| |
| |||||||
Log-Analyse und Auswertung: Google Chrome öffnet neuerdings Fenster mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.06.2015, 08:55
| #1 |
 |  Google Chrome öffnet neuerdings Fenster mit Werbung Hallo ihr Lieben, habe die letzten Tage das Problem, dass Google Chrome immer wieder Seiten mit Werbung öffnet, obwohl ich AdBlockPlus verwende und das früher nie der Fall war. Habe die letzten Tage aber auch bei einem Download nicht aufgepasst und mir ein paar zusätzliche Programme installiert, die ich dann aber sofort wieder deinstalliert habe, auch die Erweiterungen in Google Chrome (kann mich nur leider nicht mehr an die genauen Bezeichnungen erinnern), seitdem ist auch dieses Problem aufgetreten, wird wohl daran liegen, nur leider weiß ich jetzt überhaupt nicht, wie ich das wieder beheben kann. Liebe Grüße und schon mal danke Nurmel |
|
26.06.2015, 09:20
| #2 |
| /// the machine /// TB-Ausbilder    | Google Chrome öffnet neuerdings Fenster mit Werbung hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
26.06.2015, 10:22
| #3 |
| | Google Chrome öffnet neuerdings Fenster mit Werbung FRST Logfile:
__________________Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Naomi (administrator) on DÖRTE on 26-06-2015 10:23:46
Running from C:\Users\Naomi\Downloads
Loaded Profiles: Naomi (Available Profiles: Naomi & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Users\Naomi\AppData\Local\WikiUpdate.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-11-01] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Denzi] => C:\Program Files (x86)\Denzi\Launcher.bat --wait
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-05] (Electronic Arts)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [Dropbox Update] => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\MountPoints2: {235c5be7-f406-11e4-be83-2cd05accbc66} - "F:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-05-01]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-22] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-2821126440-816702598-971368894-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2821126440-816702598-971368894-1001] => http=127.0.0.1:9880
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2821126440-816702598-971368894-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2821126440-816702598-971368894-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-28] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-28] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-28]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-28]
CHR Extension: (Google Docs) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-28]
CHR Extension: (Google Drive) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-28]
CHR Extension: (YouTube) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-28]
CHR Extension: (Adblock Plus) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-28]
CHR Extension: (Google Search) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Google Sheets) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-28]
CHR Extension: (Cut the Rope) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2015-03-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-28]
CHR Extension: (Gmail) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-22] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-04-01] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Izgingnessorbidies; C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe [281088 2015-06-16] () [File not signed] <==== ATTENTION
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-05] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-06-12] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-02] (Microsoft Corporation)
R2 WikiBrowserUpdateService; C:\Users\Naomi\AppData\Local\WikiUpdate.exe [364032 2015-06-16] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-02] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-12-18] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-22] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-02] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-26 10:23 - 2015-06-26 10:24 - 00021726 _____ C:\Users\Naomi\Downloads\FRST.txt
2015-06-26 10:23 - 2015-06-26 10:23 - 02112512 _____ (Farbar) C:\Users\Naomi\Downloads\FRST64.exe
2015-06-26 10:23 - 2015-06-26 10:23 - 00000000 ____D C:\FRST
2015-06-25 08:15 - 2015-06-25 08:15 - 00003202 _____ C:\WINDOWS\System32\Tasks\avastBCLRestart_chrome.exe
2015-06-24 20:28 - 2015-06-22 16:34 - 111524886 _____ C:\Users\Naomi\Desktop\20150622_163315.mp4
2015-06-24 19:17 - 2015-06-24 19:17 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-24 19:17 - 2015-06-24 19:17 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-24 19:17 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-24 19:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-24 19:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-24 19:15 - 2015-06-24 19:16 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Naomi\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-06-24 19:08 - 2015-06-24 19:17 - 00000158 _____ C:\WINDOWS\Reimage.ini
2015-06-24 19:08 - 2015-06-24 19:08 - 00772016 _____ (Reimage®) C:\Users\Naomi\Downloads\ReimageRepair.exe
2015-06-24 18:25 - 2015-06-24 18:25 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Enigma Software Group
2015-06-24 18:24 - 2015-06-24 18:24 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Naomi\Downloads\sh-remover.exe
2015-06-24 18:24 - 2015-06-24 18:24 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Naomi\Downloads\sh-remover (1).exe
2015-06-24 18:21 - 2015-06-24 18:21 - 00281088 _____ C:\Users\Naomi\Downloads\Izgingnessorbidies.exe
2015-06-24 11:52 - 2015-06-24 11:52 - 00001461 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-24 11:47 - 2015-06-24 11:47 - 00000000 ____D C:\Program Files (x86)\predm
2015-06-22 13:42 - 2015-06-22 13:42 - 00000000 ____D C:\ProgramData\f7b1ef2e00003c7e
2015-06-22 13:42 - 2015-06-22 13:42 - 00000000 ____D C:\ProgramData\148e9d54000038a6
2015-06-22 13:37 - 2015-06-22 13:37 - 00000000 __SHD C:\Program Files (x86)\Izgingnessorbidies
2015-06-22 13:23 - 2015-06-22 13:23 - 00001879 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Opera Software
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\Users\Naomi\AppData\Local\Opera Software
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\ProgramData\10130257668749325411
2015-06-22 13:22 - 2015-06-22 13:22 - 00003836 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1434972161
2015-06-22 13:22 - 2015-06-22 13:22 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk.1434973094.old
2015-06-22 13:18 - 2015-06-22 13:19 - 02975799 _____ (hxxp://www.streamtransport.com/ ) C:\Users\Naomi\Downloads\streamtransportsetup_25412.exe
2015-06-22 13:17 - 2015-06-24 20:02 - 00000000 ____D C:\Users\Naomi\AppData\Local\WikiBrowser
2015-06-22 13:05 - 2015-06-22 13:05 - 00000046 _____ C:\WINDOWS\SysWOW64\DonationCoder_urlsnooper_InstallInfo.dat
2015-06-22 13:05 - 2015-06-22 13:05 - 00000000 ____D C:\Users\Naomi\Documents\DonationCoder
2015-06-22 13:05 - 2015-06-22 13:05 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\DonationCoder
2015-06-22 12:54 - 2015-06-22 12:54 - 01198368 _____ C:\Users\Naomi\Downloads\URL Snooper - CHIP-Installer.exe
2015-06-22 12:42 - 2015-06-22 12:42 - 00000000 ____D C:\Users\Naomi\Documents\StreamTransport
2015-06-22 11:02 - 2015-06-22 11:02 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-22 11:00 - 2015-06-26 10:05 - 00001236 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA.job
2015-06-22 11:00 - 2015-06-22 11:05 - 00001184 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core.job
2015-06-22 11:00 - 2015-06-22 11:00 - 00004182 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA
2015-06-22 11:00 - 2015-06-22 11:00 - 00003802 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core
2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\Users\Naomi\AppData\Local\Dropbox
2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-22 10:48 - 2015-06-22 10:48 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-22 10:48 - 2015-06-22 10:48 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-22 10:44 - 2015-06-22 10:44 - 17805707 _____ C:\Users\Naomi\Downloads\streamtransport_1.1.6.2.zip
2015-06-22 10:43 - 2015-06-22 10:43 - 01198368 _____ C:\Users\Naomi\Downloads\StreamTransport - CHIP-Installer (1).exe
2015-06-22 10:40 - 2015-06-22 10:41 - 01198368 ____N C:\Users\Naomi\Downloads\StreamTransport - CHIP-Installer.exe
2015-06-16 22:17 - 2015-06-16 22:17 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\LibreOffice
2015-06-16 22:16 - 2015-06-16 22:16 - 00001484 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-06-16 22:16 - 2015-06-16 22:16 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-06-16 22:14 - 2015-06-16 22:16 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-06-16 22:12 - 2015-06-16 22:11 - 01197344 _____ C:\Users\Naomi\Downloads\trzDBE6.tmp
2015-06-16 22:09 - 2015-06-16 22:14 - 00000000 ____D C:\Users\Naomi\Documents\SoftMaker
2015-06-16 22:08 - 2015-06-16 22:09 - 61687304 _____ (SoftMaker Software GmbH) C:\Users\Naomi\Downloads\freeofficewindows.exe
2015-06-16 22:01 - 2015-06-16 22:01 - 01377255 _____ (Denzi) C:\Users\Naomi\Downloads\Denzi_setup.exe
2015-06-16 21:49 - 2015-06-16 21:50 - 39074536 _____ (Microsoft Corporation) C:\Users\Naomi\Downloads\FileFormatConverters.exe
2015-06-16 21:47 - 2015-06-16 21:47 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2015-06-16 21:46 - 2015-06-16 21:50 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-06-16 21:45 - 2015-06-16 21:45 - 01197344 _____ C:\Users\Naomi\Downloads\Word Viewer - CHIP-Installer (1).exe
2015-06-16 13:53 - 2015-06-16 13:53 - 00364032 _____ C:\Users\Naomi\AppData\Local\WikiUpdate.exe
2015-06-12 08:40 - 2015-06-12 08:40 - 00000232 _____ C:\Users\Naomi\Desktop\Far Cry 3.url
2015-06-12 08:40 - 2015-06-12 08:40 - 00000232 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Far Cry 3.url
2015-06-12 08:38 - 2015-06-12 08:38 - 00001228 _____ C:\Users\Naomi\Desktop\Uplay.lnk
2015-06-12 08:38 - 2015-06-12 08:38 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-06-12 08:37 - 2015-06-12 08:38 - 61778376 _____ (Ubisoft) C:\Users\Naomi\Downloads\UplayInstaller (1).exe
2015-06-10 23:58 - 2015-06-10 23:58 - 00000814 _____ C:\Users\Naomi\Downloads\Originals.lnk
2015-06-10 23:07 - 2015-06-10 23:07 - 01941744 _____ C:\Users\Naomi\Downloads\winrar-x64-521.exe
2015-06-10 23:05 - 2015-06-10 23:05 - 02058768 _____ C:\Users\Naomi\Downloads\winrar-x64-521d (1).exe
2015-06-10 23:02 - 2015-06-10 23:02 - 00000000 ____D C:\Users\Naomi\SupTab
2015-06-10 22:39 - 2015-06-10 22:39 - 01197344 _____ C:\Users\Naomi\Downloads\Everest Ultimate Edition - CHIP-Installer.exe
2015-06-10 22:38 - 2015-06-10 22:40 - 209818191 _____ C:\Users\Naomi\Downloads\0005-Win7_Win8_Win81_Win10_R278.zip
2015-06-10 22:34 - 2015-06-10 22:34 - 35084080 _____ C:\Users\Naomi\Downloads\PROWinx64.exe
2015-06-10 22:32 - 2015-06-10 22:32 - 25883081 _____ C:\Users\Naomi\Downloads\E50E.tmp
2015-06-10 21:03 - 2015-06-10 21:05 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-06-10 21:03 - 2015-06-10 21:03 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-06-10 21:03 - 2015-06-10 21:03 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Canneverbe Limited
2015-06-10 21:03 - 2015-06-10 21:03 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-06-10 21:02 - 2015-06-10 21:02 - 05419688 _____ (Canneverbe Limited ) C:\Users\Naomi\Downloads\cdbxp_setup_4.5.5.5642_minimal.exe
2015-06-10 21:02 - 2015-06-10 21:02 - 05419688 _____ (Canneverbe Limited ) C:\Users\Naomi\Downloads\cdbxp_setup_4.5.5.5642_minimal (1).exe
2015-06-10 20:27 - 2015-06-10 21:01 - 3268147200 _____ C:\Users\Naomi\Downloads\Win_7_Hm_Prem_German_x64.iso
2015-06-10 19:56 - 2015-06-10 19:56 - 2682257408 _____ C:\Users\Naomi\Downloads\windows7-homepremium-sp1-64 [1].exe
2015-06-10 19:28 - 2015-06-10 19:28 - 00771552 _____ (Internet ) C:\Users\Naomi\Downloads\windows7-homepremium-sp1-64.exe
