|
Log-Analyse und Auswertung: Adware.browsefox.aomWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.12.2014, 11:59 | #1 |
| Adware.browsefox.aom Hallo liebes Trojaner-Board, ich habe zurzeit ein Problem! Es geht um adware.browsefox. Avast hat mir gemeldet, dass ich eine kritische Browerereiterunger besitze. Ich entfernte sie und Avira meldete nach einigen scans wieder diesen Virus und das 6x Mal. Insgesamt ist mein Laptop ziemlich Lahm und hat eine CDU-Auslastung 90%. Selbst bei einfachen Anwendung zeigt er mir oft an das der Grafiktreiber anscheinend nicht richtig funktioniert. Selbst Solitair funktioniert nur mit rucklern. Ich besitze diesen Laptop erst seit Oktober. Meine Tochter hatte mir gesagt ich solle Hijacked machen und den Log hier posten: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:56:40, on 03.12.2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\PHotkey\HCSynApi.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Carmen\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe, O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 (file missing) (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: CyberLink PowerDVD 10 MS Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe O23 - Service: CyberLink PowerDVD 10 MS Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\PHotkey\GFNEXSrv.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8470 bytes Vielen Dank für eure Hilfe! |
04.12.2014, 12:01 | #2 |
/// the machine /// TB-Ausbilder | Adware.browsefox.aom hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
04.12.2014, 16:11 | #3 |
| Adware.browsefox.aom Als erstes die FRST.txt
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014 Ran by Carmen (administrator) on HCS on 04-12-2014 16:05:40 Running from C:\Users\Carmen\Downloads Loaded Profile: Carmen (Available profiles: Carmen) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\PHotkey\Atouch64.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe () C:\Program Files (x86)\PHotkey\POsd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705 FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-maps.xml FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15] CHR Extension: (Google Docs) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15] CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15] CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15] CHR Extension: (Google Search) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15] CHR Extension: (Google Sheets) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15] CHR Extension: (Avast Online Security) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15] CHR Extension: (Google Wallet) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15] CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] () [File not signed] R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] () [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] () R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S1 {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64; system32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys [X] S1 {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64; system32\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys [X] S1 {94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64; system32\drivers\{94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64.sys [X] S1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; system32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 16:05 - 2014-12-04 16:06 - 00014508 _____ () C:\Users\Carmen\Downloads\FRST.txt 2014-12-04 16:05 - 2014-12-04 16:05 - 00000000 ____D () C:\FRST 2014-12-04 16:04 - 2014-12-04 16:04 - 02117632 _____ (Farbar) C:\Users\Carmen\Downloads\FRST64.exe 2014-12-04 07:41 - 2014-12-04 07:41 - 00000350 _____ () C:\Windows\PFRO.log 2014-12-03 17:04 - 2014-12-03 17:04 - 00008471 _____ () C:\Users\Carmen\Desktop\hijackthis.log 2014-12-03 16:54 - 2014-12-03 16:55 - 01174352 _____ () C:\Users\Carmen\Downloads\HijackThis - CHIP-Installer.exe 2014-12-01 13:16 - 2014-12-01 13:16 - 00008285 _____ () C:\Users\Carmen\Downloads\hijackthis.log 2014-12-01 13:14 - 2014-12-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Carmen\Downloads\hijackthis.exe 2014-11-29 11:35 - 2014-11-29 11:36 - 00086266 _____ () C:\Users\Carmen\Documents\cc_20141129_113548.reg 2014-11-27 13:58 - 2014-11-27 13:59 - 05162080 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup500.exe 2014-11-25 11:12 - 2014-11-27 13:59 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-11-25 11:12 - 2014-11-27 13:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-25 11:12 - 2014-11-25 11:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-11-25 11:12 - 2014-11-25 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-11-25 11:11 - 2014-11-25 11:11 - 04974864 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup419.exe 2014-11-21 12:55 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141121-125534.backup 2014-11-21 11:05 - 2014-11-21 12:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-11-21 11:05 - 2014-11-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-11-21 11:05 - 2014-11-21 11:05 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-11-21 11:05 - 2014-11-21 11:05 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-11-21 11:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-11-21 11:01 - 2014-11-21 11:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carmen\Downloads\spybot-2.4.exe 2014-11-21 09:20 - 2014-11-21 09:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-11-21 09:19 - 2014-11-21 09:19 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-21 09:16 - 2014-11-21 09:16 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Avira 2014-11-21 09:15 - 2014-11-21 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-21 09:15 - 2014-11-21 09:15 - 00002090 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-11-21 09:14 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-11-21 09:14 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-11-21 09:14 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-21 09:13 - 2014-11-21 09:18 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-21 09:13 - 2014-11-21 09:17 - 00000000 ____D () C:\ProgramData\Avira 2014-11-21 08:38 - 2014-11-21 08:46 - 151804352 _____ () C:\Users\Carmen\Downloads\avira_free_antivirus_de.exe 2014-11-21 08:18 - 2014-11-21 08:18 - 00000197 _____ () C:\Windows\system32\2014-11-21-07-18-19.097-AvastVBoxSVC.exe-2480.log 2014-11-21 07:54 - 2014-12-03 20:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-21 07:53 - 2014-11-21 07:53 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-21 07:53 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 07:53 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 07:53 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-21 07:52 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-11-21 07:52 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-11-21 07:50 - 2014-11-21 07:50 - 01125200 _____ () C:\Users\Carmen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-11-21 07:45 - 2014-11-21 07:46 - 00000197 _____ () C:\Windows\system32\2014-11-21-06-45-50.087-AvastVBoxSVC.exe-2588.log 2014-11-21 07:08 - 2014-11-21 07:46 - 00000000 ____D () C:\AdwCleaner 2014-11-21 07:08 - 2014-11-21 07:08 - 02140160 _____ () C:\Users\Carmen\Downloads\adwcleaner_4.101.exe 2014-11-21 07:05 - 2014-11-21 07:05 - 00000000 ____D () C:\Users\Carmen\Old Firefox Data 2014-11-20 07:56 - 2014-11-20 07:56 - 00000197 _____ () C:\Windows\system32\2014-11-20-06-56-27.099-AvastVBoxSVC.exe-2592.log 2014-11-19 14:08 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 14:08 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 14:08 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 14:08 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 09:10 - 2014-11-19 09:23 - 00000000 ____D () C:\Users\Carmen\Desktop\Hagen 2014-11-15 22:48 - 2014-11-15 22:48 - 00000197 _____ () C:\Windows\system32\2014-11-15-21-48-57.000-AvastVBoxSVC.exe-2620.log 2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieUserList 2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieSiteList 2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieBrowserModeList 2014-11-15 20:04 - 2014-11-15 20:20 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-15 20:04 - 2014-11-15 20:07 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Google 2014-11-15 20:02 - 2014-11-15 20:01 - 00784840 _____ (Google Inc.) C:\Users\Carmen\Downloads\google-chrome.exe 2014-11-14 13:45 - 2014-11-25 08:44 - 00007605 _____ () C:\Users\Carmen\AppData\Local\Resmon.ResmonCfg 2014-11-14 13:42 - 2014-11-14 13:43 - 00000197 _____ () C:\Windows\system32\2014-11-14-12-42-59.089-AvastVBoxSVC.exe-2640.log 2014-11-14 13:20 - 2014-11-14 13:48 - 00000000 ____D () C:\Windows\softwaredistribution.bak2 2014-11-12 09:48 - 2014-11-13 06:23 - 00000000 ____D () C:\Windows\softwaredistribution.bak1 2014-11-12 09:05 - 2014-11-12 09:05 - 00000197 _____ () C:\Windows\system32\2014-11-12-08-05-42.045-AvastVBoxSVC.exe-3016.log 2014-11-12 04:08 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-12 04:08 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-12 04:08 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 04:08 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-12 04:08 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 04:07 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 04:07 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-12 04:07 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-12 04:07 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 04:07 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 04:07 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-12 04:07 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-12 04:07 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-12 04:07 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 04:07 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 04:07 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-12 04:07 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 04:07 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-12 04:06 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-12 04:06 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-12 04:06 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-12 04:06 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-12 04:06 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-12 04:06 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-12 04:06 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-12 04:06 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-12 04:06 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-12 04:06 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-12 04:06 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-12 04:06 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-12 04:06 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-12 04:06 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-12 04:06 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-12 04:06 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-12 04:06 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 04:06 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 04:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-12 04:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 04:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 04:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-12 04:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-12 04:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-12 04:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-12 04:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-12 04:05 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-12 04:05 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-12 04:05 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-12 04:05 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-12 04:05 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-12 04:05 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-12 04:05 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-12 04:04 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 04:04 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 04:02 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 04:01 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 04:01 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 04:01 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-11-12 04:01 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 04:01 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 04:01 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 04:01 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 04:01 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 04:01 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 04:00 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-12 04:00 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-12 04:00 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-12 04:00 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-12 04:00 