| |
| |||||||
Log-Analyse und Auswertung: Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.03.2015, 19:58
| #1 |
| |  Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) Guten Abend, ich habe mir vor 1-2 Tagen das Programm "Daemon Tools" runtergeladen um eine Image Datei in ein Virtuelles Laufwerk zu Mounten und mir somit das Brennen zu ersparen. Seitdem ich dies getan habe, sind alle Seiten die ich im Browser öffne voll mit Werbung (trotz AdBlocker) und bei sogut wie jedem Klick (egal wo hin) öffnet sich ein Popup oder Tab. Die ganzen nervigen kleinen Programme, welche Automatisch im Hintergrund mit installiert wurden, habe ich schon entfernt. Anfangs ist mir auch dauerhaft der Browser zu gegangen und es öffnete ihn immer wieder mit komischen Tabs, was allerdings durch das entfernen der Hintergrund Programme nicht mehr vorhanden ist. Ich habe hier einmal die Anleitungen befolgt und hoffe, dass damit alle Informationen gegeben sind, die gewünscht sind. defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:11 on 19/03/2015 (Joey)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Joey (administrator) on YAOI on 19-03-2015 19:12:26
Running from C:\Users\Joey\Downloads
Loaded Profiles: Joey (Available profiles: Joey)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Spotify Ltd) C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Disc Soft Ltd) D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify Web Helper] => C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google Update] => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-20] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google+ Auto Backup] => C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify] => C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {6fb6e9cb-c419-11e4-8259-ac9e17ec3e93} - "M:\LaunchU3.exe" -a
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {ea776981-cbbe-11e4-825f-ac9e17ec3e93} - "M:\SETUP.EXE"
Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Hosts: 69.167.144.15 camtasiatudi.techsmith.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Programme\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Programme\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Extension: CinemaPlus 1.0dV17.03 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [2015-03-17]
FF Extension: Zoom It - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{14e5d2fa-092b-ec85-01ab-ba8c709d84c8} [2015-03-17]
FF Extension: WOT - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-12]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-02-12]
FF Extension: ProxTube - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ich@maltegoetz.de.xpi [2015-02-12]
FF Extension: NoScript - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-12]
FF Extension: Mountain Bike 1.0.1 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{8eaa906e-24dc-48aa-a1bf-893f16c0e11d}.xpi [2015-03-17]
FF Extension: Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=78B0F80F411BFC9D&affID=119357&tsp=4979
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426619680&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H", "hxxp://www.istartsurf.com/?type=hppp&ts=1426619747&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (CinemaPlus 1.0dV17.03) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb [2015-03-17]
CHR Extension: (HD for YouTube™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]
CHR Extension: (WOT) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-12]
CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12]
CHR Extension: (Google Calendar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-02-12]
CHR Extension: (Google Sheets) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (AdBlock) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-12]
CHR Extension: (Snap Links Lite) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmmhhijggcmbeejedibpdcahpkneegg [2015-02-12]
CHR Extension: (Adblock for Facebook™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2015-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-12]
CHR Extension: (Google Maps) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-02-12]
CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-02-12]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-02-12]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2015-02-12]
CHR Extension: (Picasa) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-02-12]
CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-18] (Avira Operations GmbH & Co. KG)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-17] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 rusb3xhc; C:\Windows\System32\drivers\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-19 19:12 - 2015-03-19 19:12 - 00024758 _____ () C:\Users\Joey\Downloads\FRST.txt
2015-03-19 19:12 - 2015-03-19 19:12 - 00000000 ____D () C:\FRST
2015-03-19 19:11 - 2015-03-19 19:11 - 02095616 _____ (Farbar) C:\Users\Joey\Downloads\FRST64.exe
2015-03-19 19:11 - 2015-03-19 19:11 - 00000540 _____ () C:\Users\Joey\Downloads\defogger_disable.log
2015-03-19 19:11 - 2015-03-19 19:11 - 00000148 _____ () C:\Users\Joey\defogger_reenable
2015-03-19 19:09 - 2015-03-19 19:09 - 00050477 _____ () C:\Users\Joey\Downloads\Defogger.exe
2015-03-19 19:03 - 2015-03-19 19:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Joey\Downloads\tdsskiller.exe
2015-03-19 16:39 - 2015-03-16 06:27 - 00000000 ____D () C:\Users\Joey\Downloads\NLAG.612
2015-03-19 16:37 - 2015-03-19 16:38 - 328023164 _____ () C:\Users\Joey\Downloads\NLAG.612.rar
2015-03-18 20:20 - 2015-03-18 20:20 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-18 20:19 - 2015-03-18 20:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-17 21:06 - 2015-03-17 21:06 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Toolkit
2015-03-17 20:33 - 2015-03-17 20:33 - 01054912 _____ (Adobe) C:\Users\Joey\Downloads\install_flashplayer17x32au_mssd_aaa_aih.exe
2015-03-17 20:29 - 2015-03-19 16:35 - 00000000 ____D () C:\AdwCleaner
2015-03-17 20:29 - 2015-03-17 20:29 - 02171392 _____ () C:\Users\Joey\Downloads\adwcleaner_4.112.exe
2015-03-17 20:27 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{88895279-122e-9ae9-8889-9527912249e4}
2015-03-17 20:23 - 2015-03-17 20:23 - 00613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-03-17 20:22 - 2015-03-19 18:54 - 00001340 _____ () C:\Windows\Tasks\OHTY.job
2015-03-17 20:22 - 2015-03-19 18:54 - 00001340 _____ () C:\Windows\Tasks\CVJW.job
2015-03-17 20:22 - 2015-03-19 06:48 - 00000000 ____D () C:\Program Files (x86)\a44392f2-25b4-4f24-ae7b-895b85863b5f
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\OHTY
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\CVJW
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ECCF436F-1426620174-2F51-E082-AC9E17EC3E93
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\ProgramData\11245081753149381587
2015-03-17 20:21 - 2015-03-19 18:51 - 00000000 ____D () C:\Program Files (x86)\CinemaPlus 1.0dV17.03
2015-03-17 20:21 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{fb0ae85f-f0a9-0f48-fb0a-ae85ff0aa17f}
2015-03-17 20:15 - 2015-03-17 20:17 - 00008608 _____ () C:\Windows\SysWOW64\BasementDusterOff.ini
2015-03-17 20:15 - 2015-03-17 20:17 - 00008608 _____ () C:\Windows\system32\BasementDusterOff.ini
2015-03-17 20:15 - 2015-03-16 16:21 - 00295808 _____ (BD Inc.) C:\Windows\SysWOW64\BDL.dll
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-17 20:03 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-17 20:00 - 2015-03-17 20:00 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\DAEMON Tools Lite
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-17 19:59 - 2015-03-17 19:59 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-03-17 19:51 - 2015-03-17 19:51 - 00000000 ____D () C:\Users\Joey\Documents\Medium
2015-03-15 18:47 - 2015-03-15 18:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\QNAP
2015-03-15 18:46 - 2015-03-15 18:46 - 00002942 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2015-03-15 18:46 - 2015-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\TechSmith
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Local\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-12 20:10 - 2015-03-12 20:10 - 257992504 _____ () C:\Users\Joey\Downloads\camtasiade.exe
2015-03-12 06:51 - 2015-03-17 20:21 - 00000000 ____D () C:\Users\Joey\AppData\Local\CrashDumps
2015-03-11 19:22 - 2015-03-11 19:22 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-03-11 19:22 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMB6.DLL
2015-03-11 19:22 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNC_B6L.dll
2015-03-11 19:22 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\Windows\system32\CNC_B6C.dll
2015-03-11 19:22 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_B6I.dll
2015-03-11 19:22 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-03-11 17:15 - 2015-03-03 06:41 - 00000000 ____D () C:\Users\Joey\Downloads\NLAG.610
2015-03-10 21:31 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-10 21:31 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-10 21:31 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 21:31 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 21:30 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:30 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 21:30 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-03-06 00:20 - 2015-03-06 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-26 23:53 - 2015-02-26 23:53 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\MPC-HC
2015-02-20 21:38 - 2015-02-20 21:38 - 00000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-20 15:08 - 2015-03-19 18:18 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job
2015-02-20 15:08 - 2015-03-19 15:18 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job
2015-02-20 15:08 - 2015-02-20 15:13 - 00004070 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA
2015-02-20 15:08 - 2015-02-20 15:13 - 00003690 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core
2015-02-20 15:08 - 2015-02-20 15:08 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-02-19 20:46 - 2015-02-19 20:46 - 00000000 ____D () C:\Users\Joey\Documents\Electronic Arts
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:43 - 2015-02-19 20:44 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-19 19:53 - 2015-03-17 21:24 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\FileZilla
2015-02-19 19:40 - 2015-02-19 19:40 - 00000000 ____D () C:\Users\Joey\AppData\Local\Steam
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieUserList
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieSiteList
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieBrowserModeList
2015-02-17 18:01 - 2015-02-17 18:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-17 18:01 - 2015-02-17 18:01 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-02-17 17:37 - 1999-10-21 11:12 - 00020400 _____ (EnTech Taiwan) C:\Windows\SysWOW64\Drivers\entech.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-19 19:11 - 2015-02-12 18:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 19:11 - 2015-02-12 17:15 - 00000000 ____D () C:\Users\Joey
2015-03-19 19:06 - 2015-02-12 17:12 - 01901840 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 19:01 - 2014-11-21 04:35 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 19:01 - 2014-11-21 03:45 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-03-19 19:01 - 2014-11-21 03:45 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-03-19 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-19 18:55 - 2015-02-12 17:31 - 00000000 ____D () C:\Users\Joey\AppData\Local\Spotify
2015-03-19 18:55 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Spotify
2015-03-19 18:55 - 2015-02-12 17:19 - 00000000 ___RD () C:\Users\Joey\OneDrive
2015-03-19 18:55 - 2013-08-22 15:46 - 00041058 _____ () C:\Windows\setupact.log
2015-03-19 18:54 - 2015-02-12 17:26 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 18:54 - 2015-02-09 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 18:54 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 18:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-19 18:36 - 2015-02-12 17:26 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 16:39 - 2015-02-12 17:34 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Dropbox
2015-03-19 06:48 - 2015-02-09 10:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-18 20:26 - 2015-02-12 17:21 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2568549407-2221234275-1578291052-1001
2015-03-18 20:11 - 2015-02-14 14:21 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\NVIDIA
2015-03-18 20:01 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc
2015-03-17 21:06 - 2015-02-12 17:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Packages
2015-03-17 20:31 - 2014-11-20 19:24 - 00021292 _____ () C:\Windows\PFRO.log
2015-03-17 20:31 - 2013-08-22 15:44 - 00409896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 20:30 - 2015-02-12 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 20:27 - 2013-08-22 14:25 - 00000269 _____ () C:\Windows\win.ini
2015-03-17 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-17 20:03 - 2014-11-21 04:13 - 00000000 ____D () C:\Windows\ShellNew
2015-03-17 20:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-14 23:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-14 02:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-14 00:48 - 2015-02-12 17:35 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 17:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 06:51 - 2015-02-12 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-10 22:22 - 2015-01-23 13:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 22:19 - 2015-01-23 13:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 18:57 - 2015-02-12 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla
2015-03-04 22:24 - 2014-11-21 12:01 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-11-21 12:01 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 14:17 - 2015-02-12 17:51 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-20 15:08 - 2015-02-12 17:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Google
==================== Files in the root of some directories =======
2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Joey\AppData\Roaming\OHTY
2015-03-17 20:23 - 2015-03-17 20:23 - 0613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-02-20 21:38 - 2015-02-20 21:38 - 0000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-09 10:36 - 2015-02-09 10:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Joey\AppData\Local\Temp\avgnt.exe
C:\Users\Joey\AppData\Local\Temp\avira_antivirus_pro_de.exe
C:\Users\Joey\AppData\Local\Temp\besE84A.exe
C:\Users\Joey\AppData\Local\Temp\bitool.dll
C:\Users\Joey\AppData\Local\Temp\D60A330C-D09A-E5F5-4799-F4322A86F3E4.dll
C:\Users\Joey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn8vx6i.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Joey\AppData\Local\Temp\nvStInst.exe
C:\Users\Joey\AppData\Local\Temp\ose00000.exe
C:\Users\Joey\AppData\Local\Temp\Quarantine.exe
C:\Users\Joey\AppData\Local\Temp\sdan.exe
C:\Users\Joey\AppData\Local\Temp\sdapk.exe
C:\Users\Joey\AppData\Local\Temp\sdaspwn.exe
C:\Users\Joey\AppData\Local\Temp\setup.exe
C:\Users\Joey\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\Joey\AppData\Local\Temp\SpOrder.dll
C:\Users\Joey\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-13 02:14
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Joey at 2015-03-19 19:12:40
Running from C:\Users\Joey\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Camtasia Studio 8 (HKLM-x32\...\{64CA5C05-4281-434C-A984-3A4FE6411805}) (Version: 8.5.0.1954 - TechSmith Corporation)
CinemaPlus 1.0dV17.03 (HKLM-x32\...\CinemaPlus 1.0dV17.03) (Version: 1.36.01.22 - CinemaPlus 1.0dV17.03) <==== ATTENTION
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0 (HKLM-x32\...\Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0) (Version: - )
Dropbox (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
GU Player (remove only) (HKLM-x32\...\GU Player) (Version: - )
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.2.5.0108 - QNAP Systems, Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 Update v1.4.83.1010 inc Outdoor Retreat DLC (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
12-03-2015 17:13:59 Windows Modules Installer
17-03-2015 20:02:58 Installed Microsoft Office Professional Plus 2013
17-03-2015 20:03:02 PROPLUS
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-03-12 20:17 - 2015-03-12 20:17 - 00000866 ____A C:\Windows\system32\Drivers\etc\hosts
69.167.144.15 camtasiatudi.techsmith.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {006DBC9F-E6C6-430B-AF69-D583868A35AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {063D42A9-F0B6-4C94-892F-F66530D74635} - System32\Tasks\CVJW => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: {1DCA829D-AEDE-4898-9EAC-2F6A687FFA9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {879C4521-051C-46E1-BEBF-F853CFB0E873} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {89C70B19-4F3A-4047-9A37-2CB497974324} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {96377C93-80B6-45D6-B804-BF545B28BD85} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {AB9CEB98-25F6-4605-9B8E-DAD6B02F9C63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B6E78CE3-DEE8-445E-BAF0-948DCB4D98F4} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {CFCC9FE2-25DC-4DE3-8C2D-1855CBBF8F5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {D027BDD3-63DA-441A-B7A4-6E6C7430AFB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D1EC3D12-BFC9-4693-B83E-FE3C3EB5EA93} - System32\Tasks\OHTY => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION
Task: {D949C1EB-7F0C-4B6D-8EEC-BD9115D44F6A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F2EBA190-0186-42E3-B2A2-B8EFAF1B3FD4} - System32\Tasks\iSCSIAgentAutoStartup => D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2015-01-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CVJW.job => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OHTY.job => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2015-02-09 11:00 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-12 17:49 - 2013-07-04 03:32 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-03-15 18:46 - 2015-01-27 08:16 - 01739952 _____ () D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
2015-02-12 17:49 - 2015-03-19 18:54 - 00028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-02-12 17:49 - 2012-05-07 17:04 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-02-13 12:15 - 2015-02-13 12:15 - 03219456 _____ () C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-03-02 21:30 - 2015-03-02 21:30 - 00039384 _____ () D:\Programme\FileZilla\fzshellext.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-12 21:37 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-12 21:37 - 2015-03-07 07:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Joey\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joey\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "shopperz64"
HKLM\...\StartupApproved\Run: => "shopperz"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "superpc_soft_partner.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "PriceLessInstaller.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
==================== Accounts: =============================
Administrator (S-1-5-21-2568549407-2221234275-1578291052-500 - Administrator - Disabled)
Gast (S-1-5-21-2568549407-2221234275-1578291052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568549407-2221234275-1578291052-1003 - Limited - Enabled)
Joey (S-1-5-21-2568549407-2221234275-1578291052-1001 - Administrator - Enabled) => C:\Users\Joey