2015-06-10 11:36 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 11:36 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 11:35 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 11:35 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 11:35 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 11:35 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 11:35 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 11:35 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 11:35 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 11:35 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 11:35 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 11:35 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 11:35 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 11:35 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 11:35 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 11:35 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 11:35 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 11:35 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 11:35 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 11:35 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 11:35 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 11:35 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 11:35 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 11:35 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 11:35 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 11:35 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 11:35 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 11:35 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 11:35 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 11:35 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 11:35 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 11:35 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 11:35 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 11:35 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 11:35 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 11:35 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 11:35 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 11:35 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 11:35 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 11:35 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 11:35 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 11:35 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 11:35 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 11:35 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 11:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 11:34 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 11:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 11:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 11:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 11:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 11:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 11:34 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 11:34 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 11:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 11:34 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 11:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 11:34 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 11:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 11:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 11:34 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 11:34 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 11:34 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 11:34 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 11:34 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 11:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 11:34 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 11:34 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 11:34 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 11:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 11:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 11:34 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 11:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 11:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 11:34 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-05 19:29 - 2015-06-05 19:30 - 61320528 _____ (Ubisoft) C:\Users\Naomi\Downloads\UplayInstaller.exe
2015-06-03 20:33 - 2015-06-03 20:33 - 00000000 ____D C:\Users\Naomi\AppData\Local\GWX
2015-05-28 22:10 - 2015-05-28 22:10 - 00000000 ____D C:\Users\Naomi\AppData\Local\Chromium
2015-05-28 22:06 - 2015-05-28 22:06 - 16242632 _____ (Rockstar Games) C:\Users\Naomi\Downloads\Social Club v1.1.0.1 Setup.exe
2015-05-28 21:57 - 2015-05-28 21:58 - 00000000 ____D C:\Users\Naomi\Documents\Rockstar Games
2015-05-28 21:57 - 2015-05-28 21:57 - 00000000 ____D C:\ProgramData\RELOADED
2015-05-28 21:55 - 2015-05-28 21:55 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\L.A.Noire
2015-05-28 21:55 - 2015-05-28 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-05-28 21:55 - 2015-05-28 21:55 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-05-28 21:00 - 2015-05-28 21:00 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-05-28 17:48 - 2015-05-28 17:48 - 02060664 _____ C:\Users\Naomi\Downloads\winrar-x64-521d.exe
2015-05-28 17:48 - 2015-05-28 17:48 - 00000000 ____D C:\Program Files\WinRAR
2015-05-28 17:30 - 2015-05-28 20:13 - 00000000 ____D C:\Users\Naomi\Downloads\L.A. Noire [R.G. Mechanics]
2015-05-28 17:26 - 2015-05-28 17:27 - 01998432 _____ (BitTorrent Inc.) C:\Users\Naomi\Downloads\uTorrent.exe
2015-05-28 17:22 - 2015-05-28 17:22 - 04001621 _____ (EZB Systems, Inc. ) C:\Users\Naomi\Downloads\uiso9_pe.exe
2015-05-28 17:17 - 2015-05-28 17:34 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\DMCache
2015-05-28 17:17 - 2015-05-28 17:17 - 00000000 ____D C:\Users\Naomi\Downloads\Video
2015-05-28 17:17 - 2015-05-28 17:17 - 00000000 ____D C:\Users\Naomi\Downloads\Compressed
2015-05-28 17:17 - 2015-05-28 17:17 - 00000000 ____D C:\ProgramData\IDM
2015-05-28 17:11 - 2015-05-28 17:12 - 06309520 _____ (Tonec Inc.) C:\Users\Naomi\Downloads\idman621build8.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-26 10:08 - 2015-04-03 15:42 - 01668392 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-26 10:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-26 09:12 - 2015-03-28 13:09 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2821126440-816702598-971368894-1001
2015-06-26 08:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-26 08:22 - 2015-04-06 14:09 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8399745-9C2F-4951-9121-6F841BBF9BBF}
2015-06-24 21:13 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-24 21:13 - 2014-11-21 04:45 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-24 21:13 - 2014-11-21 04:45 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-24 20:20 - 2015-04-12 18:31 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\PhotoScape
2015-06-24 20:20 - 2015-03-28 13:14 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-24 20:09 - 2015-05-07 12:56 - 00000000 ___RD C:\Users\Naomi\Dropbox
2015-06-24 20:09 - 2015-05-07 07:14 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Dropbox
2015-06-24 20:09 - 2015-04-02 13:30 - 00000000 ____D C:\Users\Naomi\OneDrive
2015-06-24 20:09 - 2015-04-01 10:26 - 00000000 ____D C:\ProgramData\Origin
2015-06-24 20:06 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-24 19:19 - 2015-03-28 13:18 - 00793600 ___SH C:\Users\Naomi\Downloads\Thumbs.db
2015-06-24 18:25 - 2015-04-02 12:51 - 00000000 ____D C:\Users\Naomi
2015-06-24 17:41 - 2015-03-28 13:25 - 00002293 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-24 12:07 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-24 11:50 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-22 12:41 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-22 10:53 - 2013-08-22 16:44 - 00403632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-22 10:48 - 2015-03-28 13:36 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-22 10:48 - 2015-03-28 13:35 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-20 05:02 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 21:59 - 2015-04-06 20:00 - 00979968 ___SH C:\Users\Naomi\Desktop\Thumbs.db
2015-06-17 20:30 - 2015-04-01 17:19 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-06-17 20:30 - 2015-04-01 13:11 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-06-17 19:30 - 2015-04-01 20:15 - 00001373 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2015-06-17 19:30 - 2015-04-01 13:11 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-06-16 21:51 - 2013-01-29 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-12 10:32 - 2015-04-01 13:11 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-12 08:40 - 2015-04-01 10:27 - 00000000 ____D C:\Users\Naomi\AppData\Local\Ubisoft Game Launcher
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieUserList
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieSiteList
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieBrowserModeList
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 15:21 - 2015-04-06 18:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 15:21 - 2014-11-21 12:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 15:21 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 15:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 11:52 - 2015-03-30 12:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 11:48 - 2015-03-30 12:00 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-05 08:04 - 2015-04-01 10:35 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Origin
2015-06-05 08:03 - 2015-04-01 19:11 - 00000000 ____D C:\Program Files (x86)\Origin
2015-05-28 17:48 - 2015-04-17 10:08 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-28 17:48 - 2015-04-17 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
==================== Files in the root of some directories =======
2015-06-16 13:53 - 2015-06-16 13:53 - 0364032 _____ () C:\Users\Naomi\AppData\Local\WikiUpdate.exe
2015-04-06 17:52 - 2015-04-06 17:52 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Naomi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdfxeft.dll
C:\Users\Naomi\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Naomi\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Naomi\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-19 20:23
==================== End of log ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Naomi at 2015-06-26 10:25:11
Running from C:\Users\Naomi\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2821126440-816702598-971368894-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-2821126440-816702598-971368894-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2821126440-816702598-971368894-1010 - Limited - Enabled)
Naomi (S-1-5-21-2821126440-816702598-971368894-1001 - Administrator - Enabled) => C:\Users\Naomi
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{95EF3DDB-27C8-CDA9-9E72-5EC3F02C1B02}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Standard Edition 5.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 11 v.11.1.5 (HKLM-x32\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.1.5 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version: - )
Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version: - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.8.61.1020 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft)
Fotor 2.0.2 (HKLM-x32\...\Fotor) (Version: 2.0.2 - Everimaging Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
L.A.Noire (HKLM-x32\...\L.A.Noire_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{B099E941-4789-46A1-9B14-01CFD04E03B3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{302642B7-320C-42AD-893E-52A233CF014A}) (Version: 6.1.4.0 - Husdawg, LLC)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.21-A - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 7.1 - Ubisoft)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
==================== Restore Points =========================
10-06-2015 11:38:02 Windows Update
12-06-2015 10:31:05 DirectX wurde installiert
14-06-2015 12:38:44 DirectX wurde installiert
15-06-2015 14:42:19 DirectX wurde installiert
16-06-2015 21:46:53 Microsoft Office Word Viewer 2003 wird installiert
