Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 Ran by Barbara (administrator) on BARBARA-PC on 25-02-2015 13:14:31 Running from G:\ Loaded Profiles: Barbara (Available profiles: Barbara & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\HelpPane.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [gmsd_de_136] => [X] HKLM-x32\...\Run: [gmsd_de_138] => [X] HKLM-x32\...\Run: [gmsd_de_147] => [X] HKLM-x32\...\Run: [gmsd_de_158] => [X] HKLM-x32\...\Run: [gmsd_de_166] => [X] HKLM-x32\...\Run: [gmsd_de_172] => [X] HKLM-x32\...\Run: [gmsd_de_179] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-495053369-2026751637-1525330651-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31090792 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-495053369-2026751637-1525330651-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Barbara\AppData\Local\{2c249d82-45f6-5c40-d998-c76cef35739b}\n. ATTENTION! ====> ZeroAccess/Alureon? AppInit_DLLs: C:\Users\Barbara\AppData\Local\Ap\MTResources\spdrmn.dll => C:\Users\Barbara\AppData\Local\Ap\MTResources\spdrmn.dll File Not Found AppInit_DLLs-x32: c:\users\barbara\appdata\local\ap\mtresources\btmn.dll => "c:\users\barbara\appdata\local\ap\mtresources\btmn.dll" File Not Found Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Users\Barbara\AppData\Roaming\Microsoft\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-495053369-2026751637-1525330651-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE4m9xhqQak5up5sscMEh1ixCLtAFtlMNNIr0b7wpWWkuwgiTa_LG3AGJ3-9VHydeQy5PDxdAVvSLRkysVXdtJJrwBeEq-PLQKAlmCjoVZXtMgk3NSEbwVF-RKgi9WT108Z_axcLgwfS17Kh0I&q={searchTerms} HKU\S-1-5-21-495053369-2026751637-1525330651-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp HKU\S-1-5-21-495053369-2026751637-1525330651-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE4m9xhqQak5up5sscMEh1ixCLtAFtlMNNIr0b7wpWWkuwgiTa_LG3AGJ3-9VHydeQy5PDxdAVvSLRkysVXdtJJrwBeEq-PLQKAlmCjoVZXtMgk3NSEbwVF-RKgi9WT108Z_axcLgwfS17Kh0I&q={searchTerms} SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE4m9xhqQak5up5sscMEh1ixCLtAFtlMNNIr0b7wpWWkuwgiTa_LG3AGJ3-9VHydeQy5PDxdAVvSLRkysVXdtJJrwBeEq-PLQKAlmCjoVZXtMgk3NSEbwVF-RKgi9WT108Z_axcLgwfS17Kh0I&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: No Name -> {829d755a-a5e4-4056-8624-3ca82fb4b7d4} -> No File BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - No Name - {9eb324ca-1466-4907-8392-92c9f653a229} - No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - No Name - {9eb324ca-1466-4907-8392-92c9f653a229} - No File Toolbar: HKU\S-1-5-21-495053369-2026751637-1525330651-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog9 01 C:\Windows\system32\OptimizerMonitor.dll File Not found () Winsock: Catalog9 02 C:\Windows\system32\OptimizerMonitor.dll File Not found () Winsock: Catalog9 03 C:\Windows\system32\OptimizerMonitor.dll File Not found () Winsock: Catalog9 04 C:\Windows\system32\OptimizerMonitor.dll File Not found () Winsock: Catalog9 15 C:\Windows\system32\OptimizerMonitor.dll File Not found () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.3.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\gcz5s4uv.Standard-Benutzer FF Keyword.URL: hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE4m9xhqQak5up5sscMEh1ixCLtAFtlMNNIr0b7wpWWkuwgiTa_LG3AGJ3-9VHydeQy5PDxdAVvSLRkysVXdtJJrwBeEq-PLQKAlmCjoVZXtMgk3NSEbwVF-RKgi9WT108Z_axcLgwfS17Kh0I&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Extension: 11b496ea481a11dc83140800200c9a66 - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\yoom6t5b.default\Extensions\{11b496ea-481a-11dc-8314-0800200c9a66} [2015-02-08] FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\yoom6t5b.