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/17/2015 08:25:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm package_superpc_installer_multilang.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e24
Startzeit: 01d060e7cf8a9677
Endzeit: 4294967295
Anwendungspfad: C:\Users\Joey\AppData\Local\Temp\is-PRB45.tmp\package_superpc_installer_multilang.tmp
Berichts-ID: 4d41023e-ccdb-11e4-825f-ac9e17ec3e93
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/17/2015 08:24:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AnyProtect.exe, Version 1.0.0.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 149c
Startzeit: 01d060e7f611fc3b
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Berichts-ID: 44f974e6-ccdb-11e4-825f-ac9e17ec3e93
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/17/2015 08:23:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm nsv415B.tmp, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 19fc
Startzeit: 01d060e6c4fc815a
Endzeit: 4294967295
Anwendungspfad: C:\Users\Joey\AppData\Local\Temp\nsv415B.tmp
Berichts-ID: 1e790abe-ccdb-11e4-825f-ac9e17ec3e93
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/17/2015 08:22:02 PM) (Source: MsiInstaller) (EventID: 11309) (User: YAOI)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (03/17/2015 08:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 41.0.2272.89, Zeitstempel: 0x54fa819a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x197c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5
Error: (03/17/2015 08:20:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: qrsvc.exe, Version: 1.10.0.9, Zeitstempel: 0x54d51cc7
Name des fehlerhaften Moduls: qrsvc.exe, Version: 1.10.0.9, Zeitstempel: 0x54d51cc7
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000250ec
ID des fehlerhaften Prozesses: 0x1db0
Startzeit der fehlerhaften Anwendung: 0xqrsvc.exe0
Pfad der fehlerhaften Anwendung: qrsvc.exe1
Pfad des fehlerhaften Moduls: qrsvc.exe2
Berichtskennung: qrsvc.exe3
Vollständiger Name des fehlerhaften Pakets: qrsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: qrsvc.exe5
Error: (03/15/2015 02:36:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (03/14/2015 02:30:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (03/13/2015 06:51:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (03/12/2015 05:04:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: StartIsBack64.dll, Version: 3.5.0.39, Zeitstempel: 0x52b9f014
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000022eee
ID des fehlerhaften Prozesses: 0xd44
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
System errors:
=============
Error: (03/19/2015 06:55:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/19/2015 06:55:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/19/2015 06:55:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/19/2015 06:55:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/19/2015 06:55:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SuperOptimizer Stats erreicht.
Error: (03/19/2015 06:54:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/19/2015 06:53:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/19/2015 06:36:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/19/2015 04:36:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/19/2015 02:36:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Microsoft Office Sessions:
=========================
Error: (03/17/2015 08:25:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: package_superpc_installer_multilang.tmp51.52.0.0e2401d060e7cf8a96774294967295C:\Users\Joey\AppData\Local\Temp\is-PRB45.tmp\package_superpc_installer_multilang.tmp4d41023e-ccdb-11e4-825f-ac9e17ec3e93
Error: (03/17/2015 08:24:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AnyProtect.exe1.0.0.4149c01d060e7f611fc3b4294967295C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe44f974e6-ccdb-11e4-825f-ac9e17ec3e93
Error: (03/17/2015 08:23:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsv415B.tmp0.0.0.019fc01d060e6c4fc815a4294967295C:\Users\Joey\AppData\Local\Temp\nsv415B.tmp1e790abe-ccdb-11e4-825f-ac9e17ec3e93
Error: (03/17/2015 08:22:02 PM) (Source: MsiInstaller) (EventID: 11309) (User: YAOI)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/17/2015 08:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.8954fa819antdll.dll6.3.9600.1763054b0d74fc00001420009e0b2197c01d060e7a23997bfC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dlldfe88550-ccda-11e4-825f-ac9e17ec3e93
Error: (03/17/2015 08:20:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: qrsvc.exe1.10.0.954d51cc7qrsvc.exe1.10.0.954d51cc7c0000409000250ec1db001d060e6909000daC:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exeC:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exeb2bf6a7f-ccda-11e4-825f-ac9e17ec3e93
Error: (03/15/2015 02:36:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: SystemFalscher Parameter. (0x80070057)
Error: (03/14/2015 02:30:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: SystemFalscher Parameter. (0x80070057)
Error: (03/13/2015 06:51:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (03/12/2015 05:04:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2StartIsBack64.dll3.5.0.3952b9f014c000041d0000000000022eeed4401d05cde3b68818bC:\Windows\Explorer.EXEC:\Program Files (x86)\StartIsBack\StartIsBack64.dll79bbf64a-c8d1-11e4-825e-ac9e17ec3e93
CodeIntegrity Errors:
===================================
Date: 2015-03-18 03:04:18.209
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 19%
Total physical RAM: 16319.17 MB
Available physical RAM: 13080.86 MB
Total Pagefile: 18751.17 MB
Available Pagefile: 14839.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:100.41 GB) (Free:41.59 GB) NTFS
Drive d: (Programme) (Fixed) (Total:931.51 GB) (Free:901.11 GB) NTFS
Drive f: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:3.63 GB) (Free:2.16 GB) FAT32
Drive h: (Games) (Fixed) (Total:930.86 GB) (Free:368.69 GB) NTFS
Drive j: (Serien) (Fixed) (Total:1863.01 GB) (Free:1268.59 GB) NTFS
Drive k: (Animes) (Fixed) (Total:1862.98 GB) (Free:695.94 GB) NTFS
Drive l: (Sicherung) (Fixed) (Total:931.51 GB) (Free:367.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D64245DE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B7EFD763)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B78A4E50)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 3.6 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002F734)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
gmer.log Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-19 19:27:06
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000027 Samsung_SSD_850_EVO_120GB rev.EMT01B6Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Joey\AppData\Local\Temp\pgldrpod.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [628:652] fffff9600083a2d0
Thread C:\Windows\system32\csrss.exe [628:724] fffff9600083a2d0
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2932] 0000000003ada690
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2936] 0000000003ada690
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2940] 0000000003ada690
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2944] 0000000003ada690
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2948] 0000000003ada690
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2952] 0000000003ada690
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2956] 0000000003ada690
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2960] 0000000003ada690
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2968] 0000000003af1b60
Thread D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2984] 0000000003af1b60
---- Processes - GMER 2.1 ----
Library C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll (*** suspicious ***) @ C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [5412](2015-02-13 11:15:16) 00000000027b0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1259671043
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{2bf570e8-dfd8-47df-a4af-15d890248277}@LastProbeTime 1426624580
Reg HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog 0x4B 0x02 0x29 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1698
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 81
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile@EnableFirewall 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile@EnableFirewall 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 23
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastSqmLog 0x0C 0xFB 0x24 0xDE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 62
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x61 0x67 0xAC 0xD9 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x61 0x67 0xAC 0xD9 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherBandwidthBucketDrainTime 0x9A 0xD8 0xCC 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x61 0x67 0xAC 0xD9 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x61 0x67 0xAC 0xD9 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63562303568113%3bID%3d108FE72B08E15310!104%3bLR%3d63562325497380%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xC0 0x9F 0xCE 0xEE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Lite "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[S2].txt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 19
---- EOF - GMER 2.1 ----
Info: Die Avira Virenscanner Ergebnisse haben leider wegen zu vielen Zeichen nicht mehr in den Beitrag gepasst, weshalb ich diese nun im Anhang poste, hoffe das ist ok... Mit freundlichen Grüßen dingsibumzi (Joey) Geändert von dingsibumzi (19.03.2015 um 20:06 Uhr) |
|
19.03.2015, 20:02
| #2 |
| /// the machine /// TB-Ausbilder    | Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
19.03.2015, 20:37
| #3 |
| | Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) So, vielen Dank erstmal für die schnelle Antwort...