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-12 04:00 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 04:00 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-12 04:00 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 04:00 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 04:00 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-11-12 04:00 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 04:00 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 04:00 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 04:00 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-12 04:00 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 04:00 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-12 04:00 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-12 04:00 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 04:00 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 04:00 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 04:00 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-12 04:00 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 04:00 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 04:00 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-12 04:00 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-12 04:00 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-12 04:00 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 04:00 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 04:00 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-12 04:00 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-11-12 04:00 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 04:00 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-12 04:00 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-11-12 04:00 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 04:00 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 04:00 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 04:00 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 04:00 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-12 04:00 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-12 04:00 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-12 04:00 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-12 04:00 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-12 04:00 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-12 04:00 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-12 04:00 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 04:00 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-12 04:00 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 04:00 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-11-12 04:00 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 04:00 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 04:00 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 04:00 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 04:00 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 04:00 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 04:00 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-12 04:00 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 04:00 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-12 04:00 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-12 04:00 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 04:00 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 04:00 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-12 04:00 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 04:00 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 04:00 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-12 04:00 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-12 04:00 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-12 04:00 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 04:00 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-12 04:00 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 04:00 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-11-12 04:00 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 04:00 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-12 04:00 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-11-12 04:00 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-11-12 04:00 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 04:00 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 04:00 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 04:00 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-12 04:00 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-12 04:00 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 03:58 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 03:58 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 03:58 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-11-12 03:58 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 03:58 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-11-12 03:58 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 03:58 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 03:58 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 03:58 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 03:58 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 03:58 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-12 03:58 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 03:58 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 03:58 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 03:58 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 03:58 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 03:58 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-12 03:58 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 03:58 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-12 03:58 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-12 03:58 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-12 03:58 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-12 03:58 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-12 03:58 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-12 03:58 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-12 03:58 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-12 03:58 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-12 03:58 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-12 03:58 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-12 03:58 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-12 03:58 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-12 03:58 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-12 03:58 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-12 03:58 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-12 03:58 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-12 03:58 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-12 03:58 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-12 03:58 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-12 03:58 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-12 03:58 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 03:58 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-12 03:58 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-12 03:58 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 03:58 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-12 03:58 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-12 03:58 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-11-11 06:38 - 2014-11-15 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-08 23:03 - 2014-11-08 23:03 - 00000197 _____ () C:\Windows\system32\2014-11-08-22-03-42.045-AvastVBoxSVC.exe-2488.log 2014-11-08 23:01 - 2014-11-25 11:13 - 00000000 ____D () C:\Windows\Minidump 2014-11-07 13:56 - 2014-11-07 13:56 - 00000247 _____ () C:\Windows\system32\2014-11-07-12-56-32.033-aswFe.exe-5364.log 2014-11-07 13:49 - 2014-11-07 13:56 - 00000247 _____ () C:\Windows\system32\2014-11-07-12-49-21.083-aswFe.exe-5532.log 2014-11-07 13:35 - 2014-11-07 13:35 - 00000197 _____ () C:\Windows\system32\2014-11-07-12-35-48.097-AvastVBoxSVC.exe-1712.log 2014-11-07 12:19 - 2014-11-07 13:35 - 00000247 _____ () C:\Windows\system32\2014-11-07-11-19-51.083-aswFe.exe-5812.log 2014-11-07 11:04 - 2014-11-07 12:19 - 00000247 _____ () C:\Windows\system32\2014-11-07-10-04-33.084-aswFe.exe-1476.log 2014-11-07 11:04 - 2014-11-07 11:04 - 00000197 _____ () C:\Windows\system32\2014-11-07-10-04-29.080-AvastVBoxSVC.exe-2492.log 2014-11-07 10:55 - 2014-11-07 10:55 - 00000000 ____D () C:\Windows\SysWOW64\vbox 2014-11-07 10:55 - 2014-11-07 10:55 - 00000000 ____D () C:\Windows\system32\vbox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-04 16:02 - 2014-10-07 09:30 - 00280131 _____ () C:\Users\Carmen\AppData\Local\BTServer.log 2014-12-04 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-04 12:37 - 2014-10-07 10:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-04 12:37 - 2014-10-07 09:39 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17783682-5FE5-4D6A-AFA8-39BA44C454C6} 2014-12-04 11:54 - 2014-10-07 09:24 - 01443559 _____ () C:\Windows\WindowsUpdate.log 2014-12-04 07:46 - 2013-10-07 06:32 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2014-12-04 07:46 - 2013-10-07 06:32 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2014-12-04 07:46 - 2013-10-07 06:11 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-04 07:41 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-04 07:40 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-12-02 10:12 - 2014-10-07 09:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3201879546-1506140658-4254453320-1001 2014-12-02 09:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-01 13:15 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\AppData\Local\VirtualStore 2014-11-26 10:35 - 2014-10-09 10:38 - 00000000 ____D () C:\Users\Carmen\Desktop\Carmen 2014-11-26 07:00 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-26 06:38 - 2014-10-07 10:39 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-25 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-25 11:13 - 2013-10-07 07:05 - 00000000 ____D () C:\Windows\Panther 2014-11-21 13:56 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen 2014-11-21 09:24 - 2014-10-08 05:39 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-11-21 09:19 - 2013-10-08 12:17 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-21 08:24 - 2014-10-07 10:37 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Adobe 2014-11-21 08:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help 2014-11-21 07:43 - 2014-10-10 11:00 - 00000000 ____D () C:\Users\Carmen\Desktop\Programme 2014-11-21 07:02 - 2014-10-07 15:10 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-21 07:02 - 2014-10-07 15:10 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-21 07:02 - 2014-10-07 09:30 - 00001458 _____ () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-21 07:02 - 2013-10-22 11:55 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk 2014-11-21 07:02 - 2013-10-22 11:55 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk 2014-11-20 21:51 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-20 21:51 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-15 07:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-11-12 14:38 - 2014-10-15 08:06 - 00000000 ____D () C:\Users\Carmen\Desktop\Jasmin 2014-11-12 09:03 - 2013-08-22 15:44 - 00368792 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-12 09:02 - 2014-10-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-12 07:51 - 2014-10-12 10:37 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 07:51 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-12 07:11 - 2014-10-13 12:57 - 00105984 ___SH () C:\Users\Carmen\Desktop\Thumbs.db 2014-11-12 07:09 - 2014-10-09 12:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 07:04 - 2013-10-07 07:12 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-07 11:36 - 2014-10-09 10:08 - 00000000 ____D () C:\Users\Carmen\Desktop\Schottlandtour Jul_Aug14 Some content of TEMP: ==================== C:\Users\Carmen\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-02 07:05 ==================== End Of Log ============================ --- --- --- Hier die Addition:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014 Ran by Carmen at 2014-12-04 16:08:01 Running from C:\Users\Carmen\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.) CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Outlook 2013 Packages (HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Outlook 2013 Packages) (Version: - ) <==== ATTENTION PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0092 - Pegatron Corporation) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-11-2014 06:07:56 Geplanter Prüfpunkt 21-11-2014 08:19:50 avast! antivirus system restore point 26-11-2014 05:59:39 Windows Update 04-12-2014 05:57:56 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {198AF2E5-7DB1-4230-9A28-6E62069DA172} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {3F82D7EA-B2DA-4C8A-AC14-40A169815E25} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-12] (Microsoft Corporation) Task: {66FBF1BD-D577-481A-BF78-5A14B0CEF6F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {7913A038-3BFE-4DE7-B433-E5DFF40D7999} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {B876D1E2-B100-4690-921E-5ACDD4336C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {C300D883-DE82-485F-98F9-F92EE4A44956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: {E203C98C-6294-4879-809F-2FF5AAB87394} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated) Task: {FF6B227B-3D3A-4BEB-A425-B5D3F8EDB02F} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-08 12:22 - 2013-06-27 09:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe 2013-10-08 12:17 - 2013-09-26 20:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 2013-10-07 08:29 - 2013-03-06 14:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2013-10-08 12:22 - 2013-09-11 11:41 - 02216960 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe 2013-10-08 12:22 - 2010-12-17 14:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe 2013-10-08 12:22 - 2012-10-23 18:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe 2013-08-08 16:53 - 2013-08-08 16:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll 2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-11-21 11:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-11-21 11:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-11-21 11:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-11-21 11:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-11-21 11:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2013-10-08 12:22 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll 2013-10-08 12:22 - 2009-12-18 15:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll 2013-10-07 08:28 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-11-11 06:38 - 2014-11-11 06:38 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3201879546-1506140658-4254453320-500 - Administrator - Disabled) Carmen (S-1-5-21-3201879546-1506140658-4254453320-1001 - Administrator - Enabled) => C:\Users\Carmen Gast (S-1-5-21-3201879546-1506140658-4254453320-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3201879546-1506140658-4254453320-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/04/2014 02:06:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/04/2014 00:04:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/04/2014 10:09:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/04/2014 08:11:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/04/2014 07:39:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HCS) Description: Das Paket „Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte. Error: (12/04/2014 06:27:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/03/2014 11:03:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/03/2014 08:01:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/03/2014 06:13:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/03/2014 04:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. System errors: ============= Error: (12/04/2014 07:40:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062 Error: (12/04/2014 06:57:48 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/04/2014 06:57:18 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/03/2014 06:56:18 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/03/2014 06:55:48 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/02/2014 07:55:20 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/02/2014 07:54:49 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/02/2014 07:40:45 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/02/2014 07:40:15 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/02/2014 07:06:22 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office Sessions: ========================= Error: (12/04/2014 02:06:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/04/2014 00:04:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/04/2014 10:09:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/04/2014 08:11:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/04/2014 07:39:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HCS) Description: Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App Error: (12/04/2014 06:27:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/03/2014 11:03:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/03/2014 08:01:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/03/2014 06:13:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/03/2014 04:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N2910 @ 1.60GHz Percentage of memory in use: 37% Total physical RAM: 3976.19 MB Available physical RAM: 2494.78 MB Total Pagefile: 8072.19 MB Available Pagefile: 6242.78 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:346.57 GB) NTFS Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014 Ran by Carmen at 2014-12-04 16:08:01 Running from C:\Users\Carmen\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.) CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Outlook 2013 Packages (HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Outlook 2013 Packages) (Version: - ) <==== ATTENTION PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0092 - Pegatron Corporation) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-11-2014 06:07:56 Geplanter Prüfpunkt 21-11-2014 08:19:50 avast! antivirus system restore point 26-11-2014 05:59:39 Windows Update 04-12-2014 05:57:56 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {198AF2E5-7DB1-4230-9A28-6E62069DA172} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {3F82D7EA-B2DA-4C8A-AC14-40A169815E25} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-12] (Microsoft Corporation) Task: {66FBF1BD-D577-481A-BF78-5A14B0CEF6F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {7913A038-3BFE-4DE7-B433-E5DFF40D7999} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {B876D1E2-B100-4690-921E-5ACDD4336C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {C300D883-DE82-485F-98F9-F92EE4A44956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: {E203C98C-6294-4879-809F-2FF5AAB87394} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated) Task: {FF6B227B-3D3A-4BEB-A425-B5D3F8EDB02F} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-08 12:22 - 2013-06-27 09:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe 2013-10-08 12:17 - 2013-09-26 20:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 2013-10-07 08:29 - 2013-03-06 14:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2013-10-08 12:22 - 2013-09-11 11:41 - 02216960 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe 2013-10-08 12:22 - 2010-12-17 14:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe 2013-10-08 12:22 - 2012-10-23 18:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe 2013-08-08 16:53 - 2013-08-08 16:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll 2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-11-21 11:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-11-21 11:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-11-21 11:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-11-21 11:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-11-21 11:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2013-10-08 12:22 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll 2013-10-08 12:22 - 2009-12-18 15:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll 2013-10-07 08:28 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-11-11 06:38 - 2014-11-11 06:38 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3201879546-1506140658-4254453320-500 - Administrator - Disabled) Carmen (S-1-5-21-3201879546-1506140658-4254453320-1001 - Administrator - Enabled) => C:\Users\Carmen Gast (S-1-5-21-3201879546-1506140658-4254453320-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3201879546-1506140658-4254453320-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/04/2014 02:06:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/04/2014 00:04:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/04/2014 10:09:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/04/2014 08:11:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/04/2014 07:39:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HCS) Description: Das Paket „Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte. Error: (12/04/2014 06:27:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/03/2014 11:03:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/03/2014 08:01:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/03/2014 06:13:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/03/2014 04:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. System errors: ============= Error: (12/04/2014 07:40:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062 Error: (12/04/2014 06:57:48 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/04/2014 06:57:18 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/03/2014 06:56:18 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/03/2014 06:55:48 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/02/2014 07:55:20 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/02/2014 07:54:49 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/02/2014 07:40:45 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/02/2014 07:40:15 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/02/2014 07:06:22 AM) (Source: DCOM) (EventID: 10010) (User: HCS) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office Sessions: ========================= Error: (12/04/2014 02:06:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/04/2014 00:04:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/04/2014 10:09:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/04/2014 08:11:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/04/2014 07:39:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HCS) Description: Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App Error: (12/04/2014 06:27:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/03/2014 11:03:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/03/2014 08:01:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/03/2014 06:13:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (12/03/2014 04:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N2910 @ 1.60GHz Percentage of memory in use: 37% Total physical RAM: 3976.19 MB Available physical RAM: 2494.78 MB Total Pagefile: 8072.19 MB Available Pagefile: 6242.78 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:346.57 GB) NTFS Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
05.12.2014, 15:48 | #4 |
/// the machine /// TB-Ausbilder | Adware.browsefox.aom Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.12.2014, 19:50 | #5 |
| Adware.browsefox.aom Zuerst die FRST: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2014 01 Ran by Carmen (administrator) on HCS on 10-12-2014 18:00:48 Running from C:\Users\Carmen\Downloads Loaded Profiles: Carmen & (Available profiles: Carmen) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe () C:\Program Files (x86)\PHotkey\Atouch64.exe () C:\Program Files (x86)\PHotkey\POsd.exe (TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Solitaire.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705 FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-maps.xml Chrome: ======= CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15] CHR Extension: (Google Docs) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15] CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15] CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15] CHR Extension: (Google Search) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15] CHR Extension: (Google Sheets) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15] CHR Extension: (Avast Online Security) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15] CHR Extension: (Google Wallet) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15] CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] () [File not signed] R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] () [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] () R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S1 {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64; system32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys [X] S1 {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64; system32\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys [X] S1 {94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64; system32\drivers\{94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64.sys [X] S1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; system32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 18:00 - 2014-12-10 18:00 - 00000000 ____D () C:\Users\Carmen\Downloads\FRST-OlderVersion 2014-12-10 17:57 - 2014-12-10 17:57 - 00001191 _____ () C:\Users\Carmen\Desktop\mbam.txt 2014-12-10 17:31 - 2014-12-10 17:31 - 00001288 _____ () C:\Users\Carmen\Desktop\Revo Uninstaller.lnk 2014-12-10 17:31 - 2014-12-10 17:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-10 17:30 - 2014-12-10 17:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Carmen\Downloads\revosetup95.exe 2014-12-10 16:26 - 2014-12-10 16:26 - 00026618 _____ () C:\Users\Carmen\Desktop\trojanerboard.odt 2014-12-10 14:45 