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2012-05-15] FF Extension: 11b496ea481a11dc83140800200c9a66 - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\wugel7lx.default-1422137501699\Extensions\{11b496ea-481a-11dc-8314-0800200c9a66} [2015-02-08] FF Extension: FF Toolbar - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\gcz5s4uv.Standard-Benutzer\Extensions\1422980563_xpi [2015-02-03] FF Extension: 11b496ea481a11dc83140800200c9a66 - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\gcz5s4uv.Standard-Benutzer\Extensions\{11b496ea-481a-11dc-8314-0800200c9a66} [2015-02-08] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-01-10] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2010-05-25] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2012-01-08] (Intel(R) Corporation) [File not signed] R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 12:39 - 2015-02-25 13:14 - 00000000 ____D () C:\FRST 2015-02-25 12:29 - 2015-02-25 12:29 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-25 12:29 - 2015-02-25 12:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-25 11:43 - 2015-02-25 13:10 - 00000000 ____D () C:\AdwCleaner 2015-02-25 11:13 - 2015-02-25 11:13 - 00000000 __SHD () C:\found.001 2015-02-25 10:46 - 2015-02-25 10:46 - 00003342 _____ () C:\Windows\System32\Tasks\{D4570679-7195-412B-A280-808300FC6547} 2015-02-23 21:28 - 2015-02-23 21:28 - 00000000 ____D () C:\Program Files (x86)\Moon Phase 2015-02-22 17:29 - 2015-02-25 11:34 - 00000000 ____D () C:\Program Files (x86)\Open Tweet Filter 2015-02-19 22:24 - 2015-02-19 22:24 - 00003488 _____ () C:\Windows\System32\Tasks\avayvxvaxc 2015-02-19 22:23 - 2015-02-23 21:06 - 00000000 ____D () C:\Users\Barbara\AppData\Local\avayvxvaxc 2015-02-18 19:03 - 2015-02-18 19:03 - 00000000 __SHD () C:\found.000 2015-02-16 19:11 - 2015-02-16 19:11 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk 2015-02-16 19:11 - 2015-02-16 19:11 - 00001168 _____ () C:\Users\Public\Desktop\TeamViewer 7.lnk 2015-02-16 19:10 - 2015-02-16 19:10 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-02-11 09:40 - 2015-01-12 04:13 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 09:40 - 2015-01-12 04:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 09:40 - 2015-01-12 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 09:40 - 2015-01-12 04:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 09:40 - 2015-01-12 03:47 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 09:40 - 2015-01-12 03:47 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 09:40 - 2015-01-12 03:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 09:39 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-07 20:21 - 2015-02-07 20:21 - 00020240 ____N () C:\bootsqm.dat 2015-02-05 10:37 - 2015-02-05 10:37 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-02-04 13:18 - 2015-02-04 13:19 - 00000000 ____D () C:\Program Files (x86)\PlusHD Cinema 2.1cV04.02 2015-02-04 08:51 - 2015-02-04 08:51 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\BRT 2015-01-29 17:27 - 2015-01-29 17:27 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2015-01-29 08:24 - 2015-02-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Browser Good 2015-01-27 21:10 - 2015-01-27 21:10 - 00002145 _____ () C:\Users\Barbara\Desktop\Skype (2).lnk 2015-01-27 09:58 - 2015-02-25 12:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 13:03 - 2012-05-15 13:08 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Skype 2015-02-25 12:59 - 2012-01-10 19:44 - 00000642 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2011.job 2015-02-25 12:40 - 2011-04-12 08:43 - 00714458 _____ () C:\Windows\system32\perfh007.dat 2015-02-25 12:40 - 2011-04-12 08:43 - 00154510 _____ () C:\Windows\system32\perfc007.dat 2015-02-25 12:40 - 2009-07-14 06:13 - 01649592 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-25 12:37 - 2012-04-03 15:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-25 12:34 - 2012-04-03 18:23 - 01328648 _____ () C:\Windows\WindowsUpdate.log 2015-02-25 12:10 - 2009-07-14 05:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-25 12:10 - 2009-07-14 05:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-25 12:02 - 2012-05-15 16:23 - 00054630 _____ () C:\Windows\setupact.log 2015-02-25 12:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-25 11:51 - 2012-01-08 22:28 - 00001005 _____ () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-25 11:37 - 2012-03-17 20:10 - 00000000 ____D () C:\Users\Barbara\AppData\Local\CrashDumps 2015-02-25 11:28 - 2013-06-09 20:40 - 00000000 ___RD () C:\Users\Barbara\Dropbox 2015-02-25 11:28 - 2013-06-09 20:33 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Dropbox 2015-02-25 11:15 - 2012-05-15 16:23 - 00233346 _____ () C:\Windows\PFRO.log 2015-02-23 20:51 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini 2015-02-23 20:48 - 2014-09-28 07:44 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-02-23 20:48 - 2012-05-15 13:08 - 00000000 ____D () C:\ProgramData\Skype 2015-02-21 09:25 - 2012-01-08 22:28 - 00000000 ____D () C:\Users\Barbara 2015-02-17 19:40 - 2012-01-09 10:25 - 00001724 _____ () C:\Windows\system32\ServiceFilter.ini 2015-02-15 16:02 - 2009-07-14 05:45 - 04971056 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-14 17:42 - 2013-06-09 20:40 - 00001033 _____ () C:\Users\Barbara\Desktop\Dropbox.lnk 2015-02-14 17:42 - 2013-06-09 20:34 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-14 17:40 - 2012-01-09 21:46 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-11 11:20 - 2012-01-09 10:25 - 00002354 _____ () C:\Windows\system32\AutoRunFilter.ini 2015-02-05 10:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-05 10:37 - 2012-04-03 15:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 10:37 - 2012-04-03 15:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 10:37 - 2012-01-09 00:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-04 13:18 - 2012-05-15 14:09 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-04 13:11 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-29 19:32 - 2015-01-02 00:49 - 00000000 ____D () C:\Users\Barbara\Documents\Recznikihaftowane 2015-01-29 18:25 - 2013-06-12 14:21 - 00000000 ____D () C:\Users\Barbara\Documents\Bill und Atene 2015-01-29 16:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy ==================== Files in the root of some directories ======= 2015-01-24 21:05 - 2015-01-24 21:05 - 0613057 _____ (CMI Limited) C:\Users\Barbara\AppData\Local\nsq13BF.tmp 2015-01-24 20:57 - 2015-01-24 20:57 - 0628496 _____ (CMI Limited) C:\Users\Barbara\AppData\Local\nsxFFAE.tmp 2012-01-09 20:55 - 2012-01-09 20:55 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ZeroAccess: C:\Users\Barbara\AppData\Local\{2c249d82-45f6-5c40-d998-c76cef35739b} C:\Users\Barbara\AppData\Local\{2c249d82-45f6-5c40-d998-c76cef35739b}\@ Some content of TEMP: ==================== C:\Users\Barbara\AppData\Local\Temp\1DA9C8FB-2515-B7F3-F22D-78CDC92C4B98.exe C:\Users\Barbara\AppData\Local\Temp\1F930CC8-E339-2FC0-3339-A4A1A5F8D188.dll C:\Users\Barbara\AppData\Local\Temp\1F930CC8-E339-2FC0-3339-A4A1A5F8D188.exe C:\Users\Barbara\AppData\Local\Temp\BackupSetup.exe C:\Users\Barbara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsswqqx.dll C:\Users\Barbara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwjrrfr.dll C:\Users\Barbara\AppData\Local\Temp\iA717.tmp.exe C:\Users\Barbara\AppData\Local\Temp\iF4AA.tmp.exe C:\Users\Barbara\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\Barbara\AppData\Local\Temp\optprosetup.exe C:\Users\Barbara\AppData\Local\Temp\Quarantine.exe C:\Users\Barbara\AppData\Local\Temp\SkypeSetup.exe C:\Users\Barbara\AppData\Local\Temp\SpOrder.dll C:\Users\Barbara\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 00:35 ==================== End Of Log ============================