ich deshalb alles in den "Grund" hineinkopiert). Aber hier einmal den logfile von frst:

LG
Franziska



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by Andriy (administrator) on MYNEWHP on 30-04-2014 01:17:42
Running from C:\Users\Andriy\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
() C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Windows\system32\valWBFPolicyService.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrkuEw.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(BitTorrent Inc.) C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Smartbar) C:\Users\Andriy\AppData\Local\Smartbar\Application\SnapDo.exe
() C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
() C:\Users\Andriy\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Local Weather LLC) C:\Users\Andriy\AppData\Local\WeatherAlerts\WeatherAlerts.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
() C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
() C:\Users\Andriy\AppData\Local\Smartbar\Application\Lrcnta.exe
(Microsoft Corporation) C:\Windows\syswow64\wwahost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [90655440 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-03-20] (RealNetworks, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [Google Update] => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-05] (Google Inc.)
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [uTorrent] => C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe [889176 2013-08-26] (BitTorrent Inc.)
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Andriy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Andriy\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-04] (Smartbar)
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {0a4d6f29-7439-11e3-be99-6c3be584be5a} - "F:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758adea-fe60-11e2-be76-f4b7e2c41c42} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758c4d5-fe60-11e2-be76-001e101ffe8f} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f948a-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f94be-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f96da-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {b6d84743-05d7-11e3-be7a-001e101f9880} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {dee233cd-01de-11e3-be77-001e101f8338} - "G:\AutoRun.exe" 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit)
Startup: C:\Users\Andriy\Desktop\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe ()
Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Andriy\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe ()
Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\Andriy\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mko_awfzxipyrztakq4j8nrc9pslljr98gagvz--sx9hmmckaq-yavakimc-at0yqxk48phzu_mlilw0a_s96ywu47yss74wc7orgg1nvjl1aesvx6kzywxelr1wxkvhoadormk9q6eeidkk5xfp2o5yw5clczgz0baqyfui581jquzmj0gzqadyp8rt1wqj6jb1pbzstmi8dzws
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=FC40001E101FAB38&affID=121565&tt=160913_m3&tsp=5014
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049761
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049761
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049761
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2BDFF947-B67C-4B95-B36C-11B5373C2039} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=AT&userid=5d383a36-84b3-4976-8494-68b941621d64&searchtype=ds&q={searchTerms}&installDate=05/08/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=HitachiXHTS547575A9E384_J1140021G1GBHJG1GBHJX&ts=1383049762&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLw0a_S96YWU47YSs74WC7oRGg1NvJl1AESVx6KzYwxElR1WxkVHOadORmK9q6EEiDKGHlW4aCNoZ95xIMD1W4mbo5cjWxfHzGtdH4izsiA04SsQcWYOLK_jF9Z4iyOHuE3X&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Free Games 111 - {C45EC9F0-8333-465D-9728-074BD41985C9} - C:\Program Files (x86)\Free Games 111\ScriptHost64.dll (BestOffers)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO-x32: Free Games 111 - {C45EC9F0-8333-465D-9728-074BD41985C9} - C:\Program Files (x86)\Free Games 111\ScriptHost.dll (BestOffers)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\..\Interfaces\{2A0AF25A-BA97-4976-9394-1E61D738996A}: [NameServer]213.94.78.16 213.94.78.17
Tcpip\..\Interfaces\{2D613361-0A59-4899-A707-83C2DCC523F6}: [NameServer]213.94.78.27 213.94.78.26
Tcpip\..\Interfaces\{72F086DE-F54D-457C-82B5-D973D7257BF9}: [NameServer]213.94.78.26 213.94.78.27
Tcpip\..\Interfaces\{790F3EC1-3D72-41F4-B12B-EC92CA16DCAC}: [NameServer]213.94.78.26 213.94.78.27
Tcpip\..\Interfaces\{7CEE4DAE-0262-44EC-8D69-27E28C760944}: [NameServer]213.94.78.26 213.94.78.27
Tcpip\..\Interfaces\{EC82F58C-A7A2-4EE3-9575-10E0F6070704}: [NameServer]213.94.78.17 213.94.78.16

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
FF Extension: Free Games 111 - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-02-15]
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test 127 - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-02-15]
FF HKCU\...\Firefox\Extensions: [{5D056E8D-1A1A-00F2-3B64-B3AA342E469E}] - C:\Program Files (x86)\a2zLyrics-soft\158.xpi
FF Extension: a2zLyrics - C:\Program Files (x86)\a2zLyrics-soft\158.xpi [2014-04-22]

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&SSPV=
CHR StartupUrls: "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=FC40F4B7E2C41C43&affID=127842&tsp=5159", "hxxp://search.conduit.com/?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Andriy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Extension: (Buenosearch Toolbar) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk [2014-02-17]
CHR Extension: (Snap.Do ) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-08-20]
CHR Extension: (Google Docs) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-05]
CHR Extension: (Google Drive) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-05]
CHR Extension: (YouTube) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-05]
CHR Extension: (Extended Protection) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-10-29]
CHR Extension: (Google-Suche) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-05]
CHR Extension: (a2zLyrics-16) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfocabhmkfcdibnkgogpaclhgblhnemn [2013-10-29]
CHR Extension: (Delta Toolbar) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-23]
CHR Extension: (Website Logon) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-08-05]
CHR Extension: (RealPlayer Downloader) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-23]
CHR Extension: (Lightning Newtab) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-03]
CHR Extension: (a2zLyrics) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-22]
CHR Extension: (Wajam) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2014-01-24]
CHR Extension: (PricePeep) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb [2014-01-17]
CHR Extension: (Norton Identity Protection) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-05]
CHR Extension: (Google Wallet) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Google Mail) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-05]
CHR HKLM-x32\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - C:\Users\Andriy\AppData\Roaming\BabSolution\CR\bueno.crx [2014-02-15]
CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [2014-02-15]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Andriy\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-23]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Andriy\AppData\Local\Wajam\Chrome\wajam.crx [2013-12-31]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26]