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 14:45 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 08:37 - 2014-12-10 08:37 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 07:15 - 2014-12-10 07:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 07:05 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll 2014-12-10 07:05 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 07:05 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-12-10 07:05 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-12-10 06:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 06:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 06:50 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 06:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 06:50 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 06:50 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 06:50 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-12-10 06:50 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-10 06:50 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2014-12-10 06:50 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2014-12-10 06:50 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2014-12-10 06:50 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2014-12-10 06:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 06:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 06:49 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-10 06:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 06:49 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-10 06:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 06:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 06:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 06:49 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-10 06:49 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-10 06:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 06:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 06:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 06:49 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-12-10 06:49 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-10 06:49 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-10 06:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 06:49 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 06:49 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 06:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 06:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 06:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 06:49 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-10 06:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 06:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 06:49 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-12-10 06:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 06:49 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-10 06:49 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 06:49 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 06:49 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 06:49 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 06:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 06:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 06:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 06:49 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 06:49 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-06 08:18 - 2014-12-06 08:18 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Intel_Corporation 2014-12-04 17:04 - 2014-12-04 17:04 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-04 17:04 - 2014-12-04 17:04 - 00000000 _____ () C:\Windows\setupact.log 2014-12-04 16:08 - 2014-12-04 16:09 - 00019875 _____ () C:\Users\Carmen\Downloads\Addition.txt 2014-12-04 16:05 - 2014-12-10 18:00 - 00015889 _____ () C:\Users\Carmen\Downloads\FRST.txt 2014-12-04 16:05 - 2014-12-10 18:00 - 00000000 ____D () C:\FRST 2014-12-04 16:04 - 2014-12-10 18:00 - 02119680 _____ (Farbar) C:\Users\Carmen\Downloads\FRST64.exe 2014-12-04 07:41 - 2014-12-04 07:41 - 00000350 _____ () C:\Windows\PFRO.log 2014-12-03 17:04 - 2014-12-03 17:04 - 00008471 _____ () C:\Users\Carmen\Desktop\hijackthis.log 2014-12-03 16:54 - 2014-12-03 16:55 - 01174352 _____ () C:\Users\Carmen\Downloads\HijackThis - CHIP-Installer.exe 2014-12-01 13:16 - 2014-12-01 13:16 - 00008285 _____ () C:\Users\Carmen\Downloads\hijackthis.log 2014-12-01 13:14 - 2014-12-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Carmen\Downloads\hijackthis.exe 2014-11-29 11:35 - 2014-11-29 11:36 - 00086266 _____ () C:\Users\Carmen\Documents\cc_20141129_113548.reg 2014-11-27 13:58 - 2014-11-27 13:59 - 05162080 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup500.exe 2014-11-25 11:12 - 2014-11-27 13:59 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-11-25 11:12 - 2014-11-27 13:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-25 11:12 - 2014-11-25 11:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-11-25 11:12 - 2014-11-25 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-11-25 11:11 - 2014-11-25 11:11 - 04974864 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup419.exe 2014-11-21 12:55 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141121-125534.backup 2014-11-21 11:05 - 2014-11-21 12:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-11-21 11:05 - 2014-11-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-11-21 11:05 - 2014-11-21 11:05 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-11-21 11:05 - 2014-11-21 11:05 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-11-21 11:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-11-21 11:01 - 2014-11-21 11:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carmen\Downloads\spybot-2.4.exe 2014-11-21 09:20 - 2014-11-21 09:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-11-21 09:19 - 2014-11-21 09:19 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-21 09:16 - 2014-11-21 09:16 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Avira 2014-11-21 09:15 - 2014-11-21 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-21 09:15 - 2014-11-21 09:15 - 00002090 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-11-21 09:14 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-11-21 09:14 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-11-21 09:14 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-21 09:13 - 2014-11-21 09:18 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-21 09:13 - 2014-11-21 09:17 - 00000000 ____D () C:\ProgramData\Avira 2014-11-21 08:38 - 2014-11-21 08:46 - 151804352 _____ () C:\Users\Carmen\Downloads\avira_free_antivirus_de.exe 2014-11-21 08:18 - 2014-11-21 08:18 - 00000197 _____ () C:\Windows\system32\2014-11-21-07-18-19.097-AvastVBoxSVC.exe-2480.log 2014-11-21 07:54 - 2014-12-10 17:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-21 07:53 - 2014-11-21 07:53 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-21 07:53 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 07:53 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 07:53 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-21 07:52 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-11-21 07:52 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-11-21 07:50 - 2014-11-21 07:50 - 01125200 _____ () C:\Users\Carmen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-11-21 07:45 - 2014-11-21 07:46 - 00000197 _____ () C:\Windows\system32\2014-11-21-06-45-50.087-AvastVBoxSVC.exe-2588.log 2014-11-21 07:08 - 2014-11-21 07:46 - 00000000 ____D () C:\AdwCleaner 2014-11-21 07:08 - 2014-11-21 07:08 - 02140160 _____ () C:\Users\Carmen\Downloads\adwcleaner_4.101.exe 2014-11-21 07:05 - 2014-11-21 07:05 - 00000000 ____D () C:\Users\Carmen\Old Firefox Data 2014-11-20 07:56 - 2014-11-20 07:56 - 00000197 _____ () C:\Windows\system32\2014-11-20-06-56-27.099-AvastVBoxSVC.exe-2592.log 2014-11-19 14:08 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 14:08 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 14:08 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 14:08 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 09:10 - 2014-11-19 09:23 - 00000000 ____D () C:\Users\Carmen\Desktop\Hagen 2014-11-15 22:48 - 2014-11-15 22:48 - 00000197 _____ () C:\Windows\system32\2014-11-15-21-48-57.000-AvastVBoxSVC.exe-2620.log 2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieUserList 2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieSiteList 2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieBrowserModeList 2014-11-15 20:04 - 2014-11-15 20:20 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-15 20:04 - 2014-11-15 20:07 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Google 2014-11-15 20:02 - 2014-11-15 20:01 - 00784840 _____ (Google Inc.) C:\Users\Carmen\Downloads\google-chrome.exe 2014-11-14 13:45 - 2014-11-25 08:44 - 00007605 _____ () C:\Users\Carmen\AppData\Local\Resmon.ResmonCfg 2014-11-14 13:42 - 2014-11-14 13:43 - 00000197 _____ () C:\Windows\system32\2014-11-14-12-42-59.089-AvastVBoxSVC.exe-2640.log 2014-11-14 13:20 - 2014-11-14 13:48 - 00000000 ____D () C:\Windows\softwaredistribution.bak2 2014-11-12 09:48 - 2014-11-13 06:23 - 00000000 ____D () C:\Windows\softwaredistribution.bak1 2014-11-12 09:05 - 2014-11-12 09:05 - 00000197 _____ () C:\Windows\system32\2014-11-12-08-05-42.045-AvastVBoxSVC.exe-3016.log 2014-11-12 04:08 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-12 04:08 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-12 04:08 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 04:08 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-12 04:08 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 04:07 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 04:07 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-12 04:07 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-12 04:07 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 04:07 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 04:07 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-12 04:07 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-12 04:07 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-12 04:07 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 04:07 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 04:07 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-12 04:07 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 04:07 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-12 04:06 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-12 04:06 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-12 04:06 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-12 04:06 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-12 04:06 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-12 04:06 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-12 04:06 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-12 04:06 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-12 04:06 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-12 04:06 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-12 04:06 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-12 04:06 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-12 04:06 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-12 04:06 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-12 04:06 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-12 04:06 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-12 04:06 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 04:06 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 04:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-12 04:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 04:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 04:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-12 04:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-12 04:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-12 04:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-12 04:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-12 04:05 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-12 04:05 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-12 04:05 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-12 04:05 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-12 04:05 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-12 04:05 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-12 04:05 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-12 04:00 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-12 04:00 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-12 04:00 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-12 04:00 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-12 04:00 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-12 04:00 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-12 04:00 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 04:00 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 04:00 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 04:00 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 04:00 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-12 