22-06-2015 10:45:34 avast! antivirus system restore point
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07FE524D-4E20-43AC-9175-EEAAFE4F1ABC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {10B4BD5E-CFF2-4276-A0B7-6451933E22F0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {22AFD037-9652-4CF6-8FEC-2545C2A14D82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {39F6AF9A-07F7-43CA-B480-F44AA8969A97} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {3CEAAD02-B2D0-4A3A-BE51-6AA0436EC7DD} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {3D74ACCB-DE24-4641-B88F-1BEB3C757E03} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
Task: {53E6ED92-E957-490C-849C-ADA79F0206C3} - System32\Tasks\{990B77C5-3142-4060-8C61-C71DA91C1280} => pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe"
Task: {630EEDB3-CF2F-4B78-B074-320EB96CB688} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {65D69A3C-F11B-40A1-8B0A-A73673936AFA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {79CFC67B-2925-4622-86E1-3A5471BEF584} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH)
Task: {8792DDB6-B25F-4328-AD6A-583D4325ECE3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {8ABFF965-269D-4D4B-A128-9C72715CC168} - System32\Tasks\{EABA3504-5329-41DA-8119-CB071F87A63E} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {99FFB420-2C8E-487A-8187-99D89DD87D33} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {9A5C3439-6394-424B-801A-1BF9944EEDF9} - System32\Tasks\Opera scheduled Autoupdate 1434972161 => C:\Program Files (x86)\Opera\launcher.exe
Task: {BFE2A253-4458-451B-8E6B-53D354A181C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {C55A608D-CF9E-4346-9EAA-1A1DDB20870C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {C7D66FDF-E4A9-426C-8D9F-19A4FA966A6F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-22] (Avast Software s.r.o.)
Task: {E0CB1D33-C4DA-4359-9158-576BA6125673} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF244CE5-F42A-478A-8A80-41FA2461C322} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F22F68BB-CA8B-4474-912D-9676854E947F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {F663A10B-EC01-4F49-9C1E-478854A68F93} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {FD0FFE8D-715A-46B8-9084-F98427D02F75} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core.job => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA.job => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (Whitelisted) ==============
2011-10-13 22:38 - 2011-10-13 22:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-22 13:37 - 2015-06-16 08:50 - 00281088 ___SH () C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
2015-04-01 13:11 - 2015-06-12 10:32 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-16 13:53 - 2015-06-16 13:53 - 00364032 _____ () C:\Users\Naomi\AppData\Local\WikiUpdate.exe
2012-11-01 00:15 - 2012-11-01 00:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-05-11 10:27 - 2015-05-11 10:27 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2015-05-11 10:28 - 2015-05-11 10:28 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2015-05-11 10:27 - 2015-05-11 10:27 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2015-06-22 10:48 - 2015-06-22 10:48 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-22 10:48 - 2015-06-22 10:48 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-24 11:38 - 2015-06-24 11:38 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062401\algo.dll
2015-06-25 20:33 - 2015-06-25 20:33 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062501\algo.dll
2015-06-24 20:08 - 2015-06-24 20:08 - 00043008 _____ () c:\users\naomi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdfxeft.dll
2015-05-07 07:16 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Naomi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-05-07 07:16 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Naomi\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-05-07 07:16 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Naomi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-05-07 07:16 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Naomi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-06-22 11:02 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Naomi\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-06-22 11:02 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Naomi\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-22 11:02 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Naomi\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-03-28 13:35 - 2015-03-28 13:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-07 11:55 - 2012-05-07 11:55 - 00178104 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll
2013-04-03 21:24 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-06-10 12:09 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 12:09 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-10 12:09 - 2015-06-05 20:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Naomi\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Naomi\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\Naomi\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Naomi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hintergrundbild der windows-fotoanzeige.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{80A4A0ED-E1F7-4FC4-B59B-984C9AA57F51}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [TCP Query User{36D70838-3006-4400-BEC5-C898AA9D3AC7}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{107CF001-8933-4E47-83A3-1DC42247B5F5}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{339D5565-612C-44E9-84D5-AE5BC626FF85}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{CE20560B-A0C8-4F6E-9F35-5108075EA332}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{8C28EB15-F5C3-474F-A63E-71E214FC024F}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{3F59CB0C-3D65-4374-A410-1E15FFA0D065}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{4B0E606E-2C0D-48C6-9959-B6BCB0234EC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0D7CCE3F-66A8-473C-B1D6-E83EC33C0E39}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D3B8CF29-37E1-4D6A-B064-23F110655A4E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C8DABE6D-7653-4DE2-8BE8-B3DC4C894AB5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7CBCAAC9-D5D7-4225-82D6-6DFA6A2B53CE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7BFB93AB-269A-4AF0-B5B9-66823BE482B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2591A3B5-24CB-460E-A6C8-3CA1AEAB4A7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CE1CD6CF-81CA-4A71-8637-00C1C1433577}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{84C42943-AFFF-4E90-9DB5-92B7CCF74E3C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{73318B95-F320-4C04-8AA8-77A924187945}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{38A09E30-9992-48E3-9D3C-0B4823C81CF1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B8AA07B2-2CBC-467B-A497-39A431F4C47F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0761410D-9026-4420-921B-A63355D8FE85}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{77B6848B-26AF-457B-BD7C-24FF418313EC}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{45D8A849-B6A5-491E-8B59-D6723D2E1B3E}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{64C37BD1-0102-4D99-9F9C-33CDE6670B8A}] => (Allow) C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{91D65D95-3811-4D96-9D6F-E71925BB4B3D}] => (Allow) C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9F44720-A60E-4517-83C2-7B49B711C292}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9857E3D7-9F09-4AF8-A23A-D92E800D046A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF8DAA2D-C453-426E-B9F8-B54F03C7DA08}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1256486F-5B9F-48FB-A648-AED6A0637B64}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A376655-F8CC-444A-AE97-0DD763FC222E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{6943EE32-ED52-4BF4-9834-5304CFB94F92}C:\users\naomi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\naomi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{ADCD6427-91AB-4EB2-9D8B-48A8407D819A}C:\users\naomi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\naomi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B2F0D24A-33B6-46DF-85F8-74C2CC773743}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{04D01FD4-CFC9-4035-ADEA-D11BDF538B12}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6379D532-ED24-4675-9753-69EACFEF0618}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{466D205A-1DC0-414D-9598-F5EF7B80E371}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2B855785-F123-47B5-9F4D-51B220E2CAA0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{65613329-5B33-4735-ABF0-35B688EC8B8C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{C1F025FA-1AC4-43E0-987F-8FC4C0BB5CE1}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{859D7E25-0000-4AD1-975E-030053852A02}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{51E760ED-71EE-4A31-9217-C2830EF4FEF4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/26/2015 08:41:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17840, Zeitstempel: 0x555fe1bb
Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.511, Zeitstempel: 0x521255a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000708a7
ID des fehlerhaften Prozesses: 0xbb8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (06/24/2015 08:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TPCHSrv.exe, Version: 1.0.0.18, Zeitstempel: 0x50124a31
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0f20
ID des fehlerhaften Prozesses: 0x1054
Startzeit der fehlerhaften Anwendung: 0xTPCHSrv.exe0
Pfad der fehlerhaften Anwendung: TPCHSrv.exe1
Pfad des fehlerhaften Moduls: TPCHSrv.exe2
Berichtskennung: TPCHSrv.exe3
Vollständiger Name des fehlerhaften Pakets: TPCHSrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TPCHSrv.exe5
Error: (06/24/2015 06:41:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b74
Startzeit: 01d0ae9bddb045ed
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: d2acf6c9-1a8f-11e5-be8d-2cd05accbc66
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/24/2015 06:21:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Izgingnessorbidies.exe, Version: 0.0.0.0, Zeitstempel: 0x557fc735
Name des fehlerhaften Moduls: Qt5Network.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009d4f2
ID des fehlerhaften Prozesses: 0x21e8
Startzeit der fehlerhaften Anwendung: 0xIzgingnessorbidies.exe0
Pfad der fehlerhaften Anwendung: Izgingnessorbidies.exe1
Pfad des fehlerhaften Moduls: Izgingnessorbidies.exe2
Berichtskennung: Izgingnessorbidies.exe3
Vollständiger Name des fehlerhaften Pakets: Izgingnessorbidies.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Izgingnessorbidies.exe5
Error: (06/24/2015 11:54:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TPCHSrv.exe, Version: 1.0.0.18, Zeitstempel: 0x50124a31
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0f20
ID des fehlerhaften Prozesses: 0x1a98
Startzeit der fehlerhaften Anwendung: 0xTPCHSrv.exe0
Pfad der fehlerhaften Anwendung: TPCHSrv.exe1
Pfad des fehlerhaften Moduls: TPCHSrv.exe2
Berichtskennung: TPCHSrv.exe3
Vollständiger Name des fehlerhaften Pakets: TPCHSrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TPCHSrv.exe5
Error: (06/24/2015 11:52:11 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4436) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (06/24/2015 11:47:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TPCHSrv.exe, Version: 1.0.0.18, Zeitstempel: 0x50124a31
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0f20
ID des fehlerhaften Prozesses: 0x197c
Startzeit der fehlerhaften Anwendung: 0xTPCHSrv.exe0
Pfad der fehlerhaften Anwendung: TPCHSrv.exe1
Pfad des fehlerhaften Moduls: TPCHSrv.exe2
Berichtskennung: TPCHSrv.exe3
Vollständiger Name des fehlerhaften Pakets: TPCHSrv.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TPCHSrv.exe5
Error: (06/24/2015 11:38:38 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf dem Schattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Die Routine hat E_INVALIDARG zurückgegeben.