==================== Services (Whitelisted) =================

R2 a2zLyrics; C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.exe [141824 2014-04-22] ()
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-06] (Just Develop It)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 Mobiles Internet. RunOuc; C:\Program Files (x86)\Mobiles Internet\UpdateDog\ouc.exe [246112 2013-08-06] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-20] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-10-25] (Wajam)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [343024 2012-07-05] ()
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; 
U4 BthHFEnum; 
U4 bthhfhid; 
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-11] (Symantec Corporation)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [229376 2013-08-05] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140428.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140429.001\ENG64.SYS [126040 2014-04-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140429.001\EX64.SYS [2099288 2014-04-25] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-30 01:18 - 2014-04-30 01:18 - 00156272 _____ () C:\Users\Andriy\Desktop\OTL.Txt
2014-04-30 01:17 - 2014-04-30 01:18 - 00039566 _____ () C:\Users\Andriy\Downloads\FRST.txt
2014-04-30 01:17 - 2014-04-30 01:17 - 00000000 ____D () C:\FRST
2014-04-30 01:12 - 2014-04-30 01:12 - 02061824 _____ (Farbar) C:\Users\Andriy\Downloads\FRST64.exe
2014-04-30 01:11 - 2014-04-30 01:11 - 01049600 _____ (Farbar) C:\Users\Andriy\Downloads\FRST.exe
2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log
2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable
2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe
2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt
2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt
2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe
2014-04-28 00:51 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 00:51 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-23 22:29 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-23 22:29 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-23 22:29 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-23 22:29 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-23 22:29 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-23 22:29 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-23 22:29 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-23 22:29 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-23 22:29 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-23 22:29 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-23 22:29 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-23 22:29 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-23 22:29 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-23 22:29 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-23 22:29 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-23 22:29 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-23 22:29 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-23 22:29 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-23 22:29 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-23 22:28 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 22:28 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 22:28 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-23 22:28 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-23 22:28 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-23 22:28 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-23 22:28 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 22:28 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 22:28 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 22:28 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 22:27 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 22:27 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-23 22:27 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-23 22:27 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-23 22:27 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-23 22:27 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-04-23 22:27 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-04-23 22:27 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-23 22:27 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-23 22:27 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 22:27 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 22:27 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-23 22:27 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-23 22:27 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 22:26 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-23 22:26 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-23 22:26 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-22 13:29 - 2014-04-29 00:38 - 00000000 ____D () C:\Program Files (x86)\a2zLyrics-soft
2014-04-22 13:29 - 2014-04-28 09:05 - 00000414 _____ () C:\Windows\Tasks\a2zLyrics_wd.job
2014-04-22 13:29 - 2014-04-22 13:29 - 00002996 _____ () C:\Windows\System32\Tasks\a2zLyrics_wd
2014-04-22 13:29 - 2014-04-22 13:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls
2014-04-20 06:54 - 2014-04-21 18:00 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls
2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls
2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z
2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z
2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls
2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx
2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-04-07 08:32 - 2014-04-07 23:51 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx
2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx

==================== One Month Modified Files and Folders =======

2014-04-30 01:18 - 2014-04-30 01:18 - 00156272 _____ () C:\Users\Andriy\Desktop\OTL.Txt
2014-04-30 01:18 - 2014-04-30 01:17 - 00039566 _____ () C:\Users\Andriy\Downloads\FRST.txt
2014-04-30 01:18 - 2013-08-05 14:49 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\uTorrent
2014-04-30 01:18 - 2013-08-05 12:47 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA.job
2014-04-30 01:17 - 2014-04-30 01:17 - 00000000 ____D () C:\FRST
2014-04-30 01:12 - 2014-04-30 01:12 - 02061824 _____ (Farbar) C:\Users\Andriy\Downloads\FRST64.exe
2014-04-30 01:11 - 2014-04-30 01:11 - 01049600 _____ (Farbar) C:\Users\Andriy\Downloads\FRST.exe
2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log
2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable
2014-04-30 01:09 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy
2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe
2014-04-30 01:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-30 00:50 - 2013-08-05 12:11 - 01346999 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt
2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt
2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe
2014-04-30 00:10 - 2014-01-17 12:51 - 00000000 ____D () C:\Users\Andriy\AppData\Local\WeatherAlerts
2014-04-29 23:57 - 2012-09-26 10:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini
2014-04-29 23:55 - 2013-09-30 09:55 - 00000000 ____D () C:\movies
2014-04-29 23:54 - 2013-03-17 20:02 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-04-29 23:54 - 2013-03-17 20:02 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-04-29 20:27 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy\AppData\Local\Packages
2014-04-29 09:44 - 2014-01-03 18:18 - 00000138 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI
2014-04-29 09:17 - 2013-08-05 15:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\vlc
2014-04-29 00:38 - 2014-04-22 13:29 - 00000000 ____D () C:\Program Files (x86)\a2zLyrics-soft
2014-04-28 09:10 - 2013-08-05 14:13 - 01090562 _____ () C:\Windows\system32\perfh019.dat
2014-04-28 09:10 - 2013-08-05 14:13 - 00448782 _____ () C:\Windows\system32\perfc019.dat
2014-04-28 09:10 - 2012-10-31 20:56 - 01857092 _____ () C:\Windows\system32\perfh007.dat
2014-04-28 09:10 - 2012-10-31 20:56 - 00495794 _____ () C:\Windows\system32\perfc007.dat
2014-04-28 09:10 - 2012-07-26 09:28 - 00006786 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 09:09 - 2014-01-17 12:48 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\newnext.me
2014-04-28 09:08 - 2013-08-16 11:42 - 00000000 ____D () C:\Users\Andriy\AppData\Local\CrashDumps
2014-04-28 09:06 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-28 09:06 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-28 09:05 - 2014-04-22 13:29 - 00000414 _____ () C:\Windows\Tasks\a2zLyrics_wd.job
2014-04-28 01:20 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-28 00:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-28 00:49 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 00:47 - 2012-08-04 00:23 - 00044968 _____ () C:\Windows\PFRO.log
2014-04-28 00:47 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-04-28 00:44 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-26 23:32 - 2013-10-29 19:38 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndriy
2014-04-26 23:32 - 2013-10-29 19:38 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForAndriy.job
2014-04-26 10:18 - 2013-08-05 12:47 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core.job
2014-04-24 21:15 - 2014-03-21 08:58 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1983903431-3382947560-1226906540-1001
2014-04-24 21:15 - 2014-03-21 08:58 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1983903431-3382947560-1226906540-1001
2014-04-24 06:29 - 2013-09-30 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-22 17:31 - 2013-10-08 17:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-22 17:31 - 2013-10-08 17:22 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-22 15:02 - 2014-02-15 20:47 - 00000294 _____ () C:\Windows\Tasks\PC Performer_DEFAULT.job
2014-04-22 15:01 - 2014-02-15 20:47 - 00003118 _____ () C:\Windows\System32\Tasks\PC Performer
2014-04-22 13:29 - 2014-04-22 13:29 - 00002996 _____ () C:\Windows\System32\Tasks\a2zLyrics_wd
2014-04-22 13:29 - 2014-04-22 13:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-22 13:29 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-22 13:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-22 13:28 - 2013-10-29 14:28 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck
2014-04-22 13:28 - 2013-10-29 14:28 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls
2014-04-22 07:00 - 2013-08-06 22:02 - 00502272 ___SH () C:\Users\Andriy\Desktop\Thumbs.db
2014-04-21 18:00 - 2014-04-20 06:54 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls
2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls
2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z
2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z
2014-04-19 11:20 - 2013-08-05 14:23 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-18 17:15 - 2013-08-10 18:03 - 00000000 ____D () C:\Users\Andriy\AppData\Local\SoulseekQt
2014-04-16 19:47 - 2014-02-15 20:47 - 00000302 _____ () C:\Windows\Tasks\PC Performer_UPDATES.job
2014-04-16 18:36 - 2013-08-05 12:22 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1983903431-3382947560-1226906540-1001
2014-04-14 20:14 - 2013-08-08 17:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\foobar2000
2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls
2014-04-10 23:21 - 2013-08-05 12:48 - 00002364 _____ () C:\Users\Andriy\Desktop\Google Chrome.lnk
2014-04-07 23:51 - 2014-04-07 08:32 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx
2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx
2014-04-07 10:13 - 2013-08-05 12:47 - 00004092 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA
2014-04-07 10:13 - 2013-08-05 12:47 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core
2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-04-07 09:30 - 2013-03-17 20:19 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-04-07 09:30 - 2013-03-17 20:19 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-04-07 09:30 - 2013-03-17 20:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx
2014-03-31 23:18 - 2014-04-28 00:51 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2014-04-28 00:51 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 03:51 - 2013-09-30 16:38 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Andriy\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe
C:\Users\Andriy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Andriy\AppData\Local\Temp\ffdshow.exe
C:\Users\Andriy\AppData\Local\Temp\MatroskaSplitter.exe
C:\Users\Andriy\AppData\Local\Temp\nsc6163.exe
C:\Users\Andriy\AppData\Local\Temp\nsc8D0.exe
C:\Users\Andriy\AppData\Local\Temp\nsg5E74.exe
C:\Users\Andriy\AppData\Local\Temp\nsuD75.exe
C:\Users\Andriy\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Andriy\AppData\Local\Temp\setup__1567.exe
C:\Users\Andriy\AppData\Local\Temp\smt_ar_dosearches.exe
C:\Users\Andriy\AppData\Local\Temp\SPSetup.exe
C:\Users\Andriy\AppData\Local\Temp\stubhelper.dll
C:\Users\Andriy\AppData\Local\Temp\vcredist_x64_VS2008SP1.exe
C:\Users\Andriy\AppData\Local\Temp\?odec Performer803975.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 03:47