04:00 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 04:00 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-12 04:00 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 04:00 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 04:00 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 04:00 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-12 04:00 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 04:00 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 04:00 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-12 04:00 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-12 04:00 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-12 04:00 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 04:00 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-12 04:00 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-12 04:00 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-12 04:00 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-12 04:00 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-12 04:00 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-12 04:00 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-12 04:00 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-12 04:00 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-12 04:00 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-12 04:00 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 04:00 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 04:00 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 04:00 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 04:00 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-12 04:00 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 04:00 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-12 04:00 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 04:00 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 04:00 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-12 04:00 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 04:00 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 04:00 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-12 04:00 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-12 04:00 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-12 04:00 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 04:00 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-12 04:00 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-12 04:00 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-12 04:00 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-12 03:58 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 03:58 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 03:58 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 03:58 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 03:58 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 03:58 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-12 03:58 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 03:58 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 03:58 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 03:58 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 03:58 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 03:58 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-12 03:58 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 03:58 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-12 03:58 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-12 03:58 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-12 03:58 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-12 03:58 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-12 03:58 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-12 03:58 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-12 03:58 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-12 03:58 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-12 03:58 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-12 03:58 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-12 03:58 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-12 03:58 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-12 03:58 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-12 03:58 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-12 03:58 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-12 03:58 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-12 03:58 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-12 03:58 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-12 03:58 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-12 03:58 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-12 03:58 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 03:58 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-12 03:58 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-12 03:58 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 03:58 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-12 03:58 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-12 03:58 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-10 17:37 - 2014-10-07 10:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-10 17:36 - 2014-10-07 09:35 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3201879546-1506140658-4254453320-1001 2014-12-10 17:31 - 2014-10-13 12:57 - 00189952 ___SH () C:\Users\Carmen\Desktop\Thumbs.db 2014-12-10 16:51 - 2014-10-07 09:24 - 01091861 _____ () C:\Windows\WindowsUpdate.log 2014-12-10 14:50 - 2014-10-07 09:39 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17783682-5FE5-4D6A-AFA8-39BA44C454C6} 2014-12-10 14:50 - 2013-10-07 06:32 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2014-12-10 14:50 - 2013-10-07 06:32 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2014-12-10 14:50 - 2013-10-07 06:11 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-10 14:45 - 2014-10-07 09:30 - 00299618 _____ () C:\Users\Carmen\AppData\Local\BTServer.log 2014-12-10 14:43 - 2014-10-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-10 14:43 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-10 08:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-12-10 08:37 - 2014-10-12 10:37 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-10 07:24 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-10 07:21 - 2014-10-09 12:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 07:15 - 2013-10-07 07:12 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 06:37 - 2014-10-07 10:39 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 06:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-04 19:55 - 2014-10-09 10:38 - 00000000 ____D () C:\Users\Carmen\Desktop\Carmen 2014-12-04 17:14 - 2014-10-15 08:06 - 00000000 ____D () C:\Users\Carmen\Desktop\Jasmin 2014-12-04 17:08 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\Documents\My Bluetooth 2014-12-01 13:15 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\AppData\Local\VirtualStore 2014-11-25 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-25 11:13 - 2014-11-08 23:01 - 00000000 ____D () C:\Windows\Minidump 2014-11-25 11:13 - 2013-10-07 07:05 - 00000000 ____D () C:\Windows\Panther 2014-11-21 13:56 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen 2014-11-21 09:24 - 2014-10-08 05:39 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-11-21 09:19 - 2013-10-08 12:17 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-21 08:24 - 2014-10-07 10:37 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Adobe 2014-11-21 08:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help 2014-11-21 07:43 - 2014-10-10 11:00 - 00000000 ____D () C:\Users\Carmen\Desktop\Programme 2014-11-21 07:02 - 2014-10-07 15:10 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-21 07:02 - 2014-10-07 15:10 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-21 07:02 - 2014-10-07 09:30 - 00001458 _____ () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-21 07:02 - 2013-10-22 11:55 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk 2014-11-21 07:02 - 2013-10-22 11:55 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk 2014-11-15 07:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-11-12 09:03 - 2013-08-22 15:44 - 00368792 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-12 07:51 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender Some content of TEMP: ==================== C:\Users\Carmen\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-02 07:05 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Hier die mbam datei: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.12.2014 Suchlauf-Zeit: 17:36:10 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.12.03.10 Rootkit Datenbank: v2014.12.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Carmen Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319200 Verstrichene Zeit: 20 Min, 32 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) und adw-cleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 10/12/2014 um 18:16:38 # Aktualisiert 08/12/2014 von Xplode # Database : 2014-12-08.2 [Live] # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Carmen - HCS # Gestartet von : C:\Users\Carmen\Downloads\AdwCleaner_4.105.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64 [#] Dienst Gelöscht : {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64 Dienst Gelöscht : {94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64 [#] Dienst Gelöscht : {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64 ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v34.0.5 (x86 en-US) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [5745 octets] - [21/11/2014 07:09:18] AdwCleaner[R1].txt - [5805 octets] - [21/11/2014 07:37:18] AdwCleaner[R2].txt - [1386 octets] - [10/12/2014 18:12:52] AdwCleaner[S0].txt - [5585 octets] - [21/11/2014 07:43:45] AdwCleaner[S1].txt - [1269 octets] - [10/12/2014 18:16:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1329 octets] ########## Hier JRTJRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 8.1 x64 Ran by Carmen on 10.12.2014 at 18:49:09,47 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Carmen\AppData\Roaming\mozilla\firefox\profiles\ukmenv6b.default-1416549949705\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10.12.2014 at 18:54:17,51 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Neuer FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2014 01 Ran by Carmen (administrator) on HCS on 10-12-2014 19:04:16 Running from C:\Users\Carmen\Downloads Loaded Profile: Carmen (Available profiles: Carmen) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe () C:\Program Files (x86)\PHotkey\Atouch64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe () C:\Program Files (x86)\PHotkey\POsd.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = msn StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705 FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-maps.xml Chrome: ======= CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15] CHR Extension: (Google Docs) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15] CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15] CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15] CHR Extension: (Google Search) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15] CHR Extension: (Google Sheets) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15] CHR Extension: (Avast Online Security) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15] CHR Extension: (Google Wallet) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15] CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] () [File not signed] R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] () [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] () R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 18:54 - 2014-12-10 18:54 - 00000761 _____ () C:\Users\Carmen\Desktop\JRT.txt 2014-12-10 18:49 - 2014-12-10 18:49 - 00000000 ____D () C:\Windows\ERUNT 2014-12-10 18:48 - 2014-12-10 18:48 - 01707646 _____ (Thisisu) C:\Users\Carmen\Downloads\JRT.exe 2014-12-10 18:11 - 2014-12-10 18:11 - 02166272 _____ () C:\Users\Carmen\Downloads\AdwCleaner_4.105.exe 2014-12-10 18:00 - 2014-12-10 18:00 - 00000000 ____D () C:\Users\Carmen\Downloads\FRST-OlderVersion 2014-12-10 17:57 - 2014-12-10 17:57 - 00001191 _____ () C:\Users\Carmen\Desktop\mbam.txt 2014-12-10 17:31 - 2014-12-10 17:31 - 00001288 _____ () C:\Users\Carmen\Desktop\Revo Uninstaller.lnk 2014-12-10 17:31 - 2014-12-10 17:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-10 17:30 - 2014-12-10 17:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Carmen\Downloads\revosetup95.exe 2014-12-10 16:26 - 2014-12-10 16:26 - 00026618 _____ () C:\Users\Carmen\Desktop\trojanerboard.odt 2014-12-10 14:45 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 14:45 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 08:37 - 2014-12-10 08:37 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 07:15 - 2014-12-10 07:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 07:05 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll 2014-12-10 07:05 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 07:05 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-12-10 07:05 