Routinedetails GetSnapshot({00000000-0000-0000-0000-000000000000},000000E4ED9F7E60).
Vorgang:
Eigenschaften der Schattenkopie abrufen
Kontext:
Ausführungskontext: Coordinator
Error: (06/24/2015 11:36:39 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf dem Schattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Die Routine hat E_INVALIDARG zurückgegeben.
Routinedetails GetSnapshot({00000000-0000-0000-0000-000000000000},000000E4ED9F7B40).
Vorgang:
Eigenschaften der Schattenkopie abrufen
Kontext:
Ausführungskontext: Coordinator
Error: (06/23/2015 11:38:53 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf dem Schattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Die Routine hat E_INVALIDARG zurückgegeben.
Routinedetails GetSnapshot({00000000-0000-0000-0000-000000000000},000000E4ED9F7FA0).
Vorgang:
Eigenschaften der Schattenkopie abrufen
Kontext:
Ausführungskontext: Coordinator
System errors:
=============
Error: (06/24/2015 08:29:01 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (06/24/2015 08:11:42 PM) (Source: DCOM) (EventID: 10010) (User: DÖRTE)
Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}
Error: (06/24/2015 08:09:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TPCH Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/24/2015 08:08:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/24/2015 08:04:15 PM) (Source: DCOM) (EventID: 10010) (User: DÖRTE)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (06/24/2015 06:24:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WikiBrowserUpdateService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/24/2015 11:56:57 AM) (Source: DCOM) (EventID: 10010) (User: DÖRTE)
Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}
Error: (06/24/2015 11:54:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TPCH Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/24/2015 11:53:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/24/2015 11:49:45 AM) (Source: DCOM) (EventID: 10010) (User: DÖRTE)
Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}
Microsoft Office:
=========================
Error: (06/26/2015 08:41:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbatidxx32.dll8.17.10.511521255a9c0000005000708a7bb801d0afd9c4b780c8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\atidxx32.dll6e283f16-1bce-11e5-be8e-2cd05accbc66
Error: (06/24/2015 08:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f20105401d0aea8f133b873C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll304cdf71-1a9c-11e5-be8e-2cd05accbc66
Error: (06/24/2015 06:41:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856b7401d0ae9bddb045ed4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exed2acf6c9-1a8f-11e5-be8d-2cd05accbc66microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/24/2015 06:21:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Izgingnessorbidies.exe0.0.0.0557fc735Qt5Network.dll6.3.9600.17736550f42c2c00001350009d4f221e801d0ae99c40548baC:\Users\Naomi\Downloads\Izgingnessorbidies.exeQt5Network.dll03274271-1a8d-11e5-be8d-2cd05accbc66
Error: (06/24/2015 11:54:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f201a9801d0ae63d3d9d47aC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll12d43133-1a57-11e5-be8d-2cd05accbc66
Error: (06/24/2015 11:52:11 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail4436WindowsMail0:
Error: (06/24/2015 11:47:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f20197c01d0ae62d26b13bdC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll1148d110-1a56-11e5-be8c-2cd05accbc66
Error: (06/24/2015 11:38:38 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000E4ED9F7E60)
Vorgang:
Eigenschaften der Schattenkopie abrufen
Kontext:
Ausführungskontext: Coordinator
Error: (06/24/2015 11:36:39 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000E4ED9F7B40)
Vorgang:
Eigenschaften der Schattenkopie abrufen
Kontext:
Ausführungskontext: Coordinator
Error: (06/23/2015 11:38:53 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000E4ED9F7FA0)
Vorgang:
Eigenschaften der Schattenkopie abrufen
Kontext:
Ausführungskontext: Coordinator
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 67%
Total physical RAM: 4047.22 MB
Available physical RAM: 1304.98 MB
Total Pagefile: 5007.22 MB
Available Pagefile: 1346.59 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (TI31051200A) (Fixed) (Total:686.62 GB) (Free:500.96 GB) NTFS
Drive h: () (Removable) (Total:3.68 GB) (Free:0.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
27.06.2015, 08:09
| #4 |
| /// the machine /// TB-Ausbilder | Google Chrome öffnet neuerdings Fenster mit Werbung Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2015, 11:37
| #5 |
| | Google Chrome öffnet neuerdings Fenster mit Werbung Danke für die Hilfe. Habe alles befolgt, aber die Fenster tauchen immer noch auf, jetzt hat auch mein Avast eine Meldung angezeigt, die vorher schon immer kam, füge sie hier mit ein. hxxp://clickater.com/view/oo4E2KZn0sULph9Lj2WcX6cKw2tr8WTmC5gO6phrM6Nhos?c=3684&pid=13&tid=15274807661435401278 Infektion: URL:Mal C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.06.2015 Suchlauf-Zeit: 09:18:38 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.26.08 Rootkit Datenbank: v2015.06.26.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Naomi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 423935 Verstrichene Zeit: 27 Min, 49 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.WikiBrowser.A, C:\Users\Naomi\AppData\Local\WikiUpdate.exe, 2264, Löschen bei Neustart, [ce828d32771383b308a3a2f4996c936d] Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 1 PUP.Optional.WikiBrowser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WikiBrowserUpdateService, In Quarantäne, [ce828d32771383b308a3a2f4996c936d], Registrierungswerte: 1 PUM.Bad.Proxy, HKU\S-1-5-21-2821126440-816702598-971368894-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9880, In Quarantäne, [c28e417ea4e60432069ef5261aeab24e] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 1 PUP.Optional.WikiBrowser.A, C:\Users\Naomi\AppData\Local\WikiBrowser, In Quarantäne, [3e12cef14545989ed711fbfab74c42be], Dateien: 8 Adware.ConvertAd, C:\Users\Naomi\AppData\Local\Temp\nse20E.tmp, In Quarantäne, [064a9d2298f250e65b4376f718eb837d], PUP.Optional.PricePeep.A, C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, In Quarantäne, [d47ccaf5187221159997e5135ca704fc], PUP.Optional.PricePeep.A, C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, In Quarantäne, [f25e675806841026e14f3cbc21e2ec14], PUP.Optional.ShoppingGate.A, C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Löschen bei Neustart, [a5abdbe4c0ca57df894e71bf19eb669a], PUP.Optional.ShoppingGate.A, C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Löschen bei Neustart, [1c34249b34560f2728afc26ee51f26da], PUP.Optional.ReMarkable.A, C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Löschen bei Neustart, [8fc16758f298f93d62d1563317eedf21], PUP.Optional.ReMarkable.A, C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Löschen bei Neustart, [bb95c0fff1999b9be64df89120e541bf], PUP.Optional.WikiBrowser.A, C:\Users\Naomi\AppData\Local\WikiUpdate.exe, Löschen bei Neustart, [ce828d32771383b308a3a2f4996c936d], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v3.001 - Report created 27/08/2013 at 13:09:03
# Updated 24/08/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Naomi - DÖRTE
# Running from : C:\Users\Naomi\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : omigaplussvc
Service Deleted : winzipersvc
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\Omiga Plus
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Users\Naomi\AppData\Roaming\WinZipper
File Deleted : C:\windows\System32\Tasks\BrowserDefendert
File Deleted : C:\windows\System32\Tasks\EPUpdater
File Deleted : C:\windows\System32\Tasks\Omiga Plus RunAsStdUser
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Shortcut Disinfected : C:\Users\Naomi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Naomi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Naomi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Naomi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
***** [ Registry ] *****
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [Lyrics@LyricsContainer.co]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\omigaplusSvc
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v29.0.1547.57
[ File : C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4963 octets] - [27/08/2013 13:08:40]
AdwCleaner[S0].txt - [3446 octets] - [27/08/2013 13:09:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3506 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.207 - Bericht erstellt 27/06/2015 um 09:59:01
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Naomi - DÖRTE
# Gestarted von : C:\Users\Naomi\Downloads\AdwCleaner_4.207.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\148e9d54000038a6
Ordner Gelöscht : C:\ProgramData\f7b1ef2e00003c7e
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Naomi\SupTab
Datei Gelöscht : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\WINDOWS\Reimage.ini
Datei Gelöscht : C:\Users\Administrator\Favorites\eBay.lnk
Datei Gelöscht : C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
Datei Gelöscht : C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\34ba1e1f-c7d9-5840-9d16-87f19f1a56b6
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:9880
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Google Chrome v43.0.2357.124
[C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.softonic.com/s/{searchTerms}
[C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=MBE063967-BD7F-4CF9-AF14-F95133C4E591&SearchSource=55&CUI=&UM=8&UP=SPF5A19687-C3F7-42C9-941E-1BC7D361ADCE&D=062415&SSPV=SP22350TA_sp_ch
