Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 01 Ran by media markt (administrator) on PIOTR on 07-12-2013 13:10:36 Running from C:\Users\media markt\Downloads Windows 8 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (AMD) C:\Windows\System32\atieclxx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files (x86)\Google\Update\Install\{F1E0B87D-AF3D-4C86-A1F4-B3142B1A82FE}\31.0.1650.63_31.0.1650.57_chrome_updater.exe (Google Inc.) C:\Windows\Temp\CR_D62F8.tmp\setup.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Farbar) C:\Users\media markt\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [GG] - C:\Users\media markt\AppData\Local\GG\Application\gghub.exe [4033088 2013-11-06] (GG Network S.A.) HKCU\...\Run: [ALLUpdate] - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2995712 2013-07-19] (ALLPlayer Group Ltd.) HKCU\...\Run: [HW_OPENEYE_OUC_PLAY ONLINE] - C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [110592 2009-04-14] (Huawei Technologies Co., Ltd.) MountPoints2: E - "E:\AutoRun.exe" MountPoints2: {02c67d8f-4216-11e3-be79-8434976f15f8} - "E:\AutoRun.exe" MountPoints2: {f31625ae-ea63-11e2-bed3-8434976f15f8} - "E:\AutoRun.exe" HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [738496 2013-10-18] () HKU\Administrator\...\Run: [AppEx Accelerator UI] - C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation) HKU\Administrator\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1382912350&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9BC803335 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382912352&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9BC803335&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {0E0FEA54-A111-47C6-9081-D720FC2F2EB6} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382912352&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9BC803335&q={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382912352&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9BC803335&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM-x32 - {0E0FEA54-A111-47C6-9081-D720FC2F2EB6} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382912352&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9BC803335&q={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - {0E0FEA54-A111-47C6-9081-D720FC2F2EB6} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{27FE2C34-B405-456B-A7CA-60621C9F33C2}: [NameServer]89.108.195.20 89.108.202.20 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\media markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1 CHR Extension: (New Tab) - C:\Users\media markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm\9.4.4_0 CHR Extension: (Google Wallet) - C:\Users\media markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1 CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\MEDIAM~1\AppData\Local\foxtab_speeddial.crx CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\media markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\MEDIAM~1\AppData\Local\foxtab_speeddial.crx ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) S2 HPRegistrationSvc; C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-19] (Hewlett-Packard) R2 HPSLPSVC; C:\Users\media markt\AppData\Local\Temp\7zS7302\HPSLPSVC64.DLL [1039360 2013-07-19] (Hewlett-Packard Co.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) U4 BthAvrcpTg; U4 BthHFEnum; U4 bthhfhid; S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation) S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-09] (Ralink Technology, Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-07 13:10 - 2013-12-07 13:10 - 00017758 _____ C:\Users\media markt\Downloads\FRST.txt 2013-12-07 11:27 - 2013-12-07 11:29 - 00026498 _____ C:\Users\media markt\Desktop\Addition.txt 2013-12-07 11:24 - 2013-12-07 11:29 - 00017878 _____ C:\Users\media markt\Desktop\FRST.txt 2013-12-07 11:24 - 2013-12-07 11:24 - 00000000 ____D C:\FRST 2013-12-07 11:23 - 2013-12-07 11:23 - 01927360 _____ (Farbar) C:\Users\media markt\Downloads\FRST64 (1).exe 2013-12-07 11:20 - 2013-12-07 11:20 - 01927360 _____ (Farbar) C:\Users\media markt\Downloads\FRST64.exe 2013-12-07 11:14 - 2013-12-07 11:14 - 00077414 _____ C:\Users\media markt\Desktop\Extras.Txt 2013-12-07 11:13 - 2013-12-07 11:15 - 00126048 _____ C:\Users\media markt\Desktop\OTL.Txt 2013-12-07 10:49 - 2013-12-07 10:49 - 00000000 ____D C:\Users\media markt\AppData\Roaming\Malwarebytes 2013-12-07 10:48 - 2013-12-07 10:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-07 10:48 - 2013-12-07 10:48 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-07 10:48 - 2013-12-07 10:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-07 10:48 - 2013-12-07 10:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\media markt\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-07 10:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-07 10:47 - 2013-12-07 10:47 - 00664472 _____ C:\Users\media markt\Downloads\Malwarebytes-AntiMalware(13117).exe 2013-12-07 10:41 - 2013-12-07 10:41 - 00602112 _____ (OldTimer Tools) C:\Users\media markt\Downloads\OTL.exe 2013-12-05 08:50 - 2013-10-11 15:48 - 00038200 _____ (TuneUp Software) C:\Windows\system32\uxt1F5A.tmp 2013-12-05 08:44 - 2013-12-05 08:49 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-12-05 08:43 - 2013-12-05 08:43 - 27906464 _____ (TuneUp Software) C:\Users\media markt\Downloads\TuneUpUtilities2013_pl-PL.exe 2013-12-05 08:43 - 2013-12-05 08:43 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-12-03 23:05 - 2013-12-03 23:05 - 00401720 _____ (Softonic ) C:\Users\media markt\Downloads\SoftonicDownloader_dla_tunatic.exe 2013-12-03 23:03 - 2013-12-04 19:10 - 00000011 ____R C:\Windows\amunres.lsl 2013-12-03 23:02 - 2013-12-03 23:02 - 00000000 ____D C:\Users\media markt\AppData\Local\cache 2013-12-03 23:01 - 2013-12-03 23:06 - 00001807 _____ C:\Users\StoreUser\Desktop\Tunatic.lnk 2013-12-03 23:01 - 2013-12-03 23:06 - 00001807 _____ C:\Users\Administrator\Desktop\Tunatic.lnk 2013-12-03 23:01 - 2013-12-03 23:02 - 00000000 ____D C:\Users\media markt\AppData\Local\Mobogenie 2013-12-03 23:01 - 2013-12-03 23:01 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie 2013-12-03 23:01 - 2013-12-03 23:01 - 00000000 ____D C:\Users\wangzhisong 2013-12-03 23:01 - 2013-12-03 23:01 - 00000000 ____D C:\Users\media markt\Documents\Mobogenie 2013-12-03 23:01 - 2013-12-03 23:01 - 00000000 _____ C:\Users\media markt\daemonprocess.txt 2013-12-03 23:00 - 2013-12-03 23:02 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-03 22:59 - 2013-12-03 22:59 - 00663672 _____ C:\Users\media markt\Downloads\Tunatic(12070).exe 2013-12-03 22:59 - 2013-12-03 22:59 - 00543000 _____ C:\Users\media markt\Downloads\TunaticSetup.exe 2013-11-27 21:20 - 2013-11-27 21:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2013-11-23 15:08 - 2013-11-23 15:08 - 02569052 _____ C:\Users\media markt\Downloads\adobereade_207823.jar 2013-11-23 14:58 - 2013-11-23 14:58 - 00914740 _____ C:\Users\media markt\Downloads\AdbeRdr_nokia9500_efigsj.sis 2013-11-23 14:58 - 2013-11-23 14:58 - 00914740 _____ C:\Users\media markt\Downloads\AdbeRdr_nokia9500_efigsj (1).sis 2013-11-23 14:51 - 2013-11-23 14:51 - 00350339 _____ C:\Users\media markt\Downloads\adobereade.jar 2013-11-23 14:35 - 2013-11-23 14:35 - 02132082 _____ C:\Users\media markt\Downloads\Badop_test_11VI2010.zip 2013-11-23 13:27 - 2013-11-23 13:27 - 00000000 ____D C:\Windows\LastGood 2013-11-17 12:27 - 2013-11-17 12:28 - 00441040 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-17 11:50 - 2013-11-17 12:25 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-11-15 13:15 - 2013-11-15 13:15 - 00000000 ____D C:\Users\media markt\AppData\Roaming\PDF Architect 2013-11-15 11:26 - 2013-11-15 11:26 - 00000997 _____ C:\Users\media markt\Desktop\PDF Architect.lnk 2013-11-15 11:25 - 2013-11-15 11:25 - 00000000 ____D C:\Users\media markt\Documents\PDF Architect Files 2013-11-15 11:24 - 2013-11-15 11:25 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2013-11-15 11:24 - 2013-11-15 11:24 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2013-11-15 11:24 - 2013-11-15 11:24 - 00000000 ____D C:\Users\media markt\AppData\Roaming\pdfforge 2013-11-15 11:23 - 2013-11-15 11:27 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-11-15 11:23 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2013-11-15 11:23 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2013-11-15 11:23 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-11-15 11:23 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2013-11-15 