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-12-10 06:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 06:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 06:50 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 06:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 06:50 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 06:50 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 06:50 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-12-10 06:50 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-10 06:50 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2014-12-10 06:50 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2014-12-10 06:50 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2014-12-10 06:50 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2014-12-10 06:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 06:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 06:49 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-10 06:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 06:49 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-10 06:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 06:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 06:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 06:49 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-10 06:49 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-10 06:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 06:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 06:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 06:49 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-12-10 06:49 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-10 06:49 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-10 06:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 06:49 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 06:49 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 06:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 06:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 06:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 06:49 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-10 06:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 06:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 06:49 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-12-10 06:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 06:49 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-10 06:49 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 06:49 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 06:49 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 06:49 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 06:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 06:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 06:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 06:49 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 06:49 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-06 08:18 - 2014-12-06 08:18 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Intel_Corporation 2014-12-04 17:04 - 2014-12-04 17:04 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-04 17:04 - 2014-12-04 17:04 - 00000000 _____ () C:\Windows\setupact.log 2014-12-04 16:08 - 2014-12-04 16:09 - 00019875 _____ () C:\Users\Carmen\Downloads\Addition.txt 2014-12-04 16:05 - 2014-12-10 19:04 - 00014338 _____ () C:\Users\Carmen\Downloads\FRST.txt 2014-12-04 16:05 - 2014-12-10 19:04 - 00000000 ____D () C:\FRST 2014-12-04 16:04 - 2014-12-10 18:00 - 02119680 _____ (Farbar) C:\Users\Carmen\Downloads\FRST64.exe 2014-12-04 07:41 - 2014-12-10 18:17 - 00000668 _____ () C:\Windows\PFRO.log 2014-12-03 17:04 - 2014-12-03 17:04 - 00008471 _____ () C:\Users\Carmen\Desktop\hijackthis.log 2014-12-03 16:54 - 2014-12-03 16:55 - 01174352 _____ () C:\Users\Carmen\Downloads\HijackThis - CHIP-Installer.exe 2014-12-01 13:16 - 2014-12-01 13:16 - 00008285 _____ () C:\Users\Carmen\Downloads\hijackthis.log 2014-12-01 13:14 - 2014-12-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Carmen\Downloads\hijackthis.exe 2014-11-29 11:35 - 2014-11-29 11:36 - 00086266 _____ () C:\Users\Carmen\Documents\cc_20141129_113548.reg 2014-11-27 13:58 - 2014-11-27 13:59 - 05162080 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup500.exe 2014-11-25 11:12 - 2014-11-27 13:59 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-11-25 11:12 - 2014-11-27 13:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-25 11:12 - 2014-11-25 11:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-11-25 11:12 - 2014-11-25 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-11-25 11:11 - 2014-11-25 11:11 - 04974864 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup419.exe 2014-11-21 12:55 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141121-125534.backup 2014-11-21 11:05 - 2014-11-21 12:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-11-21 11:05 - 2014-11-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-11-21 11:05 - 2014-11-21 11:05 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-11-21 11:05 - 2014-11-21 11:05 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-11-21 11:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-11-21 11:01 - 2014-11-21 11:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carmen\Downloads\spybot-2.4.exe 2014-11-21 09:20 - 2014-11-21 09:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-11-21 09:19 - 2014-11-21 09:19 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-21 09:16 - 2014-11-21 09:16 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Avira 2014-11-21 09:15 - 2014-11-21 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-21 09:15 - 2014-11-21 09:15 - 00002090 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-11-21 09:14 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-11-21 09:14 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-11-21 09:14 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-21 09:13 - 2014-11-21 09:18 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-21 09:13 - 2014-11-21 09:17 - 00000000 ____D () C:\ProgramData\Avira 2014-11-21 08:38 - 2014-11-21 08:46 - 151804352 _____ () C:\Users\Carmen\Downloads\avira_free_antivirus_de.exe 2014-11-21 08:18 - 2014-11-21 08:18 - 00000197 _____ () C:\Windows\system32\2014-11-21-07-18-19.097-AvastVBoxSVC.exe-2480.log 2014-11-21 07:54 - 2014-12-10 17:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-21 07:53 - 2014-11-21 07:53 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-21 07:53 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 07:53 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 07:53 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-21 07:52 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-11-21 07:52 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-11-21 07:50 - 2014-11-21 07:50 - 01125200 _____ () C:\Users\Carmen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-11-21 07:45 - 2014-11-21 07:46 - 00000197 _____ () C:\Windows\system32\2014-11-21-06-45-50.087-AvastVBoxSVC.exe-2588.log 2014-11-21 07:08 - 2014-12-10 18:18 - 00000000 ____D () C:\AdwCleaner 2014-11-21 07:08 - 2014-11-21 07:08 - 02140160 _____ () C:\Users\Carmen\Downloads\adwcleaner_4.101.exe 2014-11-21 07:05 - 2014-11-21 07:05 - 00000000 ____D () C:\Users\Carmen\Old Firefox Data 2014-11-20 07:56 - 2014-11-20 07:56 - 00000197 _____ () C:\Windows\system32\2014-11-20-06-56-27.099-AvastVBoxSVC.exe-2592.log 2014-11-19 14:08 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 14:08 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 14:08 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 14:08 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 09:10 - 2014-11-19 09:23 - 00000000 ____D () C:\Users\Carmen\Desktop\Hagen 2014-11-15 22:48 - 2014-11-15 22:48 - 00000197 _____ () C:\Windows\system32\2014-11-15-21-48-57.000-AvastVBoxSVC.exe-2620.log 2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieUserList 2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieSiteList 2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieBrowserModeList 2014-11-15 20:04 - 2014-11-15 20:20 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-15 20:04 - 2014-11-15 20:07 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Google 2014-11-15 20:02 - 2014-11-15 20:01 - 00784840 _____ (Google Inc.) C:\Users\Carmen\Downloads\google-chrome.exe 2014-11-14 13:45 - 2014-11-25 08:44 - 00007605 _____ () C:\Users\Carmen\AppData\Local\Resmon.ResmonCfg 2014-11-14 13:42 - 2014-11-14 13:43 - 00000197 _____ () C:\Windows\system32\2014-11-14-12-42-59.089-AvastVBoxSVC.exe-2640.log 2014-11-14 13:20 - 2014-11-14 13:48 - 00000000 ____D () C:\Windows\softwaredistribution.bak2 2014-11-12 09:48 - 2014-11-13 06:23 - 00000000 ____D () C:\Windows\softwaredistribution.bak1 2014-11-12 09:05 - 2014-11-12 09:05 - 00000197 _____ () C:\Windows\system32\2014-11-12-08-05-42.045-AvastVBoxSVC.exe-3016.log 2014-11-12 04:08 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-12 04:08 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-12 04:08 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 04:08 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-12 04:08 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 04:07 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 04:07 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-12 04:07 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-12 04:07 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 04:07 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 04:07 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-12 04:07 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-12 04:07 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-12 04:07 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 04:07 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 04:07 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-12 04:07 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 04:07 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-12 04:06 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-12 04:06 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-12 04:06 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-12 04:06 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-12 04:06 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-12 04:06 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-12 04:06 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-12 04:06 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-12 04:06 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-12 04:06 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-12 04:06 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-12 04:06 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-12 04:06 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-12 04:06 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-12 04:06 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-12 04:06 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-12 04:06 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 04:06 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 04:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-12 04:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 04:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 04:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-12 04:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-12 04:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-12 04:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-12 04:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-12 04:05 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-12 04:05 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-12 04:05 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-12 04:05 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-12 04:05 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-12 04:05 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-12 04:05 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-12 04:00 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-12 04:00 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-12 04:00 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-12 04:00 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-12 04:00 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-12 04:00 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-12 04:00 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 04:00 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 04:00 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 04:00 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 04:00 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-12 04:00 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 04:00 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-12 04:00 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 04:00 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 04:00 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 04:00 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-12 04:00 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 04:00 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 