__________________Habe alles gemacht wie beschrieben... mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.03.2015 Suchlauf-Zeit: 20:20:37 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.19.07 Rootkit Datenbank: v2015.02.25.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Joey Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 341886 Verstrichene Zeit: 4 Min, 42 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) adwcleaner.txt Code:
ATTFilter # AdwCleaner v4.112 - Bericht erstellt 19/03/2015 um 20:29:41
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Joey - YAOI
# Gestarted von : C:\Users\Joey\Downloads\adwcleaner_4.112.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v36.0.1 (x86 de)
-\\ Google Chrome v41.0.2272.89
*************************
AdwCleaner[R0].txt - [26987 Bytes] - [17/03/2015 20:29:54]
AdwCleaner[R1].txt - [1468 Bytes] - [17/03/2015 20:33:20]
AdwCleaner[R2].txt - [2739 Bytes] - [19/03/2015 16:34:08]
AdwCleaner[R3].txt - [2278 Bytes] - [19/03/2015 20:29:06]
AdwCleaner[S0].txt - [24335 Bytes] - [17/03/2015 20:30:37]
AdwCleaner[S1].txt - [1529 Bytes] - [17/03/2015 20:34:56]
AdwCleaner[S2].txt - [2818 Bytes] - [19/03/2015 16:35:13]
AdwCleaner[S3].txt - [2200 Bytes] - [19/03/2015 20:29:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2259 Bytes] ##########
JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 8.1 x64
Ran by Joey on 19.03.2015 at 20:32:46,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Joey\AppData\Roaming\mozilla\firefox\profiles\u35kl8ja.default\prefs.js
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "face");
user_pref("browser.search.searchengine.uid", "SamsungXSSDX850XEVOX120GB_S21UNSAG156319H");
user_pref("extensions.OJ1Bk8W25WiItH4n.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHU9pjwErdgFrjCHrdgEpdY9\")>-1){return;}}catch(e){}try{var d=[[\"triangl
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2015 at 20:34:32,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joey //Edit: Sry 2 Logs vergessen... Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Joey at 2015-03-19 20:39:38
Running from C:\Users\Joey\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Camtasia Studio 8 (HKLM-x32\...\{64CA5C05-4281-434C-A984-3A4FE6411805}) (Version: 8.5.0.1954 - TechSmith Corporation)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0 (HKLM-x32\...\Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0) (Version: - )
Dropbox (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
GU Player (remove only) (HKLM-x32\...\GU Player) (Version: - )
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.2.5.0108 - QNAP Systems, Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 Update v1.4.83.1010 inc Outdoor Retreat DLC (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
17-03-2015 20:02:58 Installed Microsoft Office Professional Plus 2013
17-03-2015 20:03:02 PROPLUS
19-03-2015 20:12:27 Revo Uninstaller's restore point - CinemaPlus 1.0dV17.03
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-03-12 20:17 - 2015-03-12 20:17 - 00000866 ____A C:\Windows\system32\Drivers\etc\hosts
69.167.144.15 camtasiatudi.techsmith.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {006DBC9F-E6C6-430B-AF69-D583868A35AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {063D42A9-F0B6-4C94-892F-F66530D74635} - System32\Tasks\CVJW => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: {1DCA829D-AEDE-4898-9EAC-2F6A687FFA9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {879C4521-051C-46E1-BEBF-F853CFB0E873} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {89C70B19-4F3A-4047-9A37-2CB497974324} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {96377C93-80B6-45D6-B804-BF545B28BD85} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {AB9CEB98-25F6-4605-9B8E-DAD6B02F9C63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B6E78CE3-DEE8-445E-BAF0-948DCB4D98F4} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {CFCC9FE2-25DC-4DE3-8C2D-1855CBBF8F5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {D027BDD3-63DA-441A-B7A4-6E6C7430AFB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D1EC3D12-BFC9-4693-B83E-FE3C3EB5EA93} - System32\Tasks\OHTY => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION
Task: {D949C1EB-7F0C-4B6D-8EEC-BD9115D44F6A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F2EBA190-0186-42E3-B2A2-B8EFAF1B3FD4} - System32\Tasks\iSCSIAgentAutoStartup => D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2015-01-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CVJW.job => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OHTY.job => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2015-02-09 11:00 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-12 17:49 - 2013-07-04 03:32 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-03-15 18:46 - 2015-01-27 08:16 - 01739952 _____ () D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
2015-03-02 15:43 - 2015-03-02 15:43 - 00099288 _____ () D:\Programme\FileZilla\fzshellext_64.dll
2015-02-12 17:49 - 2015-03-19 20:30 - 00028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-02-12 17:49 - 2012-05-07 17:04 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-02-13 12:15 - 2015-02-13 12:15 - 03219456 _____ () C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-03-02 21:30 - 2015-03-02 21:30 - 00039384 _____ () D:\Programme\FileZilla\fzshellext.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-12 21:37 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Joey\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joey\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "shopperz64"
HKLM\...\StartupApproved\Run: => "shopperz"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "superpc_soft_partner.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "PriceLessInstaller.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
==================== Accounts: =============================
Administrator (S-1-5-21-2568549407-2221234275-1578291052-500 - Administrator - Disabled)
Gast (S-1-5-21-2568549407-2221234275-1578291052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568549407-2221234275-1578291052-1003 - Limited - Enabled)
Joey (S-1-5-21-2568549407-2221234275-1578291052-1001 - Administrator - Enabled) => C:\Users\Joey
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (03/19/2015 08:39:42 PM) (Source: DCOM) (EventID: 10010) (User: YAOI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (03/19/2015 08:39:12 PM) (Source: DCOM) (EventID: 10010) (User: YAOI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (03/19/2015 08:38:42 PM) (Source: DCOM) (EventID: 10010) (User: YAOI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (03/19/2015 08:38:12 PM) (Source: DCOM) (EventID: 10010) (User: YAOI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 13%
Total physical RAM: 16319.17 MB
Available physical RAM: 14124.89 MB
Total Pagefile: 18751.17 MB
Available Pagefile: 16077.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:100.41 GB) (Free:59.74 GB) NTFS
Drive d: (Programme) (Fixed) (Total:931.51 GB) (Free:901.06 GB) NTFS
Drive f: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive h: (Games) (Fixed) (Total:930.86 GB) (Free:368.69 GB) NTFS
Drive j: (Serien) (Fixed) (Total:1863.01 GB) (Free:1261.54 GB) NTFS
Drive k: (Animes) (Fixed) (Total:1862.98 GB) (Free:693.72 GB) NTFS
Drive l: (Sicherung) (Fixed) (Total:931.51 GB) (Free:367.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D64245DE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B7EFD763)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B78A4E50)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002F734)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Joey (administrator) on YAOI on 19-03-2015 20:39:23 Running from C:\Users\Joey\Downloads Loaded Profiles: Joey (Available profiles: Joey) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () D:\Programme\QNAP\Qfinder\iSCSIAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-14] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe" HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify Web Helper] => C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google Update] => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-20] (Google Inc.) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google+ Auto Backup] => C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify] => C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-13] (Spotify Ltd) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {6fb6e9cb-c419-11e4-8259-ac9e17ec3e93} - "M:\LaunchU3.exe" -a HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {ea776981-cbbe-11e4-825f-ac9e17ec3e93} - "M:\SETUP.EXE" Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Hosts: 69.167.144.15 camtasiatudi.techsmith.