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 01.05.2014, 16:47   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten - Standard

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten



Da fehlt noch die Addition.txt von FRST
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.05.2014, 18:32   #5
Franziska123
 
Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten - Standard

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten



Oops, jetzt aber

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by Andriy at 2014-04-30 01:18:57
Running from C:\Users\Andriy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
3DataManager (HKLM-x32\...\3DataManager) (Version: 3.5 - 3DataManager)
a2zLyrics (HKLM-x32\...\72F8E0A0-2B13-927B-22B1-B4811F794A17) (Version:  - a2zLyrics-software) <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D6CCB94-05E3-753A-5ED7-97495EA8AEFF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - MediaTechSoft Inc.) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
buenosearch toolbar   (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0918.260.3365 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2.5712 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.2.2114 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2110 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4528 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.5.5811 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.13.0 - Local Weather LLC)
DivxToDVD 0.5.2b (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Foto Paradies (HKLM-x32\...\{4FB9F8B3-1355-41FF-BD5E-5CB582B64A5D}}_is1) (Version: 3.5.0.3 - Foto Online Service GmbH)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free Games 111 (HKLM-x32\...\Free Games 111) (Version: 3.0.0.0 - BestOffers) <==== ATTENTION
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - FreeCodecPack)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{92E8BC5B-6023-4846-8151-415351A4FAFF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Kolor Autopano Giga 3.0 (HKLM\...\AutopanoGiga3.0) (Version: V3.0.7 - Kolor)
Leisure Suit Larry's Greatest Hits and Misses! (HKLM-x32\...\GOGPACKLARRY16_is1) (Version: 2.1.0.17 - GOG.com)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4517.1005 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MJoy Radio (HKLM-x32\...\5AFE1F7DBA584035C1170C17976757D58047C692.1.5AFE1F7DBA584035C1170C17976757D58047C692.1) (Version: 2.1.0 - UNKNOWN)
MJoy Radio (x32 Version: 2.1.0 - UNKNOWN) Hidden
Mobiles Internet (HKLM-x32\...\Mobiles Internet) (Version: 21.005.18.01.75 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Online Games Manager v1.21 (HKLM-x32\...\Online Games Manager) (Version: 1.21.2 - Real Networks, Inc.)
Opera Stable 20.0.1387.77 (HKLM-x32\...\Opera 20.0.1387.77) (Version: 20.0.1387.77 - Opera Software ASA)
PC Performer (HKLM-x32\...\PC Performer_is1) (Version: 11.10 - PerformerSoft LLC) <==== ATTENTION
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.8 - betwikx LLC) <==== ATTENTION
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roberta Williams' Phantasmagoria (HKLM-x32\...\GOGPACKPHANTASMAGORIA_is1) (Version: 2.0.0.14 - GOG.com)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
Snap.Do (HKLM-x32\...\{F4F6F37C-8D19-4DAD-BF7B-0953133FD43F}) (Version: 11.20.1.15636 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{3a18a21d-a880-4b8d-9a81-74791ddb2421}) (Version: 1.71.1.11943 - ReSoft Ltd.) <==== ATTENTION
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Speed Test 127 (HKLM-x32\...\Speed Test 127) (Version: 3.0.0.0 - Speed Analysis) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tiny Media Player v1.0 (HKLM-x32\...\Tiny Media Player_is1) (Version: 1.0.0.0 - )
Treasure Adventure Game (HKLM-x32\...\GOGPACKTREASUREADVENTUREGAME_is1) (Version: 2.0.0.4 - GOG.com)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Wajam (HKLM-x32\...\Wajam) (Version: 2.07 - Wajam) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 5.00 бета 8 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
Word Slinger (HKLM-x32\...\8617b280ce3d8581e46e17e0197f18ad) (Version:  - Zylom)
Worlds of Ultima - The Savage Empire (HKLM-x32\...\GOGPACKWORLDSOFULTIMASAVAGE_is1) (Version: 2.0.0.26 - GOG.com)

