Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 19.03.2015, 19:58   #1
dingsibumzi
 
Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Standard

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)



Guten Abend,
ich habe mir vor 1-2 Tagen das Programm "Daemon Tools" runtergeladen um eine Image Datei in ein Virtuelles Laufwerk zu Mounten und mir somit das Brennen zu ersparen.
Seitdem ich dies getan habe, sind alle Seiten die ich im Browser öffne voll mit Werbung (trotz AdBlocker) und bei sogut wie jedem Klick (egal wo hin) öffnet sich ein Popup oder Tab.

Die ganzen nervigen kleinen Programme, welche Automatisch im Hintergrund mit installiert wurden, habe ich schon entfernt.
Anfangs ist mir auch dauerhaft der Browser zu gegangen und es öffnete ihn immer wieder mit komischen Tabs, was allerdings durch das entfernen der Hintergrund Programme nicht mehr vorhanden ist.

Ich habe hier einmal die Anleitungen befolgt und hoffe, dass damit alle Informationen gegeben sind, die gewünscht sind.

defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:11 on 19/03/2015 (Joey)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Joey (administrator) on YAOI on 19-03-2015 19:12:26
Running from C:\Users\Joey\Downloads
Loaded Profiles: Joey (Available profiles: Joey)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Spotify Ltd) C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Disc Soft Ltd) D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify Web Helper] => C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google Update] => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-20] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google+ Auto Backup] => C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify] => C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {6fb6e9cb-c419-11e4-8259-ac9e17ec3e93} - "M:\LaunchU3.exe" -a
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {ea776981-cbbe-11e4-825f-ac9e17ec3e93} - "M:\SETUP.EXE" 
Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Hosts: 69.167.144.15 camtasiatudi.techsmith.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Programme\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Programme\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Extension: CinemaPlus 1.0dV17.03 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [2015-03-17]
FF Extension: Zoom It - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{14e5d2fa-092b-ec85-01ab-ba8c709d84c8} [2015-03-17]
FF Extension: WOT - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-12]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-02-12]
FF Extension: ProxTube - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ich@maltegoetz.de.xpi [2015-02-12]
FF Extension: NoScript - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-12]
FF Extension: Mountain Bike 1.0.1 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{8eaa906e-24dc-48aa-a1bf-893f16c0e11d}.xpi [2015-03-17]
FF Extension: Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=78B0F80F411BFC9D&affID=119357&tsp=4979
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426619680&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H", "hxxp://www.istartsurf.com/?type=hppp&ts=1426619747&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (CinemaPlus 1.0dV17.03) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb [2015-03-17]
CHR Extension: (HD for YouTube™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]
CHR Extension: (WOT) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-12]
CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12]
CHR Extension: (Google Calendar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-02-12]
CHR Extension: (Google Sheets) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (AdBlock) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-12]
CHR Extension: (Snap Links Lite) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmmhhijggcmbeejedibpdcahpkneegg [2015-02-12]
CHR Extension: (Adblock for Facebook™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2015-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-12]
CHR Extension: (Google Maps) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-02-12]
CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-02-12]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-02-12]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2015-02-12]
CHR Extension: (Picasa) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-02-12]
CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-18] (Avira Operations GmbH & Co. KG)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-17] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 rusb3xhc; C:\Windows\System32\drivers\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 19:12 - 2015-03-19 19:12 - 00024758 _____ () C:\Users\Joey\Downloads\FRST.txt