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-12] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Programme\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-12] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Programme\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.) FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.) FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.) FF Extension: Zoom It - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{14e5d2fa-092b-ec85-01ab-ba8c709d84c8} [2015-03-17] FF Extension: WOT - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-12] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-02-12] FF Extension: ProxTube - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ich@maltegoetz.de.xpi [2015-02-12] FF Extension: NoScript - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-12] FF Extension: Mountain Bike 1.0.1 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{8eaa906e-24dc-48aa-a1bf-893f16c0e11d}.xpi [2015-03-17] FF Extension: Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06] FF Extension: No Name - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=78B0F80F411BFC9D&affID=119357&tsp=4979 CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426619680&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H", "hxxp://www.istartsurf.com/?type=hppp&ts=1426619747&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12] CHR Extension: (No Name) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb [2015-03-17] CHR Extension: (HD for YouTube™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2015-02-12] CHR Extension: (Google Docs) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12] CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12] CHR Extension: (WOT) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-12] CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12] CHR Extension: (Adblock Plus) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12] CHR Extension: (Google Search) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12] CHR Extension: (Google Calendar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-02-12] CHR Extension: (Google Sheets) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12] CHR Extension: (AdBlock) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-12] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-12] CHR Extension: (Snap Links Lite) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmmhhijggcmbeejedibpdcahpkneegg [2015-02-12] CHR Extension: (Adblock for Facebook™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2015-02-12] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Skype Click to Call) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-12] CHR Extension: (Google Maps) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-02-12] CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12] CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-02-12] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-02-12] CHR Extension: (Google Publisher Toolbar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2015-02-12] CHR Extension: (Picasa) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-02-12] CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-19] (Avira Operations GmbH & Co. KG) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] () S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 Disc Soft Lite Bus Service; D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation) R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation) S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-18] (Avira Operations GmbH & Co. KG) S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-17] (Disc Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation) S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 rusb3xhc; C:\Windows\System32\drivers\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 20:39 - 2015-03-19 20:39 - 02095616 _____ (Farbar) C:\Users\Joey\Downloads\FRST64.exe 2015-03-19 20:39 - 2015-03-19 20:39 - 00024467 _____ () C:\Users\Joey\Downloads\FRST.txt 2015-03-19 20:34 - 2015-03-19 20:34 - 00001229 _____ () C:\Users\Joey\Desktop\JRT.txt 2015-03-19 20:32 - 2015-03-19 20:32 - 01388672 _____ (Thisisu) C:\Users\Joey\Downloads\JRT.exe 2015-03-19 20:31 - 2015-03-19 20:31 - 00002339 _____ () C:\Users\Joey\Desktop\adwcleaner.txt 2015-03-19 20:25 - 2015-03-19 20:25 - 00001186 _____ () C:\Users\Joey\Desktop\mbam.txt 2015-03-19 20:19 - 2015-03-19 20:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-19 20:19 - 2015-03-19 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-19 20:19 - 2015-03-19 20:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 20:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-19 20:19 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-19 20:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-19 19:12 - 2015-03-19 20:39 - 00000000 ____D () C:\FRST 2015-03-19 19:11 - 2015-03-19 19:11 - 00000148 _____ () C:\Users\Joey\defogger_reenable 2015-03-18 20:20 - 2015-03-18 20:20 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Avira 2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Avira 2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-18 20:19 - 2015-03-18 20:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-18 20:19 - 2015-03-18 20:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-18 20:19 - 2015-03-18 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-18 20:19 - 2015-03-18 20:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-03-17 21:06 - 2015-03-17 21:06 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Toolkit 2015-03-17 20:29 - 2015-03-19 20:29 - 00000000 ____D () C:\AdwCleaner 2015-03-17 20:27 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{88895279-122e-9ae9-8889-9527912249e4} 2015-03-17 20:23 - 2015-03-17 20:23 - 00613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp 2015-03-17 20:22 - 2015-03-19 20:30 - 00001340 _____ () C:\Windows\Tasks\OHTY.job 2015-03-17 20:22 - 2015-03-19 20:30 - 00001340 _____ () C:\Windows\Tasks\CVJW.job 2015-03-17 20:22 - 2015-03-19 06:48 - 00000000 ____D () C:\Program Files (x86)\a44392f2-25b4-4f24-ae7b-895b85863b5f 2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\OHTY 2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\CVJW 2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ECCF436F-1426620174-2F51-E082-AC9E17EC3E93 2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\ProgramData\11245081753149381587 2015-03-17 20:21 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{fb0ae85f-f0a9-0f48-fb0a-ae85ff0aa17f} 2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-03-17 20:03 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Help 2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-03-17 20:00 - 2015-03-17 20:00 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\DAEMON Tools Lite 2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-03-17 19:59 - 2015-03-17 19:59 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-03-15 18:47 - 2015-03-15 18:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\QNAP 2015-03-15 18:46 - 2015-03-15 18:46 - 00002942 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup 2015-03-15 18:46 - 2015-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP 2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\TechSmith 2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Local\TechSmith 2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\TechSmith 2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith 2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-03-12 06:51 - 2015-03-17 20:21 - 00000000 ____D () C:\Users\Joey\AppData\Local\CrashDumps 2015-03-11 19:22 - 2015-03-11 19:22 - 00000000 ___HD () C:\ProgramData\CanonBJ 2015-03-11 19:22 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMB6.DLL 2015-03-11 19:22 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNC_B6L.dll 2015-03-11 19:22 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\Windows\system32\CNC_B6C.dll 2015-03-11 19:22 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_B6I.dll 2015-03-11 19:22 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll 2015-03-10 21:31 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-10 21:31 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-03-10 21:31 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-10 21:31 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-10 21:31 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-03-10 21:31 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-03-10 21:31 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-10 21:31 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-03-10 21:31 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-10 21:31 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-10 21:30 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 21:30 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-10 21:30 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW 2015-03-06 00:20 - 2015-03-06 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-26 23:53 - 2015-02-26 23:53 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\MPC-HC 2015-02-20 21:38 - 2015-02-20 21:38 - 00000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg 2015-02-20 15:08 - 2015-03-19 20:18 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job 2015-02-20 15:08 - 2015-03-19 15:18 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job 2015-02-20 15:08 - 2015-02-20 15:13 - 00004070 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA 2015-02-20 15:08 - 2015-02-20 15:13 - 00003690 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core 2015-02-20 15:08 - 2015-02-20 15:08 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2015-02-19 20:46 - 2015-02-19 20:46 - 00000000 ____D () C:\Users\Joey\Documents\Electronic Arts 2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\WinRAR 2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-19 20:43 - 2015-02-19 20:44 - 00000000 ____D () C:\Program Files\WinRAR 2015-02-19 19:53 - 2015-03-17 21:24 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\FileZilla 2015-02-19 19:40 - 2015-02-19 19:40 - 00000000 ____D () C:\Users\Joey\AppData\Local\Steam 2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieUserList 2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieSiteList 2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieBrowserModeList 2015-02-17 18:01 - 2015-02-17 18:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-17 18:01 - 2015-02-17 18:01 - 00000000 ____D () C:\Program Files (x86)\Futuremark 2015-02-17 17:37 - 1999-10-21 11:12 - 00020400 _____ (EnTech Taiwan) C:\Windows\SysWOW64\Drivers\entech.