==================== Restore Points  =========================

14-04-2014 19:17:19 Windows Update
19-04-2014 09:20:14 Windows Update
24-04-2014 04:15:31 Windows Update
27-04-2014 22:32:00 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0515D3F2-722D-430D-8A5C-13E6DBD79520} - System32\Tasks\PC Performer => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {156C3FEC-5D80-4A63-BC7A-989BE6A751B0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CD7158D-9BF2-447F-87B7-26AEC3971054} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {20681E74-EAA0-49A4-BCEB-84D697F26023} - System32\Tasks\EPUpdater => C:\Users\Andriy\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {27310A1A-0975-415A-A4C3-2EF9819F48F6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {32E7541E-81D9-470F-AF41-64F7213E8C47} - System32\Tasks\HPCeeScheduleForAndriy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {42D71806-5811-4635-A2DF-68CE4808E653} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {44154D8E-8966-4403-8C01-B84D42CCAC5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4F453D1E-DC34-468E-847A-A7B6931FC557} - System32\Tasks\PC Performer_UPDATES => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {522AEA12-6797-4BC7-90B9-288F76808F8C} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {630EC78F-25B7-4233-9099-4ECA7E51B5C0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {65392A87-4A56-4746-81C1-F814B1F635A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1983903431-3382947560-1226906540-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {71E6EA2B-A0B8-486E-9E81-77705495FA7E} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {74BE0AE6-2E57-4CF0-AE3A-9FB52DD1AAD6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1983903431-3382947560-1226906540-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {77605241-1C5B-45D2-9602-80F1D807865F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {87E79F84-CB87-4AC3-A72E-102F1CA80ECA} - System32\Tasks\a2zLyrics_wd => C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrkuEw.exe [2014-04-22] () <==== ATTENTION
Task: {8A1973BA-194F-40E0-949F-1CF2CFC8F18D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {92958352-B4DE-49A8-9A65-4A38AE8AADAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {A3C6218A-675F-402C-9F42-C5600AA91AA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A6BC4D73-C2F1-4B5A-8AF2-9CE635AD8C4C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8305ACF-7757-4ED0-8151-46A178F6F290} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {ADA35FE3-575C-444A-B495-DDC5AA214254} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {B7E8E921-9CF8-4CBC-A0A9-3EE89D28287F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B95C31A5-A15A-4288-9C9D-C5FD254E9273} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-13] (filetypeadvisor.com                                         )
Task: {C22010D1-1B2F-4AB7-A073-E11F7BA19C71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\a2zLyrics_wd.job => C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrkuEw.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core.job => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA.job => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAndriy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-04-22 13:29 - 2014-04-22 13:29 - 00141824 _____ () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.exe
2014-02-06 17:13 - 2014-02-06 17:13 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-02-06 17:19 - 2014-02-06 17:19 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00246112 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe
2013-08-05 13:24 - 2013-06-16 14:52 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-08-05 13:24 - 2013-06-09 23:09 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-08-05 13:24 - 2013-06-09 23:09 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-02-12 15:42 - 2014-02-12 15:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-14 13:06 - 2014-02-14 13:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-09-06 02:47 - 2012-09-06 02:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-08-05 17:52 - 2012-07-05 06:03 - 00343024 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe
2012-09-19 19:37 - 2012-09-19 19:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-04-22 13:29 - 2014-04-22 13:29 - 00077312 _____ () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrkuEw.exe
2012-08-10 02:36 - 2012-08-10 02:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2014-01-03 18:39 - 2014-01-03 18:40 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-05 01:21 - 2012-09-05 01:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-05 12:12 - 2013-08-05 12:12 - 00120224 _____ () C:\Users\Andriy\AppData\Local\assembly\dl3\5W7W1YB6.RD7\37E3VZZ9.7XJ\5992da9a\004b58b8_95a8cd01\HPItunesModule.DLL
2013-08-05 17:52 - 2012-07-10 15:38 - 00506864 ____N () C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe
2013-11-14 00:31 - 2013-11-14 00:31 - 00546304 _____ () C:\Users\Andriy\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
2014-01-08 00:12 - 2014-01-08 00:12 - 00317720 _____ () C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
2012-09-18 03:58 - 2012-09-18 03:58 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 01380192 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe
2012-09-19 19:37 - 2012-09-19 19:37 - 00363784 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00062216 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-03-04 16:27 - 2014-03-04 16:27 - 00022560 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-04-22 13:29 - 2014-04-22 13:29 - 00133120 _____ () C:\Program Files (x86)\a2zLyrics-soft\a2zLyricshrk158.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00011362 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\mingwm10.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00043008 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 02415104 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtCore4.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 01148416 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtNetwork4.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00384512 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QueryStrategy.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00398336 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtXml4.dll
2014-03-20 09:52 - 2014-03-20 09:52 - 00867928 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-02-19 16:10 - 2014-02-19 16:10 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\766c9d1f5aedd3f4c133f9df5db8743e\PSIClient.ni.dll
2013-03-17 19:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-03-17 20:09 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00046624 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00068640 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srau.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00165408 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 02282528 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00066592 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\spbl.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00154656 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00014368 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\siem.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00060960 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\sppsm.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00696352 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00014880 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00078880 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00026656 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00056352 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srut.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00029216 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srsbs.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00065056 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00030752 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srom.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00030752 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\smtu.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00038944 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\smta.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00024096 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\sgml.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00043552 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srbu.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00061472 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00024608 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srpdm.dll
2014-03-04 16:27 - 2014-03-04 16:27 - 00043040 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-03-04 16:26 - 2014-03-04 16:26 - 00026656 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00035360 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00193056 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\sgmu.dll
2014-03-04 16:25 - 2014-03-04 16:25 - 00061440 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-03-04 16:28 - 2014-03-04 16:28 - 00255008 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\srns.dll
2013-08-05 13:24 - 2013-08-05 13:24 - 00313000 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-08-05 13:24 - 2013-08-05 13:24 - 00358056 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00079624 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00363784 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\libglesv2.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\libegl.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\ffmpegsumo.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2012-09-24 15:27 - 2012-09-24 15:27 - 00335176 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 18:28 - 2012-05-02 18:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2014-03-04 16:27 - 2014-03-04 16:27 - 00030240 _____ () C:\Users\Andriy\AppData\Local\Smartbar\Application\lrcnt.dll
2014-04-30 01:18 - 2014-04-30 01:18 - 01119448 _____ () C:\Users\Andriy\AppData\Local\Google\Update\Install\{A7413C6E-04FE-4736-9B4A-5517D34E18F0}\34.0.1847.131_34.0.1847.116_chrome_updater.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2014 09:33:51 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (04/29/2014 09:32:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/29/2014 08:08:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BlueSoleilCS.exe, Version: 9.0.723.0, Zeitstempel: 0x5062b290
Name des fehlerhaften Moduls: tl_filter.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x505fc6a9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x031cd53d
ID des fehlerhaften Prozesses: 0x1a00
Startzeit der fehlerhaften Anwendung: 0xBlueSoleilCS.exe0
Pfad der fehlerhaften Anwendung: BlueSoleilCS.exe1
Pfad des fehlerhaften Moduls: BlueSoleilCS.exe2
Berichtskennung: BlueSoleilCS.exe3
Vollständiger Name des fehlerhaften Pakets: BlueSoleilCS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BlueSoleilCS.exe5

Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2672

Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2672

Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1328

Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1328

Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2014 00:37:03 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/29/2014 08:08:40 PM) (Source: Service Control Manager) (User: )
Description: Dienst "BlueSoleilCS" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (04/29/2014 03:49:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2835364)

Error: (04/29/2014 00:45:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070003 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2835364)

Error: (04/29/2014 00:44:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2822241)

Error: (04/29/2014 00:41:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2785094)

Error: (04/29/2014 00:38:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2876415)

Error: (04/28/2014 00:50:50 AM) (Source: Service Control Manager) (User: )
Description: Dienst "BlueSoleilCS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/28/2014 00:49:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobiles Internet. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/28/2014 00:49:52 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobiles Internet. OUC erreicht.

Error: (04/28/2014 00:49:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (04/29/2014 09:33:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (04/29/2014 09:32:01 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{97F4C931-5B0F-4572-97FD-042F75F5198B}\recordingmanager.exe

Error: (04/29/2014 08:08:21 PM) (Source: Application Error)(User: )
Description: BlueSoleilCS.exe9.0.723.05062b290tl_filter.dll_unloaded0.0.0.0505fc6a9c0000094031cd53d1a0001cf62b08272f500C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exetl_filter.dll3ee6fcd7-cfc9-11e3-bea8-001e101f27fe

Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2672

Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2672

Error: (04/29/2014 09:44:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1328

Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1328

Error: (04/29/2014 09:44:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2014 00:37:03 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{97F4C931-5B0F-4572-97FD-042F75F5198B}\recordingmanager.exe


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 8088.27 MB
Available physical RAM: 4666.83 MB
Total Pagefile: 9304.27 MB
Available Pagefile: 4730.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:680.61 GB) (Free:420.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.25 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Mobiles Internet) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 93E9A6FB)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Alt 02.05.2014, 16:42   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten - Standard

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten

Alt 02.05.2014, 21:12   #7
Franziska123
 
Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten - Standard

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten



Hallo!
Das schaut schon super aus, ich hab jetzt keine grün unterstrichenen wörter mehr und auch nicht mehr die ganzen pop-ups Danke!