2015-03-19 19:12 - 2015-03-19 19:12 - 00000000 ____D () C:\FRST
2015-03-19 19:11 - 2015-03-19 19:11 - 02095616 _____ (Farbar) C:\Users\Joey\Downloads\FRST64.exe
2015-03-19 19:11 - 2015-03-19 19:11 - 00000540 _____ () C:\Users\Joey\Downloads\defogger_disable.log
2015-03-19 19:11 - 2015-03-19 19:11 - 00000148 _____ () C:\Users\Joey\defogger_reenable
2015-03-19 19:09 - 2015-03-19 19:09 - 00050477 _____ () C:\Users\Joey\Downloads\Defogger.exe
2015-03-19 19:03 - 2015-03-19 19:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Joey\Downloads\tdsskiller.exe
2015-03-19 16:39 - 2015-03-16 06:27 - 00000000 ____D () C:\Users\Joey\Downloads\NLAG.612
2015-03-19 16:37 - 2015-03-19 16:38 - 328023164 _____ () C:\Users\Joey\Downloads\NLAG.612.rar
2015-03-18 20:20 - 2015-03-18 20:20 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-18 20:19 - 2015-03-18 20:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-17 21:06 - 2015-03-17 21:06 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Toolkit
2015-03-17 20:33 - 2015-03-17 20:33 - 01054912 _____ (Adobe) C:\Users\Joey\Downloads\install_flashplayer17x32au_mssd_aaa_aih.exe
2015-03-17 20:29 - 2015-03-19 16:35 - 00000000 ____D () C:\AdwCleaner
2015-03-17 20:29 - 2015-03-17 20:29 - 02171392 _____ () C:\Users\Joey\Downloads\adwcleaner_4.112.exe
2015-03-17 20:27 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{88895279-122e-9ae9-8889-9527912249e4}
2015-03-17 20:23 - 2015-03-17 20:23 - 00613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-03-17 20:22 - 2015-03-19 18:54 - 00001340 _____ () C:\Windows\Tasks\OHTY.job
2015-03-17 20:22 - 2015-03-19 18:54 - 00001340 _____ () C:\Windows\Tasks\CVJW.job
2015-03-17 20:22 - 2015-03-19 06:48 - 00000000 ____D () C:\Program Files (x86)\a44392f2-25b4-4f24-ae7b-895b85863b5f
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\OHTY
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\CVJW
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ECCF436F-1426620174-2F51-E082-AC9E17EC3E93
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\ProgramData\11245081753149381587
2015-03-17 20:21 - 2015-03-19 18:51 - 00000000 ____D () C:\Program Files (x86)\CinemaPlus 1.0dV17.03
2015-03-17 20:21 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{fb0ae85f-f0a9-0f48-fb0a-ae85ff0aa17f}
2015-03-17 20:15 - 2015-03-17 20:17 - 00008608 _____ () C:\Windows\SysWOW64\BasementDusterOff.ini
2015-03-17 20:15 - 2015-03-17 20:17 - 00008608 _____ () C:\Windows\system32\BasementDusterOff.ini
2015-03-17 20:15 - 2015-03-16 16:21 - 00295808 _____ (BD Inc.) C:\Windows\SysWOW64\BDL.dll
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-17 20:03 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-17 20:00 - 2015-03-17 20:00 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\DAEMON Tools Lite
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-17 19:59 - 2015-03-17 19:59 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-03-17 19:51 - 2015-03-17 19:51 - 00000000 ____D () C:\Users\Joey\Documents\Medium
2015-03-15 18:47 - 2015-03-15 18:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\QNAP
2015-03-15 18:46 - 2015-03-15 18:46 - 00002942 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2015-03-15 18:46 - 2015-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\TechSmith
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Local\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-12 20:10 - 2015-03-12 20:10 - 257992504 _____ () C:\Users\Joey\Downloads\camtasiade.exe
2015-03-12 06:51 - 2015-03-17 20:21 - 00000000 ____D () C:\Users\Joey\AppData\Local\CrashDumps
2015-03-11 19:22 - 2015-03-11 19:22 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-03-11 19:22 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMB6.DLL
2015-03-11 19:22 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNC_B6L.dll
2015-03-11 19:22 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\Windows\system32\CNC_B6C.dll
2015-03-11 19:22 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_B6I.dll
2015-03-11 19:22 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-03-11 17:15 - 2015-03-03 06:41 - 00000000 ____D () C:\Users\Joey\Downloads\NLAG.610
2015-03-10 21:31 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-10 21:31 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-10 21:31 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 21:31 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 21:30 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:30 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 21:30 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-03-06 00:20 - 2015-03-06 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-26 23:53 - 2015-02-26 23:53 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\MPC-HC