04:00 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-12 04:00 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-12 04:00 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-12 04:00 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 04:00 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-12 04:00 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-12 04:00 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-12 04:00 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-12 04:00 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-12 04:00 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-12 04:00 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-12 04:00 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-12 04:00 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-12 04:00 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-12 04:00 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 04:00 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 04:00 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 04:00 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 04:00 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-12 04:00 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 04:00 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-12 04:00 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 04:00 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 04:00 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-12 04:00 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 04:00 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 04:00 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-12 04:00 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-12 04:00 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-12 04:00 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 04:00 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-12 04:00 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-12 04:00 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-12 04:00 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-12 03:58 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 03:58 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 03:58 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 03:58 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 03:58 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 03:58 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-12 03:58 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 03:58 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 03:58 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 03:58 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 03:58 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 03:58 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-12 03:58 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 03:58 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-12 03:58 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-12 03:58 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-12 03:58 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-12 03:58 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-12 03:58 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-12 03:58 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-12 03:58 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-12 03:58 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-12 03:58 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-12 03:58 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-12 03:58 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-12 03:58 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-12 03:58 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-12 03:58 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-12 03:58 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-12 03:58 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-12 03:58 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-12 03:58 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-12 03:58 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-12 03:58 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-12 03:58 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 03:58 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-12 03:58 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-12 03:58 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 03:58 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-12 03:58 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-12 03:58 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-10 18:51 - 2014-10-07 09:30 - 00302478 _____ () C:\Users\Carmen\AppData\Local\BTServer.log 2014-12-10 18:37 - 2014-10-07 10:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-10 18:29 - 2014-10-07 09:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3201879546-1506140658-4254453320-1001 2014-12-10 18:29 - 2014-10-07 09:24 - 01125761 _____ () C:\Windows\WindowsUpdate.log 2014-12-10 18:25 - 2013-10-07 06:32 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2014-12-10 18:25 - 2013-10-07 06:32 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2014-12-10 18:25 - 2013-10-07 06:11 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-10 18:17 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-10 17:31 - 2014-10-13 12:57 - 00189952 ___SH () C:\Users\Carmen\Desktop\Thumbs.db 2014-12-10 14:50 - 2014-10-07 09:39 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17783682-5FE5-4D6A-AFA8-39BA44C454C6} 2014-12-10 14:43 - 2014-10-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-10 08:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-12-10 08:37 - 2014-10-12 10:37 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-10 07:24 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-10 07:21 - 2014-10-09 12:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 07:15 - 2013-10-07 07:12 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 06:37 - 2014-10-07 10:39 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 06:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-04 19:55 - 2014-10-09 10:38 - 00000000 ____D () C:\Users\Carmen\Desktop\Carmen 2014-12-04 17:14 - 2014-10-15 08:06 - 00000000 ____D () C:\Users\Carmen\Desktop\Jasmin 2014-12-04 17:08 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\Documents\My Bluetooth 2014-12-01 13:15 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\AppData\Local\VirtualStore 2014-11-25 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-25 11:13 - 2014-11-08 23:01 - 00000000 ____D () C:\Windows\Minidump 2014-11-25 11:13 - 2013-10-07 07:05 - 00000000 ____D () C:\Windows\Panther 2014-11-21 13:56 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen 2014-11-21 09:24 - 2014-10-08 05:39 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-11-21 09:19 - 2013-10-08 12:17 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-21 08:24 - 2014-10-07 10:37 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Adobe 2014-11-21 08:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help 2014-11-21 07:43 - 2014-10-10 11:00 - 00000000 ____D () C:\Users\Carmen\Desktop\Programme 2014-11-21 07:02 - 2014-10-07 15:10 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-21 07:02 - 2014-10-07 15:10 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-21 07:02 - 2014-10-07 09:30 - 00001458 _____ () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-21 07:02 - 2013-10-22 11:55 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk 2014-11-21 07:02 - 2013-10-22 11:55 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk 2014-11-15 07:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-11-12 09:03 - 2013-08-22 15:44 - 00368792 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-12 07:51 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender Some content of TEMP: ==================== C:\Users\Carmen\AppData\Local\Temp\avgnt.exe C:\Users\Carmen\AppData\Local\Temp\Quarantine.exe C:\Users\Carmen\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-02 07:05 ==================== End Of Log ============================ --- --- --- |
11.12.2014, 19:55 | #6 |
/// the machine /// TB-Ausbilder | Adware.browsefox.aomESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Adware.browsefox.aom |
13.12.2014, 16:44 | #7 |
| Adware.browsefox.aom Hallo Schrauber, zunchst erst mal herzlichen Dank für Deine Mühen, habs letzt vor lauter scannen , posten etc vergessen. Der ESET hat nichts gefunden. Leider ich den Logfile auch nicht mehr. Der Security Check: Results of screen317's Security Check version 0.99.91 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 2.0.3.1025 Adobe Flash Player 16.0.0.235 Mozilla Firefox (34.0.5) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST mach ich gleich noch. Gruß, Casy66 FRST Logfile: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014 Ran by Carmen (administrator) on HCS on 13-12-2014 16:17:39 Running from C:\Users\Carmen\Downloads Loaded Profile: Carmen (Available profiles: Carmen) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe () C:\Program Files (x86)\PHotkey\Atouch64.exe () C:\Program Files (x86)\PHotkey\POsd.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dropbox, Inc.) C:\Users\Carmen\AppData\Roaming\Dropbox\bin\Dropbox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe Und Fragen hab ich tatsächlich noch: Simmer jetzt durch? Außerdem habe ich mir überlegt jetzt doch mal in ein Virenschutzpaket zu investieren und mich nicht mehr auf kostenlosen Schutz zu verlassen. Was wäre Deine Empfehlung? Gruß, Casy66 |
14.12.2014, 11:31 | #8 |
/// the machine /// TB-Ausbilder | Adware.browsefox.aom Ich empfehle immer Emsisoft POste bitte das FRST log nochmal, das hier ist unvollständig und nicht in Codetags
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.12.2014, 12:49 | #9 |
| Adware.browsefox.aom Hallo Schrauber, ich hoffe, das FRST ist jetzt vollständig, habe ein frisches gestartet: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014 Ran by Carmen (administrator) on HCS on 16-12-2014 12:13:46 Running from C:\Users\Carmen\Downloads Loaded Profile: Carmen (Available profiles: Carmen) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\PHotkey\Atouch64.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe () C:\Program Files (x86)\PHotkey\POsd.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dropbox, Inc.) C:\Users\Carmen\AppData\Roaming\Dropbox\bin\Dropbox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Solitaire.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Carmen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705 FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-maps.xml Chrome: ======= CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15] CHR Extension: (Google Docs) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15] CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15] CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15] CHR Extension: (Google Search) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15] CHR Extension: (Google Sheets) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15] CHR Extension: (Avast Online Security) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15] CHR Extension: (Google Wallet) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15] CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] () [File not signed] R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] () [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] () R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 06:31 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2014-12-16 06:31 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-12-13 18:32 - 2014-12-13 18:32 - 00000099 ____H () C:\Users\Carmen\Desktop\.