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 20:38 - 2015-02-12 17:21 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2568549407-2221234275-1578291052-1001 2015-03-19 20:37 - 2014-11-21 04:35 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-19 20:37 - 2014-11-21 03:45 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-03-19 20:37 - 2014-11-21 03:45 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-03-19 20:36 - 2015-02-12 17:26 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-19 20:32 - 2015-02-12 17:12 - 01973634 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 20:31 - 2015-02-12 17:19 - 00000000 ___RD () C:\Users\Joey\OneDrive 2015-03-19 20:31 - 2013-08-22 15:46 - 00041406 _____ () C:\Windows\setupact.log 2015-03-19 20:30 - 2015-02-12 17:26 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-19 20:30 - 2015-02-09 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-19 20:30 - 2014-11-20 19:24 - 00139172 _____ () C:\Windows\PFRO.log 2015-03-19 20:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System 2015-03-19 20:30 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 20:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-03-19 20:19 - 2015-02-12 17:31 - 00000000 ____D () C:\Users\Joey\AppData\Local\Spotify 2015-03-19 20:16 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Spotify 2015-03-19 20:11 - 2015-02-12 18:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-19 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-03-19 19:11 - 2015-02-12 17:15 - 00000000 ____D () C:\Users\Joey 2015-03-19 16:39 - 2015-02-12 17:34 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Dropbox 2015-03-19 06:48 - 2015-02-09 10:59 - 00000000 ____D () C:\Program Files (x86)\ASUS 2015-03-18 20:11 - 2015-02-14 14:21 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\NVIDIA 2015-03-18 20:01 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc 2015-03-17 21:06 - 2015-02-12 17:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Packages 2015-03-17 20:31 - 2013-08-22 15:44 - 00409896 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-17 20:30 - 2015-02-12 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-17 20:27 - 2013-08-22 14:25 - 00000269 _____ () C:\Windows\win.ini 2015-03-17 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-17 20:03 - 2014-11-21 04:13 - 00000000 ____D () C:\Windows\ShellNew 2015-03-17 20:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-03-14 23:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-03-14 02:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-03-14 00:48 - 2015-02-12 17:35 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-12 17:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-03-12 06:51 - 2015-02-12 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-10 22:22 - 2015-01-23 13:16 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-10 22:19 - 2015-01-23 13:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-07 18:57 - 2015-02-12 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla 2015-03-04 22:24 - 2014-11-21 12:01 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-04 22:24 - 2014-11-21 12:01 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-03 14:17 - 2015-02-12 17:51 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-20 15:08 - 2015-02-12 17:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Google ==================== Files in the root of some directories ======= 2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW 2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Joey\AppData\Roaming\OHTY 2015-03-17 20:23 - 2015-03-17 20:23 - 0613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp 2015-02-20 21:38 - 2015-02-20 21:38 - 0000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg 2015-02-09 10:36 - 2015-02-09 10:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Joey\AppData\Local\Temp\avgnt.exe C:\Users\Joey\AppData\Local\Temp\avira_antivirus_pro_de.exe C:\Users\Joey\AppData\Local\Temp\besE84A.exe C:\Users\Joey\AppData\Local\Temp\bitool.dll C:\Users\Joey\AppData\Local\Temp\D60A330C-D09A-E5F5-4799-F4322A86F3E4.dll C:\Users\Joey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn8vx6i.dll C:\Users\Joey\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Joey\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Joey\AppData\Local\Temp\nvStInst.exe C:\Users\Joey\AppData\Local\Temp\ose00000.exe C:\Users\Joey\AppData\Local\Temp\Quarantine.exe C:\Users\Joey\AppData\Local\Temp\sdan.exe C:\Users\Joey\AppData\Local\Temp\sdapk.exe C:\Users\Joey\AppData\Local\Temp\sdaspwn.exe C:\Users\Joey\AppData\Local\Temp\setup.exe C:\Users\Joey\AppData\Local\Temp\SpOrder.dll C:\Users\Joey\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-13 02:14 ==================== End Of Log ============================ |
|
20.03.2015, 06:39
| #4 |
| /// the machine /// TB-Ausbilder | Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.03.2015, 14:28
| #5 |
| | Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) ESET Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=decabdc1602ee340a258b8d09c589be6
# engine=23001
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-20 12:54:27
# local_time=2015-03-20 01:54:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 149676 17160386 0 0
# scanned=324993
# found=27
# cleaned=27
# scan_time=1695
sh=56AC31EBC54597C6E194D9B5ADDF6B29458245F9 ft=1 fh=5f3daecbd404e087 vn="Win32/Toolbar.Perion.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\grunt.exe.vir"
sh=66608BCB88F6457E34237167FA6FBC49DD251CED ft=1 fh=d4755eb64e31f0fe vn="Variante von Win32/Toolbar.BitCocktail.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi32.dll.vir"
sh=A2778D4B49DA215BBD11D9D8CF67F97DF9455757 ft=1 fh=ec14f6e921ad2e8b vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi64.dll.vir"
sh=B3B169E220BD591802B05759ADEE1C353E15B112 ft=1 fh=9d6c1fda665ceb54 vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir"
sh=014302BCFCE8E95F675D856ADC42614B6769BD78 ft=1 fh=d796cde0598a222b vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir"
sh=F5E9CFA83893B70D39165F042DBE6BBDC5BC9DF3 ft=1 fh=cef96969f9ed33f7 vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\liara64.dll.vir"
sh=5A10F30C11DCE52228B78385750B0B8BC1ABC042 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir"
sh=DA924F88C5F215759BB80EEDF46C05BBA4DAEFA8 ft=1 fh=a1dd0c72d6b1a031 vn="Variante von Win32/SpeedingUpMyPC Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SuperOptimizer.exe.vir"
sh=108E966199540F13F1B87F41EAE1FFCF109F45D3 ft=1 fh=a71bb00c38b9082e vn="Variante von Win32/OptimizerPro.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptHelper.dll.vir"
sh=315FEC335BF71E0CE2F465E0C38945ABEAE09372 ft=1 fh=cfa5557ee7beb9a5 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe.vir"
sh=8C8E2A338F04848E754C25DC19C1430580D462C6 ft=1 fh=f76e2c97d8443672 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=AEA1F8ECDBFE8E7BD55BCA9B24160C99A58F655B ft=1 fh=00817a312f73db7a vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=987B7AAE8131855FE75145719FF5F076B2299C97 ft=1 fh=712332c590681590 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=454CD903C123F611BCB0570843035C0A79F4982C ft=1 fh=cd56a5d579cc2e31 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=CD37191EE4233E55E613DD2D34DA1620EC9752E6 ft=1 fh=779e3b53bab7b8cc vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=9703A00A9033EA51B40B4772437460089D4503D6 ft=1 fh=da99dbaa01de7d6c vn="Win32/Adware.ConvertAd.AQ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Roaming\ASPackage\ASPackage.exe.vir"
sh=F9E79A4BC82B743DC56BE6916EDC3540154BFADE ft=1 fh=2b7a9d9ab840913b vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\20150317158907[1].exe"
sh=09737D2395AC1B238DF2C801D0EB786EC082D56D ft=1 fh=1c4a9958d65de32e vn="Variante von MSIL/Adware.Imali.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\OfferInstaller[1].exe"
sh=701E5C91D38312D6058AE6FCEAB51D6C54ADF07A ft=1 fh=4ba78ebfe1725d18 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\JM9SA1QX\setup[1].exe"
sh=FA96F438B577DA63C2BF89B05BCD2DADD8AC99BE ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\8B374F555B5E3B43D93C37100CC3E6748FAE7093"
sh=9D42FD36ED3A2C624B8888F133EF6D2286F38F82 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\97B20B4F812BBBB56E5CDDA1A8942C5533AD1D13"
sh=09737D2395AC1B238DF2C801D0EB786EC082D56D ft=1 fh=1c4a9958d65de32e vn="Variante von MSIL/Adware.Imali.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Temp\besE84A.exe"
sh=701E5C91D38312D6058AE6FCEAB51D6C54ADF07A ft=1 fh=4ba78ebfe1725d18 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Temp\nsp5B1C.tmp"
sh=9703A00A9033EA51B40B4772437460089D4503D6 ft=1 fh=da99dbaa01de7d6c vn="Win32/Adware.ConvertAd.AQ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Temp\setup.exe"
sh=097FB925C9B77946F2FE596B6E1411461C1361BB ft=1 fh=ba43d6af3759cc18 vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Temp\nsu57E9.tmp\nsWeb_DispWPag.dll"
sh=90B83EA3A71D176CA8D03DDCEF3C3F270D9639DB ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\staged\veggy@veggyAddon.com\chrome\content\main.js"