2015-02-20 21:38 - 2015-02-20 21:38 - 00000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-20 15:08 - 2015-03-19 18:18 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job
2015-02-20 15:08 - 2015-03-19 15:18 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job
2015-02-20 15:08 - 2015-02-20 15:13 - 00004070 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA
2015-02-20 15:08 - 2015-02-20 15:13 - 00003690 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core
2015-02-20 15:08 - 2015-02-20 15:08 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-02-19 20:46 - 2015-02-19 20:46 - 00000000 ____D () C:\Users\Joey\Documents\Electronic Arts
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:43 - 2015-02-19 20:44 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-19 19:53 - 2015-03-17 21:24 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\FileZilla
2015-02-19 19:40 - 2015-02-19 19:40 - 00000000 ____D () C:\Users\Joey\AppData\Local\Steam
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieUserList
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieSiteList
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieBrowserModeList
2015-02-17 18:01 - 2015-02-17 18:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-17 18:01 - 2015-02-17 18:01 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-02-17 17:37 - 1999-10-21 11:12 - 00020400 _____ (EnTech Taiwan) C:\Windows\SysWOW64\Drivers\entech.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 19:11 - 2015-02-12 18:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 19:11 - 2015-02-12 17:15 - 00000000 ____D () C:\Users\Joey
2015-03-19 19:06 - 2015-02-12 17:12 - 01901840 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 19:01 - 2014-11-21 04:35 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 19:01 - 2014-11-21 03:45 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-03-19 19:01 - 2014-11-21 03:45 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-03-19 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-19 18:55 - 2015-02-12 17:31 - 00000000 ____D () C:\Users\Joey\AppData\Local\Spotify
2015-03-19 18:55 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Spotify
2015-03-19 18:55 - 2015-02-12 17:19 - 00000000 ___RD () C:\Users\Joey\OneDrive
2015-03-19 18:55 - 2013-08-22 15:46 - 00041058 _____ () C:\Windows\setupact.log
2015-03-19 18:54 - 2015-02-12 17:26 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 18:54 - 2015-02-09 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 18:54 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 18:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-19 18:36 - 2015-02-12 17:26 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 16:39 - 2015-02-12 17:34 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Dropbox
2015-03-19 06:48 - 2015-02-09 10:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-18 20:26 - 2015-02-12 17:21 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2568549407-2221234275-1578291052-1001
2015-03-18 20:11 - 2015-02-14 14:21 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\NVIDIA
2015-03-18 20:01 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc
2015-03-17 21:06 - 2015-02-12 17:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Packages
2015-03-17 20:31 - 2014-11-20 19:24 - 00021292 _____ () C:\Windows\PFRO.log
2015-03-17 20:31 - 2013-08-22 15:44 - 00409896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 20:30 - 2015-02-12 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 20:27 - 2013-08-22 14:25 - 00000269 _____ () C:\Windows\win.ini
2015-03-17 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-17 20:03 - 2014-11-21 04:13 - 00000000 ____D () C:\Windows\ShellNew
2015-03-17 20:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-14 23:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-14 02:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-14 00:48 - 2015-02-12 17:35 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 17:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 06:51 - 2015-02-12 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-10 22:22 - 2015-01-23 13:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 22:19 - 2015-01-23 13:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 18:57 - 2015-02-12 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla
2015-03-04 22:24 - 2014-11-21 12:01 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-11-21 12:01 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 14:17 - 2015-02-12 17:51 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-20 15:08 - 2015-02-12 17:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Google