08:58 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-11-15 08:58 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-13 21:15 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-11-13 21:15 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-11-13 21:14 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 21:14 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 15:38 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2013-11-13 15:38 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 15:38 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2013-11-13 15:33 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 15:33 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 15:33 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-11-13 15:33 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2013-11-13 15:33 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-11-13 15:33 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-11-13 15:33 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-11-13 15:33 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2013-11-13 15:33 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 15:33 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2013-11-13 15:33 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll 2013-11-13 15:33 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2013-11-13 15:33 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2013-11-13 15:33 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2013-11-13 15:33 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-11-13 15:33 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2013-11-13 15:32 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-11-13 15:32 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-11-13 15:32 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-11-13 15:32 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-11-13 15:32 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-11-13 15:32 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-11-13 15:32 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-11-13 15:32 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-11-13 15:32 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-11-13 15:32 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys 2013-11-13 15:32 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2013-11-13 15:32 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2013-11-13 15:32 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2013-11-13 15:31 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 15:31 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 15:30 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 15:30 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 15:25 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 15:25 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 15:25 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 15:25 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 15:25 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 15:25 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 15:25 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 15:25 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 15:25 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 15:25 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 15:25 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 15:25 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 15:25 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 15:25 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 15:25 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 15:25 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 15:25 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-12 23:51 - 2013-11-17 13:48 - 00000000 __SHD C:\Recovery 2013-11-12 22:54 - 2013-11-17 13:00 - 00003154 _____ C:\Windows\comsetup.log 2013-11-10 18:22 - 2013-11-15 09:52 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-11-10 18:21 - 2013-12-07 12:33 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-10 18:21 - 2013-12-07 10:32 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-10 18:21 - 2013-11-10 18:28 