~lock.trojanerboard.odt# 2014-12-13 16:05 - 2014-12-13 16:05 - 00852490 _____ () C:\Users\Carmen\Downloads\SecurityCheck.exe 2014-12-13 11:19 - 2014-12-13 11:19 - 02347384 _____ (ESET) C:\Users\Carmen\Downloads\esetsmartinstaller_deu.exe 2014-12-10 19:40 - 2014-12-16 10:20 - 00000000 ___RD () C:\Users\Carmen\Dropbox 2014-12-10 19:40 - 2014-12-10 19:40 - 00001177 _____ () C:\Users\Carmen\Desktop\Dropbox.lnk 2014-12-10 19:32 - 2014-12-10 19:32 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-10 19:29 - 2014-12-16 10:20 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Dropbox 2014-12-10 19:29 - 2014-12-10 19:29 - 00324224 _____ (Dropbox, Inc.) C:\Users\Carmen\Downloads\DropboxInstaller.exe 2014-12-10 18:54 - 2014-12-10 18:54 - 00000761 _____ () C:\Users\Carmen\Desktop\JRT.txt 2014-12-10 18:49 - 2014-12-10 18:49 - 00000000 ____D () C:\Windows\ERUNT 2014-12-10 18:48 - 2014-12-10 18:48 - 01707646 _____ (Thisisu) C:\Users\Carmen\Downloads\JRT.exe 2014-12-10 18:11 - 2014-12-10 18:11 - 02166272 _____ () C:\Users\Carmen\Downloads\AdwCleaner_4.105.exe 2014-12-10 18:00 - 2014-12-13 16:17 - 00000000 ____D () C:\Users\Carmen\Downloads\FRST-OlderVersion 2014-12-10 17:57 - 2014-12-10 17:57 - 00001191 _____ () C:\Users\Carmen\Desktop\mbam.txt 2014-12-10 17:31 - 2014-12-10 17:31 - 00001288 _____ () C:\Users\Carmen\Desktop\Revo Uninstaller.lnk 2014-12-10 17:31 - 2014-12-10 17:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-10 17:30 - 2014-12-10 17:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Carmen\Downloads\revosetup95.exe 2014-12-10 16:26 - 2014-12-10 16:26 - 00026618 _____ () C:\Users\Carmen\Desktop\trojanerboard.odt 2014-12-10 14:45 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 14:45 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 08:37 - 2014-12-10 08:37 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 07:15 - 2014-12-10 07:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 07:05 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll 2014-12-10 07:05 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 07:05 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-12-10 07:05 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-12-10 06:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 06:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 06:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 06:50 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 06:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 06:50 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 06:50 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 06:50 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-12-10 06:50 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-10 06:50 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2014-12-10 06:50 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2014-12-10 06:50 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2014-12-10 06:50 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2014-12-10 06:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 06:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 06:49 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-10 06:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 06:49 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-10 06:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 06:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 06:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 06:49 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-10 06:49 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-10 06:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 06:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 06:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 06:49 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-12-10 06:49 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-10 06:49 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-10 06:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 06:49 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 06:49 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 06:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 06:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 06:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 06:49 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-10 06:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 06:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 06:49 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-12-10 06:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 06:49 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-10 06:49 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 06:49 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 06:49 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 06:49 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 06:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 06:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 06:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 06:49 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 06:49 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-06 08:18 - 2014-12-06 08:18 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Intel_Corporation 2014-12-04 16:08 - 2014-12-04 16:09 - 00019875 _____ () C:\Users\Carmen\Downloads\Addition.txt 2014-12-04 16:05 - 2014-12-16 12:13 - 00014935 _____ () C:\Users\Carmen\Downloads\FRST.txt 2014-12-04 16:05 - 2014-12-16 12:13 - 00000000 ____D () C:\FRST 2014-12-04 16:04 - 2014-12-13 16:17 - 02119168 _____ (Farbar) C:\Users\Carmen\Downloads\FRST64.exe 2014-12-03 17:04 - 2014-12-03 17:04 - 00008471 _____ () C:\Users\Carmen\Desktop\hijackthis.log 2014-12-03 16:54 - 2014-12-03 16:55 - 01174352 _____ () C:\Users\Carmen\Downloads\HijackThis - CHIP-Installer.exe 2014-12-01 13:16 - 2014-12-01 13:16 - 00008285 _____ () C:\Users\Carmen\Downloads\hijackthis.log 2014-12-01 13:14 - 2014-12-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Carmen\Downloads\hijackthis.exe 2014-11-29 11:35 - 2014-11-29 11:36 - 00086266 _____ () C:\Users\Carmen\Documents\cc_20141129_113548.reg 2014-11-27 13:58 - 2014-11-27 13:59 - 05162080 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup500.exe 2014-11-25 11:12 - 2014-11-27 13:59 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-11-25 11:12 - 2014-11-27 13:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-25 11:12 - 2014-11-25 11:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-11-25 11:12 - 2014-11-25 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-11-25 11:11 - 2014-11-25 11:11 - 04974864 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup419.exe 2014-11-21 12:55 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141121-125534.backup 2014-11-21 11:05 - 2014-11-21 12:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-11-21 11:05 - 2014-11-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-11-21 11:05 - 2014-11-21 11:05 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-11-21 11:05 - 2014-11-21 11:05 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-11-21 11:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-11-21 11:01 - 2014-11-21 11:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carmen\Downloads\spybot-2.4.exe 2014-11-21 09:20 - 2014-11-21 09:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-11-21 09:19 - 2014-11-21 09:19 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-21 09:16 - 2014-11-21 09:16 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Avira 2014-11-21 09:15 - 2014-11-21 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-21 09:15 - 2014-11-21 09:15 - 00002090 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-11-21 09:14 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-11-21 09:14 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-11-21 09:14 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-21 09:13 - 2014-11-21 09:18 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-21 09:13 - 2014-11-21 09:17 - 00000000 ____D () C:\ProgramData\Avira 2014-11-21 08:38 - 2014-11-21 08:46 - 151804352 _____ () C:\Users\Carmen\Downloads\avira_free_antivirus_de.exe 2014-11-21 08:18 - 2014-11-21 08:18 - 00000197 _____ () C:\Windows\system32\2014-11-21-07-18-19.097-AvastVBoxSVC.exe-2480.log 2014-11-21 07:54 - 2014-12-14 13:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-21 07:53 - 2014-12-14 13:04 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-21 07:53 - 2014-12-14 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-21 07:53 - 2014-12-14 13:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-21 07:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 07:53 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 07:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-21 07:52 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-11-21 07:52 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-11-21 07:50 - 2014-11-21 07:50 - 01125200 _____ () C:\Users\Carmen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-11-21 07:45 - 2014-11-21 07:46 - 00000197 _____ () C:\Windows\system32\2014-11-21-06-45-50.087-AvastVBoxSVC.exe-2588.log 2014-11-21 07:08 - 2014-12-10 18:18 - 00000000 ____D () C:\AdwCleaner 2014-11-21 07:08 - 2014-11-21 07:08 - 02140160 _____ () C:\Users\Carmen\Downloads\adwcleaner_4.101.exe 2014-11-21 07:05 - 2014-11-21 07:05 - 00000000 ____D () C:\Users\Carmen\Old Firefox Data 2014-11-20 07:56 - 2014-11-20 07:56 - 00000197 _____ () C:\Windows\system32\2014-11-20-06-56-27.099-AvastVBoxSVC.exe-2592.log 2014-11-19 14:08 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 14:08 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 14:08 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 14:08 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 09:10 - 2014-11-19 09:23 - 00000000 ____D () C:\Users\Carmen\Desktop\Hagen ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-16 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-16 11:37 - 2014-10-07 10:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-16 10:39 - 2014-10-07 09:24 - 01114082 _____ () C:\Windows\WindowsUpdate.log 2014-12-16 10:27 - 2014-11-08 23:01 - 00000000 ____D () C:\Windows\Minidump 2014-12-16 10:19 - 2014-10-07 09:30 - 00334457 _____ () C:\Users\Carmen\AppData\Local\BTServer.log 2014-12-16 06:54 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-16 06:28 - 2014-10-07 09:39 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17783682-5FE5-4D6A-AFA8-39BA44C454C6} 2014-12-14 23:23 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen 2014-12-14 16:14 - 2013-10-07 06:32 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2014-12-14 16:14 - 2013-10-07 06:32 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2014-12-14 16:14 - 2013-10-07 06:11 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-14 16:09 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-14 16:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-12-14 13:09 - 2014-10-07 09:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3201879546-1506140658-4254453320-1001 2014-12-14 12:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-12 06:28 - 2014-10-07 10:37 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Adobe 2014-12-12 06:27 - 2014-10-07 10:39 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-11 17:44 - 2014-10-13 12:57 - 00189952 ___SH () C:\Users\Carmen\Desktop\Thumbs.db 2014-12-11 08:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-12-10 14:43 - 2014-10-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-10 08:37 - 2014-10-12 10:37 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-10 07:21 - 2014-10-09 12:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 07:15 - 2013-10-07 07:12 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-04 19:55 - 2014-10-09 10:38 - 00000000 ____D () C:\Users\Carmen\Desktop\Carmen 2014-12-04 17:14 - 2014-10-15 08:06 - 00000000 ____D () C:\Users\Carmen\Desktop\Jasmin 2014-12-04 17:08 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\Documents\My Bluetooth 2014-12-01 13:15 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\AppData\Local\VirtualStore 2014-11-25 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-25 11:13 - 2013-10-07 07:05 - 00000000 ____D () C:\Windows\Panther 2014-11-25 08:44 - 2014-11-14 13:45 - 00007605 _____ () C:\Users\Carmen\AppData\Local\Resmon.ResmonCfg 2014-11-21 09:24 - 2014-10-08 05:39 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-11-21 09:19 - 2013-10-08 12:17 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-21 08:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help 2014-11-21 07:43 - 2014-10-10 11:00 - 00000000 ____D () C:\Users\Carmen\Desktop\Programme 2014-11-21 07:02 - 2014-10-07 15:10 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-21 07:02 - 2014-10-07 15:10 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-21 07:02 - 2014-10-07 09:30 - 00001458 _____ () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-21 07:02 - 2013-10-22 11:55 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk 2014-11-21 07:02 - 2013-10-22 11:55 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk Some content of TEMP: ==================== C:\Users\Carmen\AppData\Local\Temp\avgnt.exe C:\Users\Carmen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiz0xc5.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-12 06:54 ==================== End Of Log ============================ Gruß, Casy66 |
16.12.2014, 21:39 | #10 |
/// the machine /// TB-Ausbilder | Adware.browsefox.aom Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.12.2014, 08:07 | #11 |
| Adware.browsefox.aom Zunächst erst mal der Fixlog Text: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014 Ran by Carmen at 2014-12-21 08:00:08 Run:1 Running from C:\Users\Carmen\Desktop Loaded Profile: Carmen (Available profiles: Carmen) Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. The system needed a reboot. ==== End of Fixlog ==== |
21.12.2014, 08:57 | #12 |
| Adware.browsefox.aom Hallo Schrauber, puh, bin jetzt durch alles durch und siehe da, auf einmal läuft alles wieder flüssig. Ich werde versuchen, alle Ratschläge, zu befolgen. und ich hoffe, dass mir dat nich nochmal passiert. Ganz dickes Danke und ein frohe Fest, Casy66 |
21.12.2014, 23:32 | #13 |
/// the machine /// TB-Ausbilder | Adware.browsefox.aom Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Adware.browsefox.aom |
adobe, adobe flash player, antivir, avg, avira, defender, desktop, ebay, explorer, firefox, flash player, hijackthis, internet, internet explorer, log, mozilla, opera, problem, realtek, security, software, tcp, temp, virus, windows |