==================== Files in the root of some directories =======

2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Joey\AppData\Roaming\OHTY
2015-03-17 20:23 - 2015-03-17 20:23 - 0613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-02-20 21:38 - 2015-02-20 21:38 - 0000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-09 10:36 - 2015-02-09 10:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Joey\AppData\Local\Temp\avgnt.exe
C:\Users\Joey\AppData\Local\Temp\avira_antivirus_pro_de.exe
C:\Users\Joey\AppData\Local\Temp\besE84A.exe
C:\Users\Joey\AppData\Local\Temp\bitool.dll
C:\Users\Joey\AppData\Local\Temp\D60A330C-D09A-E5F5-4799-F4322A86F3E4.dll
C:\Users\Joey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn8vx6i.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Joey\AppData\Local\Temp\nvStInst.exe
C:\Users\Joey\AppData\Local\Temp\ose00000.exe
C:\Users\Joey\AppData\Local\Temp\Quarantine.exe
C:\Users\Joey\AppData\Local\Temp\sdan.exe
C:\Users\Joey\AppData\Local\Temp\sdapk.exe
C:\Users\Joey\AppData\Local\Temp\sdaspwn.exe
C:\Users\Joey\AppData\Local\Temp\setup.exe
C:\Users\Joey\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\Joey\AppData\Local\Temp\SpOrder.dll
C:\Users\Joey\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 02:14

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Joey at 2015-03-19 19:12:40
Running from C:\Users\Joey\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Camtasia Studio 8 (HKLM-x32\...\{64CA5C05-4281-434C-A984-3A4FE6411805}) (Version: 8.5.0.1954 - TechSmith Corporation)
CinemaPlus 1.0dV17.03 (HKLM-x32\...\CinemaPlus 1.0dV17.03) (Version: 1.36.01.22 - CinemaPlus 1.0dV17.03) <==== ATTENTION
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0 (HKLM-x32\...\Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0) (Version:  - )
Dropbox (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
GU Player (remove only) (HKLM-x32\...\GU Player) (Version:  - )
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.2.5.0108 - QNAP Systems, Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 Update v1.4.83.1010 inc Outdoor Retreat DLC (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-03-2015 17:13:59 Windows Modules Installer
17-03-2015 20:02:58 Installed Microsoft Office Professional Plus 2013
17-03-2015 20:03:02 PROPLUS

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-12 20:17 - 2015-03-12 20:17 - 00000866 ____A C:\Windows\system32\Drivers\etc\hosts
69.167.144.15 camtasiatudi.techsmith.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {006DBC9F-E6C6-430B-AF69-D583868A35AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {063D42A9-F0B6-4C94-892F-F66530D74635} - System32\Tasks\CVJW => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: {1DCA829D-AEDE-4898-9EAC-2F6A687FFA9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {879C4521-051C-46E1-BEBF-F853CFB0E873} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {89C70B19-4F3A-4047-9A37-2CB497974324} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {96377C93-80B6-45D6-B804-BF545B28BD85} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {AB9CEB98-25F6-4605-9B8E-DAD6B02F9C63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B6E78CE3-DEE8-445E-BAF0-948DCB4D98F4} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {CFCC9FE2-25DC-4DE3-8C2D-1855CBBF8F5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {D027BDD3-63DA-441A-B7A4-6E6C7430AFB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D1EC3D12-BFC9-4693-B83E-FE3C3EB5EA93} - System32\Tasks\OHTY => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION
Task: {D949C1EB-7F0C-4B6D-8EEC-BD9115D44F6A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F2EBA190-0186-42E3-B2A2-B8EFAF1B3FD4} - System32\Tasks\iSCSIAgentAutoStartup => D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2015-01-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CVJW.job => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OHTY.job => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-02-09 11:00 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-12 17:49 - 2013-07-04 03:32 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-03-15 18:46 - 2015-01-27 08:16 - 01739952 _____ () D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
2015-02-12 17:49 - 2015-03-19 18:54 - 00028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-02-12 17:49 - 2012-05-07 17:04 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-02-13 12:15 - 2015-02-13 12:15 - 03219456 _____ () C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-03-02 21:30 - 2015-03-02 21:30 - 00039384 _____ () D:\Programme\FileZilla\fzshellext.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-12 21:37 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-12 21:37 - 2015-03-07 07:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Joey\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joey\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "shopperz64"
HKLM\...\StartupApproved\Run: => "shopperz"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "superpc_soft_partner.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "PriceLessInstaller.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== Accounts: =============================