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-11-10 18:21 - 2013-11-10 18:28 - 00003806 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== One Month Modified Files and Folders ======= 2013-12-07 13:11 - 2013-12-07 13:10 - 00017758 _____ C:\Users\media markt\Downloads\FRST.txt 2013-12-07 13:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru 2013-12-07 12:42 - 2013-10-30 15:41 - 00000318 _____ C:\Windows\Tasks\FoxTab.job 2013-12-07 12:33 - 2013-11-10 18:21 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-07 11:29 - 2013-12-07 11:27 - 00026498 _____ C:\Users\media markt\Desktop\Addition.txt 2013-12-07 11:29 - 2013-12-07 11:24 - 00017878 _____ C:\Users\media markt\Desktop\FRST.txt 2013-12-07 11:24 - 2013-12-07 11:24 - 00000000 ____D C:\FRST 2013-12-07 11:23 - 2013-12-07 11:23 - 01927360 _____ (Farbar) C:\Users\media markt\Downloads\FRST64 (1).exe 2013-12-07 11:20 - 2013-12-07 11:20 - 01927360 _____ (Farbar) C:\Users\media markt\Downloads\FRST64.exe 2013-12-07 11:15 - 2013-12-07 11:13 - 00126048 _____ C:\Users\media markt\Desktop\OTL.Txt 2013-12-07 11:14 - 2013-12-07 11:14 - 00077414 _____ C:\Users\media markt\Desktop\Extras.Txt 2013-12-07 10:52 - 2013-10-27 20:56 - 01478684 _____ C:\Windows\WindowsUpdate.log 2013-12-07 10:49 - 2013-12-07 10:49 - 00000000 ____D C:\Users\media markt\AppData\Roaming\Malwarebytes 2013-12-07 10:49 - 2013-12-07 10:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-07 10:48 - 2013-12-07 10:48 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-07 10:48 - 2013-12-07 10:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-07 10:47 - 2013-12-07 10:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\media markt\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-07 10:47 - 2013-12-07 10:47 - 00664472 _____ C:\Users\media markt\Downloads\Malwarebytes-AntiMalware(13117).exe 2013-12-07 10:41 - 2013-12-07 10:41 - 00602112 _____ (OldTimer Tools) C:\Users\media markt\Downloads\OTL.exe 2013-12-07 10:35 - 2013-10-27 21:26 - 00000000 ____D C:\ProgramData\MFAData 2013-12-07 10:32 - 2013-11-10 18:21 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-05 12:24 - 2013-10-27 21:29 - 00000000 ____D C:\Users\media markt\AppData\Roaming\GG 2013-12-05 09:28 - 2012-08-10 16:45 - 00000821 _____ C:\Windows\SysWOW64\bscs.ini 2013-12-05 09:28 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-05 09:27 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI 2013-12-05 08:49 - 2013-12-05 08:44 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-12-05 08:45 - 2013-10-27 21:38 - 00000000 ____D C:\Users\media markt\AppData\Roaming\TuneUp Software 2013-12-05 08:43 - 2013-12-05 08:43 - 27906464 _____ (TuneUp Software) C:\Users\media markt\Downloads\TuneUpUtilities2013_pl-PL.exe 2013-12-05 08:43 - 2013-12-05 08:43 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-12-04 19:10 - 2013-12-03 23:03 - 00000011 ____R C:\Windows\amunres.lsl 2013-12-03 23:06 - 2013-12-03 23:01 - 00001807 _____ C:\Users\StoreUser\Desktop\Tunatic.lnk 2013-12-03 23:06 - 2013-12-03 23:01 - 00001807 _____ C:\Users\Administrator\Desktop\Tunatic.lnk 2013-12-03 23:05 - 2013-12-03 23:05 - 00401720 _____ (Softonic ) C:\Users\media markt\Downloads\SoftonicDownloader_dla_tunatic.exe 2013-12-03 23:02 - 2013-12-03 23:02 - 00000000 ____D C:\Users\media markt\AppData\Local\cache 2013-12-03 23:02 - 2013-12-03 23:01 - 00000000 ____D C:\Users\media markt\AppData\Local\Mobogenie 2013-12-03 23:02 - 2013-12-03 23:00 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-03 23:01 - 2013-12-03 23:01 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie 2013-12-03 23:01 - 2013-12-03 23:01 - 00000000 ____D C:\Users\wangzhisong 2013-12-03 23:01 - 2013-12-03 23:01 - 00000000 ____D C:\Users\media markt\Documents\Mobogenie 2013-12-03 23:01 - 2013-12-03 23:01 - 00000000 _____ C:\Users\media markt\daemonprocess.txt 2013-12-03 23:01 - 2013-10-27 20:53 - 00000000 ____D C:\Users\media markt 2013-12-03 22:59 - 2013-12-03 22:59 - 00663672 _____ C:\Users\media markt\Downloads\Tunatic(12070).exe 2013-12-03 22:59 - 2013-12-03 22:59 - 00543000 _____ C:\Users\media markt\Downloads\TunaticSetup.exe 2013-12-03 14:21 - 2013-03-18 20:33 - 00000000 ____D C:\Users\media markt\Desktop\Kopiko 2013-12-03 11:14 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2013-11-27 