Hier sind die Logfiles:
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Andriy (administrator) on MYNEWHP on 02-05-2014 22:00:05
Running from C:\Users\Andriy\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BitTorrent Inc.) C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
() C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
(Farbar) C:\Users\Andriy\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-03-20] (RealNetworks, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [Google Update] => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-05] (Google Inc.)
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\Run: [uTorrent] => C:\Users\Andriy\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.)
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {0a4d6f29-7439-11e3-be99-6c3be584be5a} - "F:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758adea-fe60-11e2-be76-f4b7e2c41c42} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {2758c4d5-fe60-11e2-be76-001e101ffe8f} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f948a-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f94be-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {342f96da-fdd4-11e2-be75-f4b7e2c41c42} - "F:\.\Autorun.exe" AUTORUN=1
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {b6d84743-05d7-11e3-be7a-001e101f9880} - "F:\AutoRun.exe" 
HKU\S-1-5-21-1983903431-3382947560-1226906540-1001\...\MountPoints2: {dee233cd-01de-11e3-be77-001e101f8338} - "G:\AutoRun.exe" 
Startup: C:\Users\Andriy\Desktop\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe ()
Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2BDFF947-B67C-4B95-B36C-11B5373C2039} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\..\Interfaces\{2A0AF25A-BA97-4976-9394-1E61D738996A}: [NameServer]213.94.78.16 213.94.78.17
Tcpip\..\Interfaces\{2D613361-0A59-4899-A707-83C2DCC523F6}: [NameServer]213.94.78.27 213.94.78.26
Tcpip\..\Interfaces\{72F086DE-F54D-457C-82B5-D973D7257BF9}: [NameServer]213.94.78.26 213.94.78.27
Tcpip\..\Interfaces\{790F3EC1-3D72-41F4-B12B-EC92CA16DCAC}: [NameServer]213.94.78.26 213.94.78.27
Tcpip\..\Interfaces\{7CEE4DAE-0262-44EC-8D69-27E28C760944}: [NameServer]213.94.78.26 213.94.78.27
Tcpip\..\Interfaces\{EC82F58C-A7A2-4EE3-9575-10E0F6070704}: [NameServer]213.94.78.17 213.94.78.16

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andriy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test 127 - C:\Users\Andriy\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-02-15]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.enhanced-search.com/?babsrc=HP_ss_mib2&mntrId=FC40F4B7E2C41C43&affID=127842&tsp=5159"
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andriy\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Andriy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Extension: (Google Docs) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-05]
CHR Extension: (Google Drive) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-05]
CHR Extension: (YouTube) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-05]
CHR Extension: (Google-Suche) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-05]
CHR Extension: (a2zLyrics-16) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfocabhmkfcdibnkgogpaclhgblhnemn [2013-10-29]
CHR Extension: (Website Logon) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-08-05]
CHR Extension: (RealPlayer Downloader) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-23]
CHR Extension: (Norton Identity Protection) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-05]
CHR Extension: (Google Wallet) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Google Mail) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-05]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26]

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 Mobiles Internet. RunOuc; C:\Program Files (x86)\Mobiles Internet\UpdateDog\ouc.exe [246112 2013-08-06] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-20] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [343024 2012-07-05] ()

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; 
U4 BthHFEnum; 
U4 bthhfhid; 
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-11] (Symantec Corporation)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [229376 2013-08-05] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140430.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140501.003\ENG64.SYS [126040 2014-04-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140501.003\EX64.SYS [2099288 2014-04-25] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-02 22:00 - 2014-05-02 22:00 - 00028627 _____ () C:\Users\Andriy\Desktop\FRST.txt
2014-05-02 21:59 - 2014-05-02 21:59 - 00002020 _____ () C:\Users\Andriy\Desktop\JRT.1.txt
2014-05-02 21:58 - 2014-05-02 21:58 - 00002020 _____ () C:\Users\Andriy\Desktop\JRT.txt
2014-05-02 21:43 - 2014-05-02 21:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-02 21:39 - 2014-05-02 21:39 - 00006376 _____ () C:\Users\Andriy\Desktop\AdwCleaner[S0].txt
2014-05-02 21:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-02 21:30 - 2014-05-02 21:33 - 00000000 ____D () C:\AdwCleaner
2014-05-02 21:21 - 2014-05-02 21:21 - 00001133 _____ () C:\Users\Andriy\Desktop\mbam.txt
2014-05-02 20:50 - 2014-05-02 20:52 - 01016261 _____ (Thisisu) C:\Users\Andriy\Desktop\JRT.exe
2014-05-02 20:41 - 2014-05-02 20:45 - 01310621 _____ () C:\Users\Andriy\Desktop\adwcleaner.exe
2014-05-02 20:17 - 2014-05-02 21:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 20:17 - 2014-05-02 20:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-02 20:17 - 2014-05-02 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 20:17 - 2014-05-02 20:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-02 20:17 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-02 20:17 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-02 20:17 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-02 19:36 - 2014-05-02 20:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andriy\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-02 19:33 - 2014-05-02 19:33 - 00000738 _____ () C:\Users\Andriy\Desktop\Revo Uninstaller.lnk
2014-05-02 19:25 - 2014-05-02 19:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andriy\Downloads\revosetup95.exe
2014-05-02 18:59 - 2014-05-02 19:05 - 02062336 _____ (Farbar) C:\Users\Andriy\Desktop\FRST64 (1).exe
2014-05-02 18:47 - 2014-05-02 18:49 - 00000000 ____D () C:\Users\Andriy\Downloads\FRST-OlderVersion
2014-04-30 01:47 - 2014-04-30 01:47 - 00300064 _____ () C:\Windows\Minidump\043014-64718-01.dmp
2014-04-30 01:46 - 2014-04-30 01:47 - 00330160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-30 01:33 - 2014-05-02 19:00 - 00000000 ____D () C:\Users\Andriy\Desktop\ComputerSpy_Malware_Programme
2014-04-30 01:21 - 2014-04-30 01:21 - 00380416 _____ () C:\Users\Andriy\Downloads\Gmer-19357.exe
2014-04-30 01:18 - 2014-04-30 01:20 - 00044756 _____ () C:\Users\Andriy\Downloads\Addition.txt
2014-04-30 01:17 - 2014-05-02 22:00 - 00000000 ____D () C:\FRST
2014-04-30 01:17 - 2014-04-30 01:20 - 00059999 _____ () C:\Users\Andriy\Downloads\FRST.txt
2014-04-30 01:12 - 2014-05-02 18:47 - 00716800 _____ () C:\Users\Andriy\Downloads\FRST64.exe
2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log
2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable
2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe
2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt
2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt
2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe
2014-04-28 00:51 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 00:51 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-23 22:29 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-23 22:29 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-23 22:29 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-23 22:29 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-23 22:29 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-23 22:29 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-23 22:29 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-23 22:29 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-23 22:29 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-23 22:29 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-23 22:29 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-23 22:29 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-23 22:29 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-23 22:29 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-23 22:29 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-23 22:29 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-23 22:29 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-23 22:29 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-23 22:29 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-23 22:28 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 22:28 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 22:28 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-23 22:28 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 22:28 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-23 22:28 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-23 22:28 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-23 22:28 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-23 22:28 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 22:28 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 22:28 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 22:28 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 22:27 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 22:27 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-23 22:27 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-23 22:27 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-23 22:27 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-23 22:27 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-04-23 22:27 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-04-23 22:27 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-23 22:27 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-23 22:27 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 22:27 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 22:27 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-23 22:27 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-23 22:27 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 22:26 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-23 22:26 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-23 22:26 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-22 13:29 - 2014-05-02 19:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls
2014-04-20 06:54 - 2014-04-21 18:00 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls
2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls
2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z
2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z
2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls
2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx
2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-04-07 08:32 - 2014-04-07 23:51 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx
2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx

==================== One Month Modified Files and Folders =======

2014-05-02 22:00 - 2014-05-02 22:00 - 00028627 _____ () C:\Users\Andriy\Desktop\FRST.txt
2014-05-02 22:00 - 2014-04-30 01:17 - 00000000 ____D () C:\FRST
2014-05-02 22:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-02 21:59 - 2014-05-02 21:59 - 00002020 _____ () C:\Users\Andriy\Desktop\JRT.1.txt
2014-05-02 21:58 - 2014-05-02 21:58 - 00002020 _____ () C:\Users\Andriy\Desktop\JRT.txt
2014-05-02 21:56 - 2013-08-05 14:49 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\uTorrent
2014-05-02 21:43 - 2014-05-02 21:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-02 21:40 - 2012-09-26 10:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini
2014-05-02 21:39 - 2014-05-02 21:39 - 00006376 _____ () C:\Users\Andriy\Desktop\AdwCleaner[S0].txt
2014-05-02 21:38 - 2013-09-30 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-02 21:36 - 2014-05-02 20:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 21:36 - 2013-03-17 20:02 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-05-02 21:36 - 2013-03-17 20:02 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-05-02 21:35 - 2012-08-04 00:23 - 00136196 _____ () C:\Windows\PFRO.log
2014-05-02 21:35 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-02 21:33 - 2014-05-02 21:30 - 00000000 ____D () C:\AdwCleaner
2014-05-02 21:32 - 2013-08-20 14:07 - 00000601 _____ () C:\Users\Andriy\Desktop\Search.lnk
2014-05-02 21:32 - 2013-08-05 12:48 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-02 21:32 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-02 21:32 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy
2014-05-02 21:22 - 2012-07-26 09:52 - 00000000 ____D () C:\Windows\ShellNew
2014-05-02 21:21 - 2014-05-02 21:21 - 00001133 _____ () C:\Users\Andriy\Desktop\mbam.txt
2014-05-02 21:21 - 2013-08-05 12:11 - 02041289 _____ () C:\Windows\WindowsUpdate.log
2014-05-02 21:21 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-05-02 21:18 - 2013-08-05 12:47 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA.job
2014-05-02 20:52 - 2014-05-02 20:50 - 01016261 _____ (Thisisu) C:\Users\Andriy\Desktop\JRT.exe
2014-05-02 20:45 - 2014-05-02 20:41 - 01310621 _____ () C:\Users\Andriy\Desktop\adwcleaner.exe
2014-05-02 20:17 - 2014-05-02 20:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-02 20:17 - 2014-05-02 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 20:17 - 2014-05-02 20:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-02 20:14 - 2014-05-02 19:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andriy\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-02 19:35 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-02 19:33 - 2014-05-02 19:33 - 00000738 _____ () C:\Users\Andriy\Desktop\Revo Uninstaller.lnk
2014-05-02 19:29 - 2014-05-02 19:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andriy\Downloads\revosetup95.exe
2014-05-02 19:25 - 2013-08-05 14:13 - 01099486 _____ () C:\Windows\system32\perfh019.dat
2014-05-02 19:25 - 2013-08-05 14:13 - 00457322 _____ () C:\Windows\system32\perfc019.dat
2014-05-02 19:25 - 2012-10-31 20:56 - 01888684 _____ () C:\Windows\system32\perfh007.dat
2014-05-02 19:25 - 2012-10-31 20:56 - 00505266 _____ () C:\Windows\system32\perfc007.dat
2014-05-02 19:25 - 2012-07-26 09:28 - 00006786 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-02 19:20 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-02 19:19 - 2014-04-22 13:29 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-02 19:19 - 2013-10-29 19:38 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForAndriy.job
2014-05-02 19:05 - 2014-05-02 18:59 - 02062336 _____ (Farbar) C:\Users\Andriy\Desktop\FRST64 (1).exe
2014-05-02 19:00 - 2014-04-30 01:33 - 00000000 ____D () C:\Users\Andriy\Desktop\ComputerSpy_Malware_Programme
2014-05-02 18:49 - 2014-05-02 18:47 - 00000000 ____D () C:\Users\Andriy\Downloads\FRST-OlderVersion
2014-05-02 18:47 - 2014-04-30 01:12 - 00716800 _____ () C:\Users\Andriy\Downloads\FRST64.exe
2014-05-02 02:41 - 2013-08-05 15:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\vlc
2014-05-01 13:28 - 2013-10-29 14:28 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-05-01 10:18 - 2013-08-05 12:47 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core.job
2014-05-01 02:11 - 2013-08-07 12:45 - 00000000 ____D () C:\Users\Andriy\Documents\Youcam
2014-04-30 23:32 - 2013-10-29 19:38 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndriy
2014-04-30 01:47 - 2014-04-30 01:47 - 00300064 _____ () C:\Windows\Minidump\043014-64718-01.dmp
2014-04-30 01:47 - 2014-04-30 01:46 - 00330160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-30 01:47 - 2013-08-15 20:23 - 00000000 ____D () C:\Windows\Minidump
2014-04-30 01:46 - 2013-08-15 20:23 - 1021655135 _____ () C:\Windows\MEMORY.DMP
2014-04-30 01:40 - 2014-01-03 18:18 - 00000138 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI
2014-04-30 01:21 - 2014-04-30 01:21 - 00380416 _____ () C:\Users\Andriy\Downloads\Gmer-19357.exe
2014-04-30 01:20 - 2014-04-30 01:18 - 00044756 _____ () C:\Users\Andriy\Downloads\Addition.txt
2014-04-30 01:20 - 2014-04-30 01:17 - 00059999 _____ () C:\Users\Andriy\Downloads\FRST.txt
2014-04-30 01:20 - 2013-08-05 12:48 - 00002364 _____ () C:\Users\Andriy\Desktop\Google Chrome.lnk
2014-04-30 01:09 - 2014-04-30 01:09 - 00000474 _____ () C:\Users\Andriy\Downloads\defogger_disable.log
2014-04-30 01:09 - 2014-04-30 01:09 - 00000000 _____ () C:\Users\Andriy\defogger_reenable
2014-04-30 01:07 - 2014-04-30 01:07 - 00050477 _____ () C:\Users\Andriy\Downloads\Defogger.exe
2014-04-30 00:45 - 2014-04-30 00:45 - 00076272 _____ () C:\Users\Andriy\Downloads\Extras.Txt
2014-04-30 00:42 - 2014-04-30 00:42 - 00156272 _____ () C:\Users\Andriy\Downloads\OTL.Txt
2014-04-30 00:25 - 2014-04-30 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\Andriy\Downloads\otl.exe
2014-04-29 23:55 - 2013-09-30 09:55 - 00000000 ____D () C:\movies
2014-04-29 20:27 - 2013-08-05 12:11 - 00000000 ____D () C:\Users\Andriy\AppData\Local\Packages
2014-04-28 09:08 - 2013-08-16 11:42 - 00000000 ____D () C:\Users\Andriy\AppData\Local\CrashDumps
2014-04-28 09:06 - 2013-08-05 12:14 - 00000000 ___RD () C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-28 01:20 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-28 00:47 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-28 00:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-24 21:15 - 2014-03-21 08:58 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1983903431-3382947560-1226906540-1001
2014-04-24 21:15 - 2014-03-21 08:58 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1983903431-3382947560-1226906540-1001
2014-04-22 17:31 - 2013-10-08 17:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-22 17:31 - 2013-10-08 17:22 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-22 13:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-22 13:28 - 2013-10-29 14:28 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck
2014-04-22 07:01 - 2014-04-22 07:01 - 00525824 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet (1).xls
2014-04-22 07:00 - 2013-08-06 22:02 - 00502272 ___SH () C:\Users\Andriy\Desktop\Thumbs.db
2014-04-21 18:00 - 2014-04-20 06:54 - 00525824 _____ () C:\Users\Andriy\Desktop\stw3085084_überarbeitet.xls
2014-04-20 06:52 - 2014-04-20 06:52 - 00534016 _____ () C:\Users\Andriy\Downloads\stw3085084_überarbeitet.xls
2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime.z
2014-04-20 06:51 - 2014-04-20 06:51 - 00534016 _____ () C:\Users\Andriy\Downloads\mime (1).z
2014-04-19 11:20 - 2013-08-05 14:23 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-18 17:15 - 2013-08-10 18:03 - 00000000 ____D () C:\Users\Andriy\AppData\Local\SoulseekQt
2014-04-16 18:36 - 2013-08-05 12:22 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1983903431-3382947560-1226906540-1001
2014-04-14 20:14 - 2013-08-08 17:07 - 00000000 ____D () C:\Users\Andriy\AppData\Roaming\foobar2000
2014-04-14 07:40 - 2014-04-14 07:40 - 00048640 _____ () C:\Users\Andriy\Downloads\Themenmatrix.xls
2014-04-07 23:51 - 2014-04-07 08:32 - 00200527 _____ () C:\Users\Andriy\Desktop\stw5200-113_überarbeitet_FFA.xlsx
2014-04-07 14:53 - 2014-04-07 14:53 - 00018542 _____ () C:\Users\Andriy\Desktop\weka_StiwoVZ.xlsx
2014-04-07 10:13 - 2013-08-05 12:47 - 00004092 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA
2014-04-07 10:13 - 2013-08-05 12:47 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core
2014-04-07 09:31 - 2014-04-07 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-04-07 09:30 - 2013-03-17 20:19 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-04-07 09:30 - 2013-03-17 20:19 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-04-07 09:30 - 2013-03-17 20:18 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-04-07 08:31 - 2014-04-07 08:31 - 00215214 _____ () C:\Users\Andriy\Downloads\stw5200-113_überarbeitet_FFA.xlsx
2014-04-03 09:51 - 2014-05-02 20:17 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-02 20:17 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-02 20:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Andriy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Andriy\AppData\Local\Temp\ffdshow.exe
C:\Users\Andriy\AppData\Local\Temp\MatroskaSplitter.exe
C:\Users\Andriy\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Andriy\AppData\Local\Temp\Quarantine.exe
C:\Users\Andriy\AppData\Local\Temp\stubhelper.dll
C:\Users\Andriy\AppData\Local\Temp\vcredist_x64_VS2008SP1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 03:47