Administrator (S-1-5-21-2568549407-2221234275-1578291052-500 - Administrator - Disabled)
Gast (S-1-5-21-2568549407-2221234275-1578291052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568549407-2221234275-1578291052-1003 - Limited - Enabled)
Joey (S-1-5-21-2568549407-2221234275-1578291052-1001 - Administrator - Enabled) => C:\Users\Joey

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2015 08:25:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm package_superpc_installer_multilang.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e24

Startzeit: 01d060e7cf8a9677

Endzeit: 4294967295

Anwendungspfad: C:\Users\Joey\AppData\Local\Temp\is-PRB45.tmp\package_superpc_installer_multilang.tmp

Berichts-ID: 4d41023e-ccdb-11e4-825f-ac9e17ec3e93

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/17/2015 08:24:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AnyProtect.exe, Version 1.0.0.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 149c

Startzeit: 01d060e7f611fc3b

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Berichts-ID: 44f974e6-ccdb-11e4-825f-ac9e17ec3e93

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/17/2015 08:23:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm nsv415B.tmp, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 19fc

Startzeit: 01d060e6c4fc815a

Endzeit: 4294967295

Anwendungspfad: C:\Users\Joey\AppData\Local\Temp\nsv415B.tmp

Berichts-ID: 1e790abe-ccdb-11e4-825f-ac9e17ec3e93

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/17/2015 08:22:02 PM) (Source: MsiInstaller) (EventID: 11309) (User: YAOI)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (03/17/2015 08:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 41.0.2272.89, Zeitstempel: 0x54fa819a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x197c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (03/17/2015 08:20:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: qrsvc.exe, Version: 1.10.0.9, Zeitstempel: 0x54d51cc7
Name des fehlerhaften Moduls: qrsvc.exe, Version: 1.10.0.9, Zeitstempel: 0x54d51cc7
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000250ec
ID des fehlerhaften Prozesses: 0x1db0
Startzeit der fehlerhaften Anwendung: 0xqrsvc.exe0
Pfad der fehlerhaften Anwendung: qrsvc.exe1
Pfad des fehlerhaften Moduls: qrsvc.exe2
Berichtskennung: qrsvc.exe3
Vollständiger Name des fehlerhaften Pakets: qrsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: qrsvc.exe5

Error: (03/15/2015 02:36:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (03/14/2015 02:30:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (03/13/2015 06:51:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/12/2015 05:04:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: StartIsBack64.dll, Version: 3.5.0.39, Zeitstempel: 0x52b9f014
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000022eee
ID des fehlerhaften Prozesses: 0xd44
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5


System errors:
=============
Error: (03/19/2015 06:55:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:55:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:55:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:55:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:55:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SuperOptimizer Stats erreicht.

Error: (03/19/2015 06:54:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:53:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:36:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 04:36:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 02:36:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (03/17/2015 08:25:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: package_superpc_installer_multilang.tmp51.52.0.0e2401d060e7cf8a96774294967295C:\Users\Joey\AppData\Local\Temp\is-PRB45.tmp\package_superpc_installer_multilang.tmp4d41023e-ccdb-11e4-825f-ac9e17ec3e93

Error: (03/17/2015 08:24:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AnyProtect.exe1.0.0.4149c01d060e7f611fc3b4294967295C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe44f974e6-ccdb-11e4-825f-ac9e17ec3e93

Error: (03/17/2015 08:23:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsv415B.tmp0.0.0.019fc01d060e6c4fc815a4294967295C:\Users\Joey\AppData\Local\Temp\nsv415B.tmp1e790abe-ccdb-11e4-825f-ac9e17ec3e93

Error: (03/17/2015 08:22:02 PM) (Source: MsiInstaller) (EventID: 11309) (User: YAOI)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/17/2015 08:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.8954fa819antdll.dll6.3.9600.1763054b0d74fc00001420009e0b2197c01d060e7a23997bfC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dlldfe88550-ccda-11e4-825f-ac9e17ec3e93