-\\ Chromium v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [10339 Bytes] - [27/08/2013 13:08:40]
AdwCleaner[S0].txt - [8488 Bytes] - [27/08/2013 13:09:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8547 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.8 (06.27.2015:1)
OS: Windows 8.1 x64
Ran by Naomi on 27.06.2015 at 10:10:23,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\Naomi\appdata\local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Successfully deleted: [File] C:\Users\Naomi\appdata\local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\Naomi\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\Naomi\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Naomi\appdata\local\google\chrome\user data\default\local storage\hxxps_inst.shoppingate.info_0.localstorage
Successfully deleted: [File] C:\Users\Naomi\appdata\local\google\chrome\user data\default\local storage\hxxps_inst.shoppingate.info_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Users\Naomi\appdata\local\crashrpt
Successfully deleted: [Folder] C:\ProgramData\10130257668749325411
~~~ Chrome
[C:\Users\Naomi\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Naomi\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Naomi\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Naomi\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.06.2015 at 10:12:20,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Naomi (administrator) on DÖRTE on 27-06-2015 12:34:05
Running from C:\Users\Naomi\Downloads
Loaded Profiles: Naomi (Available Profiles: Naomi & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
() C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-11-01] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Denzi] => C:\Program Files (x86)\Denzi\Launcher.bat --wait
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-05] (Electronic Arts)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [Dropbox Update] => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\MountPoints2: {235c5be7-f406-11e4-be83-2cd05accbc66} - "F:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-05-01]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-22] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-2821126440-816702598-971368894-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2821126440-816702598-971368894-1001] => http=127.0.0.1:9881
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2821126440-816702598-971368894-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2821126440-816702598-971368894-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-28] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-28] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-28]
Chrome:
=======
CHR Profile: C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-27]
CHR Extension: (Google Docs) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-27]
CHR Extension: (Google Drive) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-27]
CHR Extension: (YouTube) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-27]
CHR Extension: (Adblock Plus) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-27]
CHR Extension: (Google Search) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-27]
CHR Extension: (Avast SafePrice) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-27]
CHR Extension: (Google Sheets) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-27]
CHR Extension: (Avast Online Security) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Google Wallet) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-27]
CHR Extension: (Gmail) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-27]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-22] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-04-01] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Izgingnessorbidies; C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe [281088 2015-06-16] () [File not signed] <==== ATTENTION
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-05] (Electronic Arts)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-06-12] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-02] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-12-18] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-22] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-02] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-27 12:28 - 2015-06-27 12:28 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-27 12:28 - 2015-06-27 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-27 12:27 - 2015-06-27 12:32 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 12:27 - 2015-06-27 12:32 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-27 12:27 - 2015-06-27 12:27 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-27 12:27 - 2015-06-27 12:27 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-27 12:27 - 2015-06-27 12:27 - 00000000 ____D C:\Users\Naomi\Downloads\Google-Chrome
2015-06-27 10:12 - 2015-06-27 10:12 - 00002128 _____ C:\Users\Naomi\Desktop\JRT.txt
2015-06-27 10:10 - 2015-06-27 10:10 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DÖRTE-Windows-8.1-(64-bit).dat
2015-06-27 10:10 - 2015-06-27 10:10 - 00000000 ____D C:\RegBackup
2015-06-27 10:09 - 2015-06-27 10:09 - 02950693 _____ (Malwarebytes Corporation) C:\Users\Naomi\Downloads\JRT.exe
2015-06-27 10:09 - 2015-06-27 10:09 - 02949433 _____ (Malwarebytes Corporation) C:\Users\Naomi\Downloads\trz4927.tmp
2015-06-27 09:57 - 2015-06-27 09:57 - 02244096 _____ C:\Users\Naomi\Downloads\AdwCleaner_4.207.exe
2015-06-27 09:56 - 2015-06-27 09:56 - 00003171 _____ C:\Users\Naomi\Desktop\mbam.txt
2015-06-27 09:50 - 2015-06-27 10:00 - 00004036 _____ C:\WINDOWS\PFRO.log
2015-06-27 09:50 - 2015-06-27 10:00 - 00000154 _____ C:\WINDOWS\setupact.log
2015-06-27 09:50 - 2015-06-27 09:50 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-27 09:12 - 2015-06-27 09:12 - 00001291 _____ C:\Users\Naomi\Desktop\Revo Uninstaller.lnk
2015-06-27 09:12 - 2015-06-27 09:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-27 09:11 - 2015-06-27 09:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Naomi\Downloads\revosetup95.exe
2015-06-26 10:25 - 2015-06-26 10:26 - 00043883 _____ C:\Users\Naomi\Downloads\Addition.txt
2015-06-26 10:23 - 2015-06-27 12:34 - 00018663 _____ C:\Users\Naomi\Downloads\FRST.txt
2015-06-26 10:23 - 2015-06-27 12:34 - 00000000 ____D C:\FRST
2015-06-26 10:23 - 2015-06-26 10:23 - 02112512 _____ (Farbar) C:\Users\Naomi\Downloads\FRST64.exe
2015-06-25 08:15 - 2015-06-25 08:15 - 00003202 _____ C:\WINDOWS\System32\Tasks\avastBCLRestart_chrome.exe
2015-06-24 20:28 - 2015-06-22 16:34 - 111524886 _____ C:\Users\Naomi\Desktop\20150622_163315.mp4
2015-06-24 19:17 - 2015-06-27 10:15 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-24 19:17 - 2015-06-24 19:17 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-24 19:17 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-24 19:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-24 19:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-24 19:15 - 2015-06-24 19:16 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Naomi\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-06-24 18:25 - 2015-06-24 18:25 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Enigma Software Group
2015-06-24 18:24 - 2015-06-24 18:24 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Naomi\Downloads\sh-remover.exe
2015-06-24 18:24 - 2015-06-24 18:24 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Naomi\Downloads\sh-remover (1).exe
2015-06-24 11:52 - 2015-06-24 11:52 - 00001461 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-22 13:37 - 2015-06-22 13:37 - 00000000 __SHD C:\Program Files (x86)\Izgingnessorbidies
2015-06-22 13:23 - 2015-06-22 13:23 - 00001879 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Opera Software
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\Users\Naomi\AppData\Local\Opera Software
2015-06-22 13:22 - 2015-06-22 13:22 - 00003836 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1434972161
2015-06-22 13:22 - 2015-06-22 13:22 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk.1434973094.old
2015-06-22 13:18 - 2015-06-22 13:19 - 02975799 _____ (hxxp://www.streamtransport.com/ ) C:\Users\Naomi\Downloads\streamtransportsetup_25412.exe
2015-06-22 13:05 - 2015-06-22 13:05 - 00000046 _____ C:\WINDOWS\SysWOW64\DonationCoder_urlsnooper_InstallInfo.dat
2015-06-22 13:05 - 2015-06-22 13:05 - 00000000 ____D C:\Users\Naomi\Documents\DonationCoder
2015-06-22 13:05 - 2015-06-22 13:05 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\DonationCoder
2015-06-22 12:54 - 2015-06-22 12:54 - 01198368 _____ C:\Users\Naomi\Downloads\URL Snooper - CHIP-Installer.exe
2015-06-22 12:42 - 2015-06-22 12:42 - 00000000 ____D C:\Users\Naomi\Documents\StreamTransport
2015-06-22 11:02 - 2015-06-22 11:02 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-22 11:00 - 2015-06-27 12:05 - 00001236 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA.job
2015-06-22 11:00 - 2015-06-27 11:05 - 00001184 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core.job
2015-06-22 11:00 - 2015-06-22 11:00 - 00004182 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA
2015-06-22 11:00 - 2015-06-22 11:00 - 00003802 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core
2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\Users\Naomi\AppData\Local\Dropbox
2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-22 10:48 - 2015-06-22 10:48 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-22 10:48 - 2015-06-22 10:48 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-22 10:44 - 2015-06-22 10:44 - 17805707 _____ C:\Users\Naomi\Downloads\streamtransport_1.1.6.2.zip
2015-06-22 10:43 - 2015-06-22 10:43 - 01198368 _____ C:\Users\Naomi\Downloads\StreamTransport - CHIP-Installer (1).exe