Sollte ich die Funde von "Eset Online Scanner" in Quarantäne verschieben? FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Joey (administrator) on YAOI on 20-03-2015 14:20:13 Running from C:\Users\Joey\Downloads Loaded Profiles: Joey & (Available profiles: Joey) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () D:\Programme\QNAP\Qfinder\iSCSIAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-14] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe" HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify Web Helper] => C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google Update] => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-20] (Google Inc.) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google+ Auto Backup] => C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify] => C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-13] (Spotify Ltd) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {6fb6e9cb-c419-11e4-8259-ac9e17ec3e93} - "M:\LaunchU3.exe" -a HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {ea776981-cbbe-11e4-825f-ac9e17ec3e93} - "M:\SETUP.EXE" HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-20] (Google Inc.) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-13] (Spotify Ltd) HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6fb6e9cb-c419-11e4-8259-ac9e17ec3e93} - "M:\LaunchU3.exe" -a HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ea776981-cbbe-11e4-825f-ac9e17ec3e93} - "M:\SETUP.EXE" Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Hosts: 69.167.144.15 camtasiatudi.techsmith.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-12] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Programme\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-12] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Programme\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.) FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.) FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.) FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.) FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.) FF Extension: Zoom It - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{14e5d2fa-092b-ec85-01ab-ba8c709d84c8} [2015-03-17] FF Extension: WOT - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-12] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-02-12] FF Extension: ProxTube - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ich@maltegoetz.de.xpi [2015-02-12] FF Extension: NoScript - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-12] FF Extension: Mountain Bike 1.0.1 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{8eaa906e-24dc-48aa-a1bf-893f16c0e11d}.xpi [2015-03-17] FF Extension: Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=78B0F80F411BFC9D&affID=119357&tsp=4979 CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426619680&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H", "hxxp://www.istartsurf.com/?type=hppp&ts=1426619747&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12] CHR Extension: (No Name) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb [2015-03-17] CHR Extension: (HD for YouTube™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2015-02-12] CHR Extension: (Google Docs) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12] CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12] CHR Extension: (WOT) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-12] CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12] CHR Extension: (Adblock Plus) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12] CHR Extension: (Google Search) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12] CHR Extension: (Google Calendar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-02-12] CHR Extension: (Google Sheets) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12] CHR Extension: (AdBlock) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-12] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-12] CHR Extension: (Snap Links Lite) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmmhhijggcmbeejedibpdcahpkneegg [2015-02-12] CHR Extension: (Adblock for Facebook™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2015-02-12] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Skype Click to Call) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-12] CHR Extension: (Google Maps) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-02-12] CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12] CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-02-12] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-02-12] CHR Extension: (Google Publisher Toolbar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2015-02-12] CHR Extension: (Picasa) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-02-12] CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-19] (Avira Operations GmbH & Co. KG) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] () S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 Disc Soft Lite Bus Service; D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation) R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation) S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-18] (Avira Operations GmbH & Co. KG) S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-17] (Disc Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation) S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 rusb3xhc; C:\Windows\System32\drivers\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 14:20 - 2015-03-20 14:20 - 00027278 _____ () C:\Users\Joey\Downloads\FRST.txt 2015-03-20 14:19 - 2015-03-20 14:19 - 02095616 _____ (Farbar) C:\Users\Joey\Downloads\FRST64.exe 2015-03-20 14:12 - 2015-03-20 14:12 - 00852604 _____ () C:\Users\Joey\Downloads\SecurityCheck.exe 2015-03-20 13:24 - 2015-03-20 13:24 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-19 20:19 - 2015-03-20 13:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-19 20:19 - 2015-03-19 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-19 20:19 - 2015-03-19 20:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 20:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-19 20:19 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-19 20:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-19 19:12 - 2015-03-20 14:20 - 00000000 ____D () C:\FRST 2015-03-19 19:11 - 2015-03-19 19:11 - 00000148 _____ () C:\Users\Joey\defogger_reenable 2015-03-18 20:20 - 2015-03-18 20:20 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Avira 2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Avira 2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-18 20:19 - 2015-03-18 20:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-18 20:19 - 2015-03-18 20:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-18 20:19 - 2015-03-18 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-18 20:19 - 2015-03-18 20:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-03-17 21:06 - 2015-03-17 21:06 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Toolkit 2015-03-17 20:29 - 2015-03-19 20:29 - 00000000 ____D () C:\AdwCleaner 2015-03-17 20:27 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{88895279-122e-9ae9-8889-9527912249e4} 2015-03-17 20:23 - 2015-03-17 20:23 - 00613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp 2015-03-17 20:22 - 2015-03-20 12:04 - 00001340 _____ () C:\Windows\Tasks\OHTY.job 2015-03-17 20:22 - 2015-03-20 09:44 - 00001340 _____ () C:\Windows\Tasks\CVJW.job 2015-03-17 20:22 - 2015-03-19 06:48 - 00000000 ____D () C:\Program Files (x86)\a44392f2-25b4-4f24-ae7b-895b85863b5f 2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\OHTY 2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\CVJW 2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ECCF436F-1426620174-2F51-E082-AC9E17EC3E93 2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\ProgramData\11245081753149381587 2015-03-17 20:21 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{fb0ae85f-f0a9-0f48-fb0a-ae85ff0aa17f} 2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-03-17 20:03 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Help 2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-03-17 20:00 - 2015-03-17 20:00 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\DAEMON Tools Lite 2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-03-17 19:59 - 2015-03-17 19:59 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-03-15 18:47 - 2015-03-15 18:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\QNAP 2015-03-15 18:46 - 2015-03-15 18:46 - 00002942 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup 2015-03-15 18:46 - 2015-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP 2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\TechSmith 2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Local\TechSmith 2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\TechSmith 2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith 2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-03-12 06:51 - 2015-03-17 20:21 - 00000000 ____D () C:\Users\Joey\AppData\Local\CrashDumps 2015-03-11 19:22 - 2015-03-11 19:22 - 00000000 ___HD () C:\ProgramData\CanonBJ 2015-03-11 19:22 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMB6.DLL 2015-03-11 19:22 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNC_B6L.dll 2015-03-11 19:22 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\Windows\system32\CNC_B6C.dll 2015-03-11 19:22 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_B6I.dll 2015-03-11 19:22 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll 2015-03-10 21:31 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-10 21:31 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-03-10 21:31 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-10 21:31 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-10 21:31 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-03-10 21:31 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-03-10 21:31 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-10 21:31 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-03-10 21:31 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-10 21:31 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-10 21:30 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 21:30 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-10 21:30 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW 2015-03-06 00:20 - 2015-03-06 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-26 23:53 - 2015-02-26 23:53 