Error: (03/17/2015 08:20:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: qrsvc.exe1.10.0.954d51cc7qrsvc.exe1.10.0.954d51cc7c0000409000250ec1db001d060e6909000daC:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exeC:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exeb2bf6a7f-ccda-11e4-825f-ac9e17ec3e93

Error: (03/15/2015 02:36:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: SystemFalscher Parameter. (0x80070057)

Error: (03/14/2015 02:30:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: SystemFalscher Parameter. (0x80070057)

Error: (03/13/2015 06:51:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/12/2015 05:04:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2StartIsBack64.dll3.5.0.3952b9f014c000041d0000000000022eeed4401d05cde3b68818bC:\Windows\Explorer.EXEC:\Program Files (x86)\StartIsBack\StartIsBack64.dll79bbf64a-c8d1-11e4-825e-ac9e17ec3e93


CodeIntegrity Errors:
===================================
  Date: 2015-03-18 03:04:18.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 19%
Total physical RAM: 16319.17 MB
Available physical RAM: 13080.86 MB
Total Pagefile: 18751.17 MB
Available Pagefile: 14839.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:100.41 GB) (Free:41.59 GB) NTFS
Drive d: (Programme) (Fixed) (Total:931.51 GB) (Free:901.11 GB) NTFS
Drive f: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:3.63 GB) (Free:2.16 GB) FAT32
Drive h: (Games) (Fixed) (Total:930.86 GB) (Free:368.69 GB) NTFS
Drive j: (Serien) (Fixed) (Total:1863.01 GB) (Free:1268.59 GB) NTFS
Drive k: (Animes) (Fixed) (Total:1862.98 GB) (Free:695.94 GB) NTFS
Drive l: (Sicherung) (Fixed) (Total:931.51 GB) (Free:367.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D64245DE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B7EFD763)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B78A4E50)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 3.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002F734)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

gmer.log
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-19 19:27:06
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000027 Samsung_SSD_850_EVO_120GB rev.EMT01B6Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Joey\AppData\Local\Temp\pgldrpod.sys


---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [628:652]                                                                                                                                                                                         fffff9600083a2d0
Thread   C:\Windows\system32\csrss.exe [628:724]                                                                                                                                                                                         fffff9600083a2d0
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2932]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2936]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2940]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2944]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2948]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2952]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2956]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2960]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2968]                                                                                                                                                                            0000000003af1b60
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2984]                                                                                                                                                                            0000000003af1b60
---- Processes - GMER 2.1 ----

Library  C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll (*** suspicious ***) @ C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [5412](2015-02-13 11:15:16)  00000000027b0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                                               1259671043
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{2bf570e8-dfd8-47df-a4af-15d890248277}@LastProbeTime                                                                                                           1426624580
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                                                   0x4B 0x02 0x29 0x0D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                                                                                 1698
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                                                                81
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In                                                                                      v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out                                                                                     v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In                                                                                      v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out                                                                                     v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile@EnableFirewall                                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile@EnableFirewall                                                                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                                                                                                          23
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                                                                                                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                                                0x0C 0xFB 0x24 0xDE ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter                                                                                                                                               62
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                                                                                                                                  1
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime                                                                                                                        0x61 0x67 0xAC 0xD9 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime                                                                                                                   0x61 0x67 0xAC 0xD9 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherBandwidthBucketDrainTime                                                                                                                        0x9A 0xD8 0xCC 0x6E ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime                                                                                                                          0x61 0x67 0xAC 0xD9 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime                                                                                                                         0x61 0x67 0xAC 0xD9 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken                                                                                                                                         LM%3d63562303568113%3bID%3d108FE72B08E15310!104%3bLR%3d63562325497380%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest                                                                                                                          0xC0 0x9F 0xCE 0xEE ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Lite                                                                                                                                                            "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report                                                                                                                                                                   C:\AdwCleaner\AdwCleaner[S2].txt
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations                                                                                                                                           19

---- EOF - GMER 2.1 ----
         

Info: Die Avira Virenscanner Ergebnisse haben leider wegen zu vielen Zeichen nicht mehr in den Beitrag gepasst, weshalb ich diese nun im Anhang poste, hoffe das ist ok...