==================== End Of Log ============================
         
--- --- ---

Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Andriy at 2014-05-02 22:01:29
Running from C:\Users\Andriy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
3DataManager (HKLM-x32\...\3DataManager) (Version: 3.5 - 3DataManager)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D6CCB94-05E3-753A-5ED7-97495EA8AEFF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0918.260.3365 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2.5712 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.2.2114 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2110 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4528 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.5.5811 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivxToDVD 0.5.2b (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Foto Paradies (HKLM-x32\...\{4FB9F8B3-1355-41FF-BD5E-5CB582B64A5D}}_is1) (Version: 3.5.0.3 - Foto Online Service GmbH)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - FreeCodecPack)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{92E8BC5B-6023-4846-8151-415351A4FAFF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Kolor Autopano Giga 3.0 (HKLM\...\AutopanoGiga3.0) (Version: V3.0.7 - Kolor)
Leisure Suit Larry's Greatest Hits and Misses! (HKLM-x32\...\GOGPACKLARRY16_is1) (Version: 2.1.0.17 - GOG.com)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4517.1005 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MJoy Radio (HKLM-x32\...\5AFE1F7DBA584035C1170C17976757D58047C692.1.5AFE1F7DBA584035C1170C17976757D58047C692.1) (Version: 2.1.0 - UNKNOWN)
MJoy Radio (x32 Version: 2.1.0 - UNKNOWN) Hidden
Mobiles Internet (HKLM-x32\...\Mobiles Internet) (Version: 21.005.18.01.75 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1005 - Microsoft Corporation) Hidden
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Opera Stable 20.0.1387.77 (HKLM-x32\...\Opera 20.0.1387.77) (Version: 20.0.1387.77 - Opera Software ASA)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roberta Williams' Phantasmagoria (HKLM-x32\...\GOGPACKPHANTASMAGORIA_is1) (Version: 2.0.0.14 - GOG.com)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tiny Media Player v1.0 (HKLM-x32\...\Tiny Media Player_is1) (Version: 1.0.0.0 - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 5.00 бета 8 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
Word Slinger (HKLM-x32\...\8617b280ce3d8581e46e17e0197f18ad) (Version:  - Zylom)
Worlds of Ultima - The Savage Empire (HKLM-x32\...\GOGPACKWORLDSOFULTIMASAVAGE_is1) (Version: 2.0.0.26 - GOG.com)

==================== Restore Points  =========================

24-04-2014 04:15:31 Windows Update
27-04-2014 22:32:00 Windows Update
01-05-2014 01:51:32 Windows Update
02-05-2014 17:34:47 Revo Uninstaller's restore point - a2zLyrics