21:20 - 2013-11-27 21:20 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2013-11-27 21:20 - 2013-10-27 21:38 - 00000995 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2013-11-27 21:20 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-11-26 10:52 - 2012-08-25 19:03 - 00827626 _____ C:\Windows\system32\perfh015.dat 2013-11-26 10:52 - 2012-08-25 19:03 - 00176034 _____ C:\Windows\system32\perfc015.dat 2013-11-26 10:52 - 2012-07-26 08:28 - 01936226 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-26 10:42 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF 2013-11-25 23:00 - 2012-08-31 09:44 - 00039651 _____ C:\Windows\system32\RaCoInst.log 2013-11-25 22:58 - 2012-08-25 09:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-11-25 22:47 - 2012-08-04 01:02 - 00000000 ____D C:\SWSetup 2013-11-25 21:35 - 2012-08-31 09:43 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-11-25 21:33 - 2012-08-31 09:43 - 00000000 ____D C:\Program Files\Bonjour 2013-11-25 21:33 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Portable Devices 2013-11-25 21:31 - 2013-10-30 15:41 - 00000000 ____D C:\Users\media markt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-11-25 21:31 - 2013-10-27 23:27 - 00000000 ____D C:\Users\media markt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa 2013-11-25 21:31 - 2013-10-27 23:26 - 00000000 ____D C:\Users\media markt\AppData\Roaming\Winamp 2013-11-25 21:31 - 2013-10-27 21:07 - 00000000 ____D C:\Users\media markt\AppData\Local\bluesoleil 2013-11-25 21:31 - 2013-10-27 21:01 - 00000000 ____D C:\Users\StoreUser\AppData\Local\bluesoleil 2013-11-25 21:31 - 2013-10-27 20:53 - 00000000 ___RD C:\Users\StoreUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-11-25 21:31 - 2013-10-27 20:53 - 00000000 ___RD C:\Users\StoreUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-25 21:31 - 2013-10-27 20:53 - 00000000 ___RD C:\Users\StoreUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-11-25 21:31 - 2013-10-27 20:53 - 00000000 ___RD C:\Users\media markt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-11-25 21:31 - 2013-10-27 20:53 - 00000000 ___RD C:\Users\media markt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-25 21:31 - 2013-10-27 20:53 - 00000000 ___RD C:\Users\media markt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-11-25 21:28 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\inetsrv 2013-11-25 21:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\WinMetadata 2013-11-25 21:15 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\registration 2013-11-23 15:08 - 2013-11-23 15:08 - 02569052 _____ C:\Users\media markt\Downloads\adobereade_207823.jar 2013-11-23 15:04 - 2013-10-29 13:11 - 00000226 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI 2013-11-23 15:02 - 2012-08-31 09:51 - 00004524 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI 2013-11-23 15:02 - 2012-08-31 09:51 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI 2013-11-23 14:58 - 2013-11-23 14:58 - 00914740 _____ C:\Users\media markt\Downloads\AdbeRdr_nokia9500_efigsj.sis 2013-11-23 14:58 - 2013-11-23 14:58 - 00914740 _____ C:\Users\media markt\Downloads\AdbeRdr_nokia9500_efigsj (1).sis 2013-11-23 14:51 - 2013-11-23 14:51 - 00350339 _____ C:\Users\media markt\Downloads\adobereade.jar 2013-11-23 14:35 - 2013-11-23 14:35 - 02132082 _____ C:\Users\media markt\Downloads\Badop_test_11VI2010.zip 2013-11-23 13:27 - 2013-11-23 13:27 - 00000000 ____D C:\Windows\LastGood 2013-11-23 10:34 - 2013-10-27 23:19 - 00000000 ____D C:\ProgramData\eSafe 2013-11-23 10:34 - 2013-10-27 21:37 - 00000000 ____D C:\ProgramData\AVG2014 2013-11-23 10:17 - 2013-10-27 21:26 - 00000000 ____D C:\Users\media markt\AppData\Local\Avg2014 2013-11-18 05:34 - 2012-08-04 00:21 - 00000000 ____D C:\Windows\Panther 2013-11-18 05:06 - 2013-09-30 05:50 - 00000000 ___HD C:\$Windows.