2015-06-22 10:40 - 2015-06-22 10:41 - 01198368 ____N C:\Users\Naomi\Downloads\StreamTransport - CHIP-Installer.exe
2015-06-16 22:17 - 2015-06-16 22:17 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\LibreOffice
2015-06-16 22:16 - 2015-06-16 22:16 - 00001484 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-06-16 22:16 - 2015-06-16 22:16 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-06-16 22:14 - 2015-06-16 22:16 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-06-16 22:12 - 2015-06-16 22:11 - 01197344 _____ C:\Users\Naomi\Downloads\trzDBE6.tmp
2015-06-16 22:09 - 2015-06-16 22:14 - 00000000 ____D C:\Users\Naomi\Documents\SoftMaker
2015-06-16 22:08 - 2015-06-16 22:09 - 61687304 _____ (SoftMaker Software GmbH) C:\Users\Naomi\Downloads\freeofficewindows.exe
2015-06-16 22:01 - 2015-06-16 22:01 - 01377255 _____ (Denzi) C:\Users\Naomi\Downloads\Denzi_setup.exe
2015-06-16 21:49 - 2015-06-16 21:50 - 39074536 _____ (Microsoft Corporation) C:\Users\Naomi\Downloads\FileFormatConverters.exe
2015-06-16 21:47 - 2015-06-16 21:47 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2015-06-16 21:46 - 2015-06-16 21:50 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-06-16 21:45 - 2015-06-16 21:45 - 01197344 _____ C:\Users\Naomi\Downloads\Word Viewer - CHIP-Installer (1).exe
2015-06-12 08:40 - 2015-06-12 08:40 - 00000232 _____ C:\Users\Naomi\Desktop\Far Cry 3.url
2015-06-12 08:40 - 2015-06-12 08:40 - 00000232 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Far Cry 3.url
2015-06-12 08:38 - 2015-06-12 08:38 - 00001228 _____ C:\Users\Naomi\Desktop\Uplay.lnk
2015-06-12 08:38 - 2015-06-12 08:38 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-06-12 08:37 - 2015-06-12 08:38 - 61778376 _____ (Ubisoft) C:\Users\Naomi\Downloads\UplayInstaller (1).exe
2015-06-10 23:58 - 2015-06-10 23:58 - 00000814 _____ C:\Users\Naomi\Downloads\Originals.lnk
2015-06-10 23:07 - 2015-06-10 23:07 - 01941744 _____ C:\Users\Naomi\Downloads\winrar-x64-521.exe
2015-06-10 23:05 - 2015-06-10 23:05 - 02058768 _____ C:\Users\Naomi\Downloads\winrar-x64-521d (1).exe
2015-06-10 22:39 - 2015-06-10 22:39 - 01197344 _____ C:\Users\Naomi\Downloads\Everest Ultimate Edition - CHIP-Installer.exe
2015-06-10 22:38 - 2015-06-10 22:40 - 209818191 _____ C:\Users\Naomi\Downloads\0005-Win7_Win8_Win81_Win10_R278.zip
2015-06-10 22:34 - 2015-06-10 22:34 - 35084080 _____ C:\Users\Naomi\Downloads\PROWinx64.exe
2015-06-10 22:32 - 2015-06-10 22:32 - 25883081 _____ C:\Users\Naomi\Downloads\E50E.tmp
2015-06-10 21:03 - 2015-06-10 21:05 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-06-10 21:03 - 2015-06-10 21:03 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-06-10 21:03 - 2015-06-10 21:03 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Canneverbe Limited
2015-06-10 21:03 - 2015-06-10 21:03 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-06-10 21:02 - 2015-06-10 21:02 - 05419688 _____ (Canneverbe Limited ) C:\Users\Naomi\Downloads\cdbxp_setup_4.5.5.5642_minimal.exe
2015-06-10 21:02 - 2015-06-10 21:02 - 05419688 _____ (Canneverbe Limited ) C:\Users\Naomi\Downloads\cdbxp_setup_4.5.5.5642_minimal (1).exe
2015-06-10 20:27 - 2015-06-10 21:01 - 3268147200 _____ C:\Users\Naomi\Downloads\Win_7_Hm_Prem_German_x64.iso
2015-06-10 19:56 - 2015-06-10 19:56 - 2682257408 _____ C:\Users\Naomi\Downloads\windows7-homepremium-sp1-64 [1].exe
2015-06-10 19:28 - 2015-06-10 19:28 - 00771552 _____ (Internet ) C:\Users\Naomi\Downloads\windows7-homepremium-sp1-64.exe
2015-06-10 11:36 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 11:36 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 11:35 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 11:35 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 11:35 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 11:35 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 11:35 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 11:35 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 11:35 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 11:35 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 11:35 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 11:35 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 11:35 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 11:35 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 11:35 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 11:35 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 11:35 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 11:35 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 11:35 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 11:35 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 11:35 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 11:35 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 11:35 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 11:35 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 11:35 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 11:35 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 11:35 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 11:35 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 11:35 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 11:35 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 11:35 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 11:35 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 11:35 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 11:35 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 11:35 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 11:35 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 11:35 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 11:35 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 11:35 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 11:35 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 11:35 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 11:35 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 11:35 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 11:35 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 11:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 11:34 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 11:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 11:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 11:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 11:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 11:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 11:34 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 11:34 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 11:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 11:34 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 11:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 11:34 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 11:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 11:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 11:34 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 11:34 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 11:34 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 11:34 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 11:34 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 11:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 11:34 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 11:34 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 11:34 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 11:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 11:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 11:34 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 11:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 11:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 11:34 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-05 19:29 - 2015-06-05 19:30 - 61320528 _____ (Ubisoft) C:\Users\Naomi\Downloads\UplayInstaller.exe
2015-06-03 20:33 - 2015-06-03 20:33 - 00000000 ____D C:\Users\Naomi\AppData\Local\GWX
2015-05-28 22:10 - 2015-05-28 22:10 - 00000000 ____D C:\Users\Naomi\AppData\Local\Chromium
2015-05-28 22:06 - 2015-05-28 22:06 - 16242632 _____ (Rockstar Games) C:\Users\Naomi\Downloads\Social Club v1.1.0.1 Setup.exe
2015-05-28 21:57 - 2015-05-28 21:58 - 00000000 ____D C:\Users\Naomi\Documents\Rockstar Games
2015-05-28 21:57 - 2015-05-28 21:57 - 00000000 ____D C:\ProgramData\RELOADED
2015-05-28 21:55 - 2015-05-28 21:55 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\L.A.Noire
2015-05-28 21:55 - 2015-05-28 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-05-28 21:55 - 2015-05-28 21:55 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-05-28 21:00 - 2015-05-28 21:00 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-05-28 17:48 - 2015-05-28 17:48 - 02060664 _____ C:\Users\Naomi\Downloads\winrar-x64-521d.exe
2015-05-28 17:48 - 2015-05-28 17:48 - 00000000 ____D C:\Program Files\WinRAR
2015-05-28 17:30 - 2015-05-28 20:13 - 00000000 ____D C:\Users\Naomi\Downloads\L.A. Noire [R.G. Mechanics]
2015-05-28 17:26 - 2015-05-28 17:27 - 01998432 _____ (BitTorrent Inc.) C:\Users\Naomi\Downloads\uTorrent.exe
2015-05-28 17:22 - 2015-05-28 17:22 - 04001621 _____ (EZB Systems, Inc. ) C:\Users\Naomi\Downloads\uiso9_pe.exe
2015-05-28 17:17 - 2015-05-28 17:34 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\DMCache
2015-05-28 17:17 - 2015-05-28 17:17 - 00000000 ____D C:\Users\Naomi\Downloads\Video
2015-05-28 17:17 - 2015-05-28 17:17 - 00000000 ____D C:\Users\Naomi\Downloads\Compressed
2015-05-28 17:17 - 2015-05-28 17:17 - 00000000 ____D C:\ProgramData\IDM