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {156C3FEC-5D80-4A63-BC7A-989BE6A751B0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CD7158D-9BF2-447F-87B7-26AEC3971054} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {27310A1A-0975-415A-A4C3-2EF9819F48F6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {32E7541E-81D9-470F-AF41-64F7213E8C47} - System32\Tasks\HPCeeScheduleForAndriy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {42D71806-5811-4635-A2DF-68CE4808E653} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {44154D8E-8966-4403-8C01-B84D42CCAC5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {522AEA12-6797-4BC7-90B9-288F76808F8C} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {630EC78F-25B7-4233-9099-4ECA7E51B5C0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {65392A87-4A56-4746-81C1-F814B1F635A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1983903431-3382947560-1226906540-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {74BE0AE6-2E57-4CF0-AE3A-9FB52DD1AAD6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1983903431-3382947560-1226906540-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.)
Task: {77605241-1C5B-45D2-9602-80F1D807865F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8A1973BA-194F-40E0-949F-1CF2CFC8F18D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {92958352-B4DE-49A8-9A65-4A38AE8AADAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {A3C6218A-675F-402C-9F42-C5600AA91AA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A6BC4D73-C2F1-4B5A-8AF2-9CE635AD8C4C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8305ACF-7757-4ED0-8151-46A178F6F290} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {ADA35FE3-575C-444A-B495-DDC5AA214254} - \BitGuard No Task File <==== ATTENTION
Task: {B7E8E921-9CF8-4CBC-A0A9-3EE89D28287F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B95C31A5-A15A-4288-9C9D-C5FD254E9273} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-13] (filetypeadvisor.com                                         )
Task: {C22010D1-1B2F-4AB7-A073-E11F7BA19C71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001Core.job => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983903431-3382947560-1226906540-1001UA.job => C:\Users\Andriy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAndriy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-08-06 21:27 - 2013-08-06 21:26 - 00246112 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\ouc.exe
2013-08-05 13:24 - 2013-06-16 14:52 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-08-05 13:24 - 2013-06-09 23:09 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-08-05 13:24 - 2013-06-09 23:09 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-02-12 15:42 - 2014-02-12 15:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-14 13:06 - 2014-02-14 13:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-09-06 02:47 - 2012-09-06 02:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-08-05 17:52 - 2012-07-05 06:03 - 00343024 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe
2012-09-19 19:37 - 2012-09-19 19:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2014-01-03 18:39 - 2014-01-03 18:40 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-05 01:21 - 2012-09-05 01:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-18 03:58 - 2012-09-18 03:58 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-08-05 12:12 - 2013-08-05 12:12 - 00120224 _____ () C:\Users\Andriy\AppData\Local\assembly\dl3\5W7W1YB6.RD7\37E3VZZ9.7XJ\5992da9a\004b58b8_95a8cd01\HPItunesModule.DLL
2014-03-13 11:53 - 2014-03-12 13:40 - 01380192 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe
2013-08-06 21:27 - 2013-08-06 21:26 - 00011362 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\mingwm10.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00043008 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 02415104 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtCore4.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 01148416 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtNetwork4.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00384512 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QueryStrategy.dll
2013-08-06 21:27 - 2013-08-06 21:26 - 00398336 _____ () C:\ProgramData\Mobiles Internet\OnlineUpdate\QtXml4.dll
2014-03-20 09:52 - 2014-03-20 09:52 - 00867928 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2012-08-10 02:36 - 2012-08-10 02:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2013-03-17 20:09 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-08-05 13:24 - 2013-08-05 13:24 - 00313000 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-08-05 13:24 - 2013-08-05 13:24 - 00358056 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00079624 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00363784 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 19:37 - 2012-09-19 19:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-09-24 15:27 - 2012-09-24 15:27 - 00335176 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 18:28 - 2012-05-02 18:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2014-02-19 16:10 - 2014-02-19 16:10 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\766c9d1f5aedd3f4c133f9df5db8743e\PSIClient.ni.dll
2013-03-17 19:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\libglesv2.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\libegl.dll
2014-03-13 11:53 - 2014-03-12 13:40 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.77\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8088.27 MB
Available physical RAM: 5964.74 MB
Total Pagefile: 16280.27 MB
Available Pagefile: 14015.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:680.61 GB) (Free:410.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.25 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Mobiles Internet) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 93E9A6FB)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Adwcleaner:
Code:
ATTFilter
# AdwCleaner v3.205 - Bericht erstellt am 02/05/2014 um 21:32:36
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Andriy - MYNEWHP
# Gestartet von : C:\Users\Andriy\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BackupStack

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Andriy\.android
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Andriy\AppData\LocalLow\buenosearch LTD
Ordner Gelöscht : C:\Users\Andriy\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Andriy\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Andriy\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Datei Gelöscht : C:\Users\Andriy\daemonprocess.txt
Datei Gelöscht : C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Andriy\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gelöscht : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Datei Gelöscht : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Andriy\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Andriy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\d55dad9b53eb844
Schlüssel Gelöscht : HKLM\SOFTWARE\d55dad9b53eb844
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414468}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v

[ Datei : C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3315521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP19BE10D8-762D-4FBA-AB65-B783A5C55EBB&SSPV=
Gelöscht [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
Gelöscht [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Gelöscht [Extension] : ifohbjbgfchkkfhphahclmkpgejiplfo
Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp

*************************

AdwCleaner[R0].txt - [7906 octets] - [02/05/2014 21:30:53]
AdwCleaner[S0].txt - [6216 octets] - [02/05/2014 21:32:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6276 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Andriy on 02.05.2014 at 21:43:13,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1983903431-3382947560-1226906540-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\a2zlyrics
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1983903431-3382947560-1226906540-1001\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\bitguard"
Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Andriy\appdata\local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.05.2014 at 21:58:18,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
mbam:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.05.2014
Suchlauf-Zeit: 21:21:00
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Andriy

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 238409
Verstrichene Zeit: 54 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Alt 04.05.2014, 07:22   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten - Standard

Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten
automatisch, computer, dasselbe, doppel, doppelt, fenster, gmer, interne, internet, links, maus, neues, nutze, offline, opera, pop-up, pop-ups, problem, recht, seite, seiten, texte, werbung, windows, windows 8, würde, öffnet



Ähnliche Themen: Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten


  1. Windows 8: doppelt unterstrichene Wörter in Firefox, u.a. mpcdn1 . com
    Log-Analyse und Auswertung - 30.09.2014 (9)
  2. Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy
    Log-Analyse und Auswertung - 21.09.2014 (13)
  3. grüne unterstrichene wörter mit werbung bei firefox
    Log-Analyse und Auswertung - 05.07.2014 (3)
  4. doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf
    Plagegeister aller Art und deren Bekämpfung - 09.05.2014 (27)
  5. Windows 7 (64bit) - doppelt grün unterstrichene Wörter im Internet und unkontrollierte Öffnung von Werbefenstern
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (5)
  6. Windows 7 (64bit) - doppelt grün unterstrichene Wörter im Internet
    Plagegeister aller Art und deren Bekämpfung - 22.03.2014 (17)
  7. Wörter in texten grün unterlegt und doppelt unterstrichen
    Alles rund um Windows - 02.03.2014 (18)
  8. Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch
    Log-Analyse und Auswertung - 22.01.2014 (15)
  9. Firefox, doppelt unterstrichene, grüne Textstellen, bei Mauszeigerkontakt Pop-up Werbung
    Log-Analyse und Auswertung - 18.01.2014 (5)
  10. Firefox, doppelt unterstrichene, grüne Textstellen, bei Mauszeigerkontakt Pop-up Werbung
    Plagegeister aller Art und deren Bekämpfung - 14.01.2014 (11)
  11. firefox, doppelt-unterstrichene grüne links mit popups
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (1)
  12. Windows 8: Im Browser erscheinen grün Doppelt unterstrichene Wörter, die mich umleiten wollen
    Log-Analyse und Auswertung - 29.12.2013 (17)
  13. grüne, doppelt-unterstrichene Wörter auf Webseiten öffnen Pop-up Fenster
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (9)
  14. Werbeeinblendungen und grüne Texte bzw. Wörter doppelt unterstrichen
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (1)
  15. Grüne Wörter doppelt unterstrichen auf Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (17)
  16. Windows 7: Trojaner - doppelt blau unterstrichene Wörter im Browser
    Log-Analyse und Auswertung - 03.10.2013 (5)
  17. Windows XP: Doppelt unterstrichene, farbige Wörter mit WebLink
    Log-Analyse und Auswertung - 20.09.2013 (3)

Zum Thema Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten - Hallo! Seit ein paar Tagen habe ich das Problem, dass sobald ich im Internet bin (ich nutze Opera, aber auf IE passiert dasselbe) mehrere pop-ups auf den Homepages (an den - Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten...
Archiv
Du betrachtest: Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.