~BT 2013-11-17 13:48 - 2013-11-12 23:51 - 00000000 __SHD C:\Recovery 2013-11-17 13:09 - 2013-10-27 20:53 - 00104778 _____ C:\Windows\diagwrn.xml 2013-11-17 13:09 - 2013-10-27 20:53 - 00104778 _____ C:\Windows\diagerr.xml 2013-11-17 13:09 - 2012-07-26 08:21 - 01403769 _____ C:\Windows\setupact.log 2013-11-17 13:07 - 2012-08-03 23:40 - 00014501 _____ C:\Windows\iis.log 2013-11-17 13:07 - 2012-07-26 09:13 - 00005976 _____ C:\Windows\DtcInstall.log 2013-11-17 13:00 - 2013-11-12 22:54 - 00003154 _____ C:\Windows\comsetup.log 2013-11-17 12:39 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache 2013-11-17 12:28 - 2013-11-17 12:27 - 00441040 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-17 12:27 - 2012-08-03 23:23 - 00466200 _____ C:\Windows\PFRO.log 2013-11-17 12:25 - 2013-11-17 11:50 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-11-15 13:15 - 2013-11-15 13:15 - 00000000 ____D C:\Users\media markt\AppData\Roaming\PDF Architect 2013-11-15 11:27 - 2013-11-15 11:23 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-11-15 11:26 - 2013-11-15 11:26 - 00000997 _____ C:\Users\media markt\Desktop\PDF Architect.lnk 2013-11-15 11:25 - 2013-11-15 11:25 - 00000000 ____D C:\Users\media markt\Documents\PDF Architect Files 2013-11-15 11:25 - 2013-11-15 11:24 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2013-11-15 11:24 - 2013-11-15 11:24 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2013-11-15 11:24 - 2013-11-15 11:24 - 00000000 ____D C:\Users\media markt\AppData\Roaming\pdfforge 2013-11-15 09:52 - 2013-11-10 18:22 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore 2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB 2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Defender 2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\System 2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-11-14 23:35 - 2012-07-26 08:52 - 00000000 ____D C:\Program Files\Windows Journal 2013-11-14 23:35 - 2012-07-26 08:51 - 00000000 ____D C:\Windows\SysWOW64\winrm 2013-11-14 23:35 - 2012-07-26 08:51 - 00000000 ____D C:\Windows\SysWOW64\slmgr 2013-11-14 23:35 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\SysWOW64\oobe 2013-11-14 23:35 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\servicing 2013-11-14 23:34 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2013-11-14 23:34 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\migwiz 2013-11-14 23:34 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\en-GB 2013-11-14 23:34 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-11-14 23:34 - 2012-07-26 08:51 - 00000000 ____D C:\Windows\SysWOW64\WCN 2013-11-14 23:34 - 2012-07-26 08:51 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts 2013-11-14 23:34 - 2012-07-26 08:51 - 00000000 ____D C:\Windows\system32\winrm 2013-11-14 23:34 - 2012-07-26 08:51 - 00000000 ____D C:\Windows\system32\slmgr 2013-11-14 23:34 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe 2013-11-14 23:31 - 2012-07-26 08:51 - 00000000 ____D C:\Windows\system32\WCN 2013-11-14 23:30 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform 2013-11-14 23:30 - 2012-07-26 08:51 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts 2013-11-14 23:29 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData 2013-11-13 22:17 - 2013-10-27 21:44 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-13 22:07 - 2013-10-31 01:16 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 21:58 - 2013-10-31 01:16 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-10 18:28 - 2013-11-10 18:21 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-11-10 18:28 - 2013-11-10 18:21 - 00003806 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-11-10 18:24 - 2013-11-06 09:45 - 00000000 ____D C:\Users\media markt\AppData\Roaming\Opera Software 2013-11-10 18:24 - 2013-11-06 09:45 - 00000000 ____D C:\Users\media markt\AppData\Local\Opera Software 2013-11-10 18:24 - 2013-11-06 09:45 - 00000000 ____D C:\Program Files (x86)\Opera 2013-11-10 18:23 - 2013-10-27 23:32 - 00000000 ____D C:\Users\media markt\AppData\Local\Adobe 2013-11-10 18:22 - 2013-10-27 21:23 - 00000000 ____D C:\Program Files (x86)\Google 2013-11-08 13:46 - 2012-08-25 18:46 - 00000000 ___HD C:\HP Some content of TEMP: ==================== C:\Users\media markt\AppData\Local\Temp\ALLPlayerPL.exe C:\Users\media markt\AppData\Local\Temp\ggdrive-menu.exe C:\Users\media markt\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\media markt\AppData\Local\Temp\installstats.exe C:\Users\media markt\AppData\Local\Temp\TUUUninstallHelper.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-23 13:43 ==================== End Of Log ============================