2015-05-28 17:11 - 2015-05-28 17:12 - 06309520 _____ (Tonec Inc.) C:\Users\Naomi\Downloads\idman621build8.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-27 12:34 - 2015-03-28 13:09 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2821126440-816702598-971368894-1001
2015-06-27 12:28 - 2015-03-28 13:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-27 12:28 - 2015-03-28 13:24 - 00000000 ____D C:\Users\Naomi\AppData\Local\Google
2015-06-27 12:05 - 2015-03-28 13:18 - 00793600 ___SH C:\Users\Naomi\Downloads\Thumbs.db
2015-06-27 11:54 - 2015-04-03 15:42 - 01273970 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-27 11:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-27 10:16 - 2015-04-02 13:30 - 00000000 ____D C:\Users\Naomi\OneDrive
2015-06-27 10:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-27 10:10 - 2015-04-01 10:26 - 00000000 ____D C:\ProgramData\Origin
2015-06-27 10:07 - 2015-03-28 13:14 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 10:03 - 2015-05-07 12:56 - 00000000 ___RD C:\Users\Naomi\Dropbox
2015-06-27 10:03 - 2015-05-07 07:14 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Dropbox
2015-06-27 10:00 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-27 09:59 - 2015-04-02 12:51 - 00000000 ____D C:\Users\Naomi
2015-06-27 09:59 - 2013-08-27 12:48 - 00000000 ____D C:\AdwCleaner
2015-06-27 09:59 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-27 09:56 - 2015-03-28 13:35 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-27 09:13 - 2015-04-06 14:09 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8399745-9C2F-4951-9121-6F841BBF9BBF}
2015-06-24 21:13 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-24 21:13 - 2014-11-21 04:45 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-24 21:13 - 2014-11-21 04:45 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-24 20:20 - 2015-04-12 18:31 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\PhotoScape
2015-06-24 12:07 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-22 12:41 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-22 10:53 - 2013-08-22 16:44 - 00403632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-22 10:48 - 2015-03-28 13:36 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-22 10:48 - 2015-03-28 13:35 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-20 05:02 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 21:59 - 2015-04-06 20:00 - 00979968 ___SH C:\Users\Naomi\Desktop\Thumbs.db
2015-06-17 20:30 - 2015-04-01 17:19 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-06-17 20:30 - 2015-04-01 13:11 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-06-17 19:30 - 2015-04-01 20:15 - 00001373 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2015-06-17 19:30 - 2015-04-01 13:11 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-06-16 21:51 - 2013-01-29 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-12 10:32 - 2015-04-01 13:11 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-12 08:40 - 2015-04-01 10:27 - 00000000 ____D C:\Users\Naomi\AppData\Local\Ubisoft Game Launcher
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieUserList
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieSiteList
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieBrowserModeList
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 15:21 - 2015-04-06 18:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 15:21 - 2014-11-21 12:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 15:21 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 15:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 11:52 - 2015-03-30 12:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 11:48 - 2015-03-30 12:00 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-05 08:04 - 2015-04-01 10:35 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Origin
2015-06-05 08:03 - 2015-04-01 19:11 - 00000000 ____D C:\Program Files (x86)\Origin
2015-05-28 17:48 - 2015-04-17 10:08 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-28 17:48 - 2015-04-17 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
==================== Files in the root of some directories =======
2015-04-06 17:52 - 2015-04-06 17:52 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Naomi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpftnqem.dll
C:\Users\Naomi\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Naomi\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Naomi\AppData\Local\Temp\sdan.exe
C:\Users\Naomi\AppData\Local\Temp\sdapk.exe
C:\Users\Naomi\AppData\Local\Temp\sdaspwn.exe
C:\Users\Naomi\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-19 20:23
==================== End of log ============================
|
|
27.06.2015, 18:16
| #6 |
| /// the machine /// TB-Ausbilder | Google Chrome öffnet neuerdings Fenster mit WerbungESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Google Chrome öffnet neuerdings Fenster mit Werbung |
|
27.06.2015, 21:17
| #7 |
| | Google Chrome öffnet neuerdings Fenster mit Werbung Nochmal danke für die Hilfe, aber komischerweise kommen die Werbefenster immer noch  Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6a4b412578ba904db9ccbcedb47ad8a1
# end=init
# utc_time=2015-06-27 05:32:31
# local_time=2015-06-27 07:32:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24533
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6a4b412578ba904db9ccbcedb47ad8a1
# end=updated
# utc_time=2015-06-27 05:34:55
# local_time=2015-06-27 07:34:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6a4b412578ba904db9ccbcedb47ad8a1
# engine=24533
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-27 07:24:05
# local_time=2015-06-27 09:24:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 469887 7894153 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 469100 7459348 0 0
# scanned=224090
# found=27
# cleaned=0
# scan_time=6550
sh=897152B289E07D4178B3A7BA51DDC272FF823275 ft=1 fh=aa51d054f62aa39a vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2821126440-816702598-971368894-1001\$RJ393FL.exe"
sh=42B1B52E708F9A3DC642A6B6C7EE8C00CB44FDB8 ft=1 fh=8c2cc9b4788f10ad vn="Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Omiga Plus\omigaplusSvc.exe.vir"
sh=BC9296CC8D92EA375A8E56822CBED2F359F89ACC ft=1 fh=918333b3d6bbeb88 vn="Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\eUninstall.exe.vir"
sh=BEC6B95D047100118D70D9504479C36A797B9B06 ft=1 fh=e155e3de02881385 vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir"
sh=BEFC0099864AA52ABB0A3B99793A5A1BF525401D ft=1 fh=64b34719c3735e0d vn="Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"
sh=BEEC75E866D4389FEE37B4110C7C7A2F9132069A ft=1 fh=45868de3756f5fdb vn="Variante von Win32/ELEX.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\eSafe\temp_000.exe.vir"
sh=FBF7EDE5181F3CCCCFFC581E0E1AFFD4F1348488 ft=1 fh=c7ed09cf4760c140 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\AppData\Local\Microsoft\Windows\INetCache\IE\PTFY3NW0\Google-Chrome-lnstall.exe"
sh=F29A8D65E7C9D1CFC8F86537C6BA89FA0B5278CE ft=1 fh=7d9b18614934139e vn="Win32/Agent.XBE Trojaner" ac=I fn="C:\Users\Naomi\AppData\Local\Temp\awh74D7.tmp"
sh=C02D8BA7E61DDE0B64E97B4723104C659EC1EBDA ft=1 fh=5a23840bdb1841d1 vn="Variante von Win32/Adware.ConvertAd.TH.gen Anwendung" ac=I fn="C:\Users\Naomi\AppData\Local\Temp\nscCA4F.tmp"
sh=49481A39A243B13139FB67A9971CC60DB001934A ft=1 fh=617f3a9cdc896182 vn="Variante von Win32/Adware.ConvertAd.TG.gen Anwendung" ac=I fn="C:\Users\Naomi\AppData\Local\Temp\nsl7A30.tmp"
sh=2E984E3188B187AB795D9372B6124C756EEB13E1 ft=1 fh=9fd152a0a1e139a7 vn="Variante von Win32/Adware.ConvertAd.TG.gen Anwendung" ac=I fn="C:\Users\Naomi\AppData\Local\Temp\nslC5AC.tmp"
sh=AD4C1CE4BCAB64E4DA98A36F2774D33E4E1574E3 ft=1 fh=438430599380b8ac vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\AppData\Local\Temp\ReimagePackage.exe"
sh=D6E06F3FB7EE0CA6CB8A96E9BB2A8794D18FD6C9 ft=1 fh=c71c001181fdd2ac vn="Variante von Win32/Adware.MultiPlug.IX Anwendung" ac=I fn="C:\Users\Naomi\AppData\Local\Temp\7658\temp\TyHelpTFUO.xyz.exe"
sh=4E5E8B54DDA603D7E83F3EDE2BCDD8064D4EDF22 ft=1 fh=895bb0fee970ac49 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\AppData\Local\Temp\DMR\dmr_72.exe"
sh=824321416BE2BD141725B884A154033F8E5CEA35 ft=1 fh=25c2d3b6e94364f9 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\Everest Ultimate Edition - CHIP-Installer.exe"
sh=E5DD8DAE2E4D3EFD16E8455A2886E5E51E355030 ft=1 fh=2c8ee592e2a82fc3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\Fotor - CHIP-Installer.exe"
sh=A3EE325C25930F2F29F8F97B33701E4598BB44F8 ft=1 fh=a7436e0a268ed33c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\OpenOffice - CHIP-Installer (1).exe"
sh=47A369C8E3C7F7BF5778A4C381BA13B5F87CF71D ft=1 fh=f9dd19a65fbea7a9 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\OpenOffice - CHIP-Installer.exe"
sh=5A66B0260D377983CE6AD6DD0650E0437E429C96 ft=1 fh=c0f0c08597ada56d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\StreamTransport - CHIP-Installer (1).exe"
sh=372BD528CCA7FD999649BF62BF7375B9BDDC572D ft=1 fh=e1ef67ee42517a2a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\StreamTransport - CHIP-Installer.exe"
sh=E18B5242B0C893DF09E34A9E89DE551503F31591 ft=1 fh=5a1a58d6d884f372 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\streamtransportsetup_25412.exe"
sh=F346D91A2E5F5FBEFF8F19023463F079E6E89B7A ft=0 fh=0000000000000000 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\streamtransport_1.1.6.2.zip"
sh=11A13DCEC131C98B5701A5B06D2E204FE855F1EE ft=1 fh=1ee77e4818a8b1cc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\trzDBE6.tmp"
sh=024BB4ED097D115FAC85E2431B3EC2CC60C4BBEE ft=1 fh=d7e036f4e4c1c4d6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\URL Snooper - CHIP-Installer.exe"
sh=F5734B843348AB4727CFD91D1ACF52D7798EA341 ft=1 fh=fe337ec40d85bd5d vn="Variante von Win32/InstallCore.AAC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\windows7-homepremium-sp1-64.exe"