Mit freundlichen Grüßen
dingsibumzi (Joey)

Geändert von dingsibumzi (19.03.2015 um 20:06 Uhr)

 

Themen zu Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)
antivirus, cinemaplus 1.0dv17.03 entfernen, computer, entfernen, fehlercode 0x80070057, fehlercode 0xc0000142, fehlercode 0xc0000409, fehlercode 0xc000041d, fehlercode windows, flash player, gmer.log, homepage, js/kryptik.i, msil/adware.imali.a, programm, super, super optimizer, system error, win32/adware.convertad.aq, win32/adware.speedingupmypc.c, win32/elex.bm, win32/installmonetizer.bc, win32/optimizerpro.a, win32/somoto.g, win32/toolbar.bitcocktail.c, win32/toolbar.perion.k, win32/toolbar.perion.l, win64/toolbar.perion.b, windowsapps




Ähnliche Themen: Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)


  1. Chrome öffnet bei Klick auf Link Werbung & Werbung PopUps im Browser
    Plagegeister aller Art und deren Bekämpfung - 03.11.2015 (1)
  2. Alle Browser öffnen Werbung in neuen Fenstern, und auf aktueller Seite?
    Antiviren-, Firewall- und andere Schutzprogramme - 28.02.2015 (1)
  3. Popups und Werbung im Browser Win 7 64 Bit nach Winzip Installation
    Plagegeister aller Art und deren Bekämpfung - 13.06.2014 (19)
  4. Win 7, PopUps und Werbung im Browser
    Log-Analyse und Auswertung - 17.03.2014 (9)
  5. Windows8, Popups, Werbung im Browser,
    Log-Analyse und Auswertung - 13.03.2014 (21)
  6. Die selbe Werbung auf jeder Seite mehrmals und Virenfunde
    Log-Analyse und Auswertung - 06.02.2014 (8)
  7. Werbung "ads not by this site" auf jeder Internet-Seite
    Log-Analyse und Auswertung - 23.01.2014 (9)
  8. Mozilla firefox: viele Popups (Werbung, updates), related search sites bei jeder neu geöffneten Internetseite
    Log-Analyse und Auswertung - 16.01.2014 (10)
  9. Mozilla Firefox / Pop ups mit werbung auf fast jeder Seite
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (11)
  10. Problem mit Browser; vermehrt Werbung, verlinkte Wörter, plötzliche Popups
    Log-Analyse und Auswertung - 18.11.2013 (13)
  11. Lästige Spam-Banner Werbung auf JEDER Seite!
    Lob, Kritik und Wünsche - 04.09.2013 (0)
  12. Lästige Spam-Banner Werbung auf JEDER Seite!
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (21)
  13. Zufällige Links mit Werbung auf jeder aufgerufenen Seite ( Mac/Safari)
    Alles rund um Mac OSX & Linux - 09.07.2013 (10)
  14. Zufällige Links mit Werbung auf jeder aufgerufenen Seite ( Mac/Safari)
    Mülltonne - 09.07.2013 (8)
  15. clkads.com Werbung bei jeder Seite
    Log-Analyse und Auswertung - 28.08.2012 (6)
  16. Werbe PopUps nach jeder 3-4 Seite
    Log-Analyse und Auswertung - 15.08.2008 (9)
  17. Trojanermeldung und Popups auf jeder Seite
    Plagegeister aller Art und deren Bekämpfung - 11.10.2006 (4)

Zum Thema Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Guten Abend, ich habe mir vor 1-2 Tagen das Programm "Daemon Tools" runtergeladen um eine Image Datei in ein Virtuelles Laufwerk zu Mounten und mir somit das Brennen zu ersparen. - Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)...
Archiv
Du betrachtest: Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.