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\MPC-HC 2015-02-20 21:38 - 2015-02-20 21:38 - 00000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg 2015-02-20 15:08 - 2015-03-20 14:18 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job 2015-02-20 15:08 - 2015-03-19 15:18 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job 2015-02-20 15:08 - 2015-02-20 15:13 - 00004070 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA 2015-02-20 15:08 - 2015-02-20 15:13 - 00003690 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core 2015-02-20 15:08 - 2015-02-20 15:08 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2015-02-19 20:46 - 2015-02-19 20:46 - 00000000 ____D () C:\Users\Joey\Documents\Electronic Arts 2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\WinRAR 2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-19 20:43 - 2015-02-19 20:44 - 00000000 ____D () C:\Program Files\WinRAR 2015-02-19 19:53 - 2015-03-17 21:24 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\FileZilla 2015-02-19 19:40 - 2015-02-19 19:40 - 00000000 ____D () C:\Users\Joey\AppData\Local\Steam ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 14:11 - 2015-02-12 18:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-20 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-03-20 13:36 - 2015-02-12 17:26 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-20 13:30 - 2015-02-12 17:21 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2568549407-2221234275-1578291052-1001 2015-03-20 06:06 - 2015-02-12 17:12 - 02023039 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 20:37 - 2014-11-21 04:35 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-19 20:37 - 2014-11-21 03:45 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-03-19 20:37 - 2014-11-21 03:45 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-03-19 20:31 - 2015-02-12 17:19 - 00000000 ____D () C:\Users\Joey\OneDrive 2015-03-19 20:31 - 2013-08-22 15:46 - 00041406 _____ () C:\Windows\setupact.log 2015-03-19 20:30 - 2015-02-12 17:26 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-19 20:30 - 2015-02-09 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-19 20:30 - 2014-11-20 19:24 - 00139172 _____ () C:\Windows\PFRO.log 2015-03-19 20:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System 2015-03-19 20:30 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 20:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-03-19 20:19 - 2015-02-12 17:31 - 00000000 ____D () C:\Users\Joey\AppData\Local\Spotify 2015-03-19 20:16 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Spotify 2015-03-19 19:11 - 2015-02-12 17:15 - 00000000 ____D () C:\Users\Joey 2015-03-19 16:39 - 2015-02-12 17:34 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Dropbox 2015-03-19 06:48 - 2015-02-09 10:59 - 00000000 ____D () C:\Program Files (x86)\ASUS 2015-03-18 20:11 - 2015-02-14 14:21 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\NVIDIA 2015-03-18 20:01 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc 2015-03-17 21:06 - 2015-02-12 17:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Packages 2015-03-17 20:31 - 2013-08-22 15:44 - 00409896 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-17 20:30 - 2015-02-12 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-17 20:27 - 2013-08-22 14:25 - 00000269 _____ () C:\Windows\win.ini 2015-03-17 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-17 20:03 - 2014-11-21 04:13 - 00000000 ____D () C:\Windows\ShellNew 2015-03-17 20:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-03-14 23:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-03-14 02:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-03-14 00:48 - 2015-02-12 17:35 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-12 17:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-03-12 06:51 - 2015-02-12 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-10 22:22 - 2015-01-23 13:16 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-10 22:19 - 2015-01-23 13:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-07 18:57 - 2015-02-12 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla 2015-03-04 22:24 - 2014-11-21 12:01 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-04 22:24 - 2014-11-21 12:01 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-03 14:17 - 2015-02-12 17:51 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-20 15:08 - 2015-02-12 17:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Google ==================== Files in the root of some directories ======= 2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW 2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Joey\AppData\Roaming\OHTY 2015-03-17 20:23 - 2015-03-17 20:23 - 0613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp 2015-02-20 21:38 - 2015-02-20 21:38 - 0000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg 2015-02-09 10:36 - 2015-02-09 10:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Joey\AppData\Local\Temp\avgnt.exe C:\Users\Joey\AppData\Local\Temp\avira_antivirus_pro_de.exe C:\Users\Joey\AppData\Local\Temp\bitool.dll C:\Users\Joey\AppData\Local\Temp\D60A330C-D09A-E5F5-4799-F4322A86F3E4.dll C:\Users\Joey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn8vx6i.dll C:\Users\Joey\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Joey\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Joey\AppData\Local\Temp\nvStInst.exe C:\Users\Joey\AppData\Local\Temp\ose00000.exe C:\Users\Joey\AppData\Local\Temp\Quarantine.exe C:\Users\Joey\AppData\Local\Temp\sdan.exe C:\Users\Joey\AppData\Local\Temp\sdapk.exe C:\Users\Joey\AppData\Local\Temp\sdaspwn.exe C:\Users\Joey\AppData\Local\Temp\SpOrder.dll C:\Users\Joey\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-13 02:14 ==================== End Of Log ============================ |
|
21.03.2015, 10:50
| #6 |
| /// the machine /// TB-Ausbilder | Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
c:\Program Files (x86)\Super Optimizer
C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\20150317158907[1].exe
C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\OfferInstaller[1].exe
C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\JM9SA1QX\setup[1].exe
C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\8B374F555B5E3B43D93C37100CC3E6748FAE7093
C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\97B20B4F812BBBB56E5CDDA1A8942C5533AD1D13
C:\Users\Joey\AppData\Local\Temp\besE84A.exe
C:\Users\Joey\AppData\Local\Temp\nsp5B1C.tmp
C:\Users\Joey\AppData\Local\Temp\setup.exe
C:\Users\Joey\AppData\Local\Temp\nsu57E9.tmp\nsWeb_DispWPag.dll
C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\staged\veggy@veggyAddon.com\chrome\content\main.js
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Noch Probleme?
__________________ --> Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) |
|
21.03.2015, 19:20
| #7 |
| | Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Joey at 2015-03-21 15:48:49 Run:1
Running from C:\Users\Joey\Downloads
Loaded Profiles: Joey (Available profiles: Joey)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
c:\Program Files (x86)\Super Optimizer
C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\20150317158907[1].exe
C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\OfferInstaller[1].exe
C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\JM9SA1QX\setup[1].exe
C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\8B374F555B5E3B43D93C37100CC3E6748FAE7093
C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\97B20B4F812BBBB56E5CDDA1A8942C5533AD1D13
C:\Users\Joey\AppData\Local\Temp\besE84A.exe
C:\Users\Joey\AppData\Local\Temp\nsp5B1C.tmp
C:\Users\Joey\AppData\Local\Temp\setup.exe
C:\Users\Joey\AppData\Local\Temp\nsu57E9.tmp\nsWeb_DispWPag.dll
C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\staged\veggy@veggyAddon.com\chrome\content\main.js
Emptytemp:
*****************
cae99edb => Service deleted successfully.
"c:\Program Files (x86)\Super Optimizer" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\20150317158907[1].exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\OfferInstaller[1].exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\JM9SA1QX\setup[1].exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\8B374F555B5E3B43D93C37100CC3E6748FAE7093" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\97B20B4F812BBBB56E5CDDA1A8942C5533AD1D13" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Temp\besE84A.exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Temp\nsp5B1C.tmp" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Temp\setup.exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Temp\nsu57E9.tmp\nsWeb_DispWPag.dll" => File/Directory not found.
"C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\staged\veggy@veggyAddon.com\chrome\content\main.js" => File/Directory not found.
EmptyTemp: => Removed 2.4 GB temporary data.
The system needed a reboot.
==== End of Fixlog 15:49:12 ====
Wenn ja auf jeden Fall vielen vielen Dank *.* Mit freundlichen Grüßen Joey (Falls nicht, melde ich mich einfach wieder  ) |
|
22.03.2015, 08:07
| #8 |
| /// the machine /// TB-Ausbilder | Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) |
| antivirus, cinemaplus 1.0dv17.03 entfernen, computer, entfernen, fehlercode 0x80070057, fehlercode 0xc0000142, fehlercode 0xc0000409, fehlercode 0xc000041d, fehlercode windows, flash player, gmer.log, homepage, js/kryptik.i, msil/adware.imali.a, programm, super, super optimizer, system error, win32/adware.convertad.aq, win32/adware.speedingupmypc.c, win32/elex.bm, win32/installmonetizer.bc, win32/optimizerpro.a, win32/somoto.g, win32/toolbar.bitcocktail.c, win32/toolbar.perion.k, win32/toolbar.perion.l, win64/toolbar.perion.b, windowsapps |
dann auf 
und dann auf 
. 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