sh=342F33E3877C2898656FE6BD81B5647025A384AD ft=1 fh=08417cc6a5d0dbba vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Downloads\Word Viewer - CHIP-Installer (1).exe"
sh=F25C0D42987DD9838D192A39DA7BD0A6F0C7B4A3 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.BH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Naomi\Pictures\Alte Bilder zip\Bilder Downloads.zip"
Code:
ATTFilter Results of screen317's Security Check version 1.004
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
McAfee Anti-Virus und Anti-Spyware
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (43.0.2357.130)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Naomi (administrator) on DÖRTE on 27-06-2015 22:15:14
Running from C:\Users\Naomi\Downloads
Loaded Profiles: Naomi (Available Profiles: Naomi & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
() C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-11-01] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Denzi] => C:\Program Files (x86)\Denzi\Launcher.bat --wait
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-05] (Electronic Arts)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [Dropbox Update] => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\MountPoints2: {235c5be7-f406-11e4-be83-2cd05accbc66} - "F:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-05-01]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-22] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-2821126440-816702598-971368894-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2821126440-816702598-971368894-1001] => http=127.0.0.1:9881
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2821126440-816702598-971368894-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2821126440-816702598-971368894-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-28] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-28] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-28]
Chrome:
=======
CHR Profile: C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-27]
CHR Extension: (Google Docs) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-27]
CHR Extension: (Google Drive) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-27]
CHR Extension: (YouTube) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-27]
CHR Extension: (Adblock Plus) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-27]
CHR Extension: (Google Search) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-27]
CHR Extension: (Avast SafePrice) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-27]
CHR Extension: (Google Sheets) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-27]
CHR Extension: (Avast Online Security) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Google Wallet) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-27]
CHR Extension: (Gmail) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-27]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-22] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-04-01] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Izgingnessorbidies; C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe [281088 2015-06-16] () [File not signed] <==== ATTENTION
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-05] (Electronic Arts)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-06-12] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-02] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-12-18] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-22] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-02] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-27 22:11 - 2015-06-27 22:11 - 00852662 _____ C:\Users\Naomi\Downloads\SecurityCheck.exe
2015-06-27 19:32 - 2015-06-27 19:32 - 02870984 _____ (ESET) C:\Users\Naomi\Downloads\esetsmartinstaller_deu.exe
2015-06-27 12:28 - 2015-06-27 12:28 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-27 12:28 - 2015-06-27 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-27 12:27 - 2015-06-27 21:32 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 12:27 - 2015-06-27 12:41 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-27 12:27 - 2015-06-27 12:27 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-27 12:27 - 2015-06-27 12:27 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-27 12:27 - 2015-06-27 12:27 - 00000000 ____D C:\Users\Naomi\Downloads\Google-Chrome
2015-06-27 10:12 - 2015-06-27 10:12 - 00002128 _____ C:\Users\Naomi\Desktop\JRT.txt
2015-06-27 10:10 - 2015-06-27 10:10 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DÖRTE-Windows-8.1-(64-bit).dat
2015-06-27 10:10 - 2015-06-27 10:10 - 00000000 ____D C:\RegBackup
2015-06-27 10:09 - 2015-06-27 10:09 - 02950693 _____ (Malwarebytes Corporation) C:\Users\Naomi\Downloads\JRT.exe
2015-06-27 10:09 - 2015-06-27 10:09 - 02949433 _____ (Malwarebytes Corporation) C:\Users\Naomi\Downloads\trz4927.tmp
2015-06-27 09:57 - 2015-06-27 09:57 - 02244096 _____ C:\Users\Naomi\Downloads\AdwCleaner_4.207.exe
2015-06-27 09:56 - 2015-06-27 09:56 - 00003171 _____ C:\Users\Naomi\Desktop\mbam.txt
2015-06-27 09:50 - 2015-06-27 10:00 - 00004036 _____ C:\WINDOWS\PFRO.log
2015-06-27 09:50 - 2015-06-27 10:00 - 00000154 _____ C:\WINDOWS\setupact.log
2015-06-27 09:50 - 2015-06-27 09:50 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-27 09:12 - 2015-06-27 09:12 - 00001291 _____ C:\Users\Naomi\Desktop\Revo Uninstaller.lnk
2015-06-27 09:12 - 2015-06-27 09:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-27 09:11 - 2015-06-27 09:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Naomi\Downloads\revosetup95.exe
2015-06-26 10:25 - 2015-06-26 10:26 - 00043883 _____ C:\Users\Naomi\Downloads\Addition.txt
2015-06-26 10:23 - 2015-06-27 22:15 - 00018570 _____ C:\Users\Naomi\Downloads\FRST.txt
2015-06-26 10:23 - 2015-06-27 22:15 - 00000000 ____D C:\FRST
2015-06-26 10:23 - 2015-06-26 10:23 - 02112512 _____ (Farbar) C:\Users\Naomi\Downloads\FRST64.exe
2015-06-25 08:15 - 2015-06-25 08:15 - 00003202 _____ C:\WINDOWS\System32\Tasks\avastBCLRestart_chrome.exe
2015-06-24 20:28 - 2015-06-22 16:34 - 111524886 _____ C:\Users\Naomi\Desktop\20150622_163315.mp4
2015-06-24 19:17 - 2015-06-27 10:15 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-24 19:17 - 2015-06-24 19:17 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-24 19:17 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-24 19:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-24 19:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-24 19:15 - 2015-06-24 19:16 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Naomi\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-06-24 18:25 - 2015-06-24 18:25 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Enigma Software Group
2015-06-24 18:24 - 2015-06-24 18:24 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Naomi\Downloads\sh-remover.exe
2015-06-24 18:24 - 2015-06-24 18:24 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Naomi\Downloads\sh-remover (1).exe
2015-06-24 11:52 - 2015-06-24 11:52 - 00001461 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-22 13:37 - 2015-06-22 13:37 - 00000000 __SHD C:\Program Files (x86)\Izgingnessorbidies
2015-06-22 13:23 - 2015-06-22 13:23 - 00001879 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Opera Software
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\Users\Naomi\AppData\Local\Opera Software
2015-06-22 13:22 - 2015-06-22 13:22 - 00003836 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1434972161
2015-06-22 13:22 - 2015-06-22 13:22 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk.1434973094.old
2015-06-22 13:18 - 2015-06-22 13:19 - 02975799 _____ (hxxp://www.streamtransport.com/ ) C:\Users\Naomi\Downloads\streamtransportsetup_25412.exe
2015-06-22 13:05 - 2015-06-22 13:05 - 00000046 _____ C:\WINDOWS\SysWOW64\DonationCoder_urlsnooper_InstallInfo.dat
2015-06-22 13:05 - 2015-06-22 13:05 - 00000000 ____D C:\Users\Naomi\Documents\DonationCoder
2015-06-22 13:05 - 2015-06-22 13:05 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\DonationCoder
2015-06-22 12:54 - 2015-06-22 12:54 - 01198368 _____ C:\Users\Naomi\Downloads\URL Snooper - CHIP-Installer.exe
2015-06-22 12:42 - 2015-06-22 12:42 - 00000000 ____D C:\Users\Naomi\Documents\StreamTransport
2015-06-22 11:02 - 2015-06-22 11:02 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-22 11:00 - 2015-06-27 22:05 - 00001236 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA.job
2015-06-22 11:00 - 2015-06-27 11:05 - 00001184 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core.job
2015-06-22 11:00 - 2015-06-22 11:00 - 00004182 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA
2015-06-22 11:00 - 2015-06-22 11:00 - 00003802 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core
2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\Users\Naomi\AppData\Local\Dropbox
2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-22 10:48 - 2015-06-22 10:48 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-22 10:48 - 2015-06-22 10:48 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-22 10:44 - 2015-06-22 10:44 - 17805707 _____ C:\Users\Naomi\Downloads\streamtransport_1.1.6.2.zip
2015-06-22 10:43 - 2015-06-22 10:43 - 01198368 _____ C:\Users\Naomi\Downloads\StreamTransport - CHIP-Installer (1).exe
2015-06-22 10:40 - 2015-06-22 10:41 - 01198368 ____N C:\Users\Naomi\Downloads\StreamTransport - CHIP-Installer.exe
2015-06-16 22:17 - 2015-06-16 22:17 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\LibreOffice
2015-06-16 22:16 - 2015-06-16 22:16 - 00001484 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-06-16 22:16 - 2015-06-16 22:16 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-06-16 22:14 - 2015-06-16 22:16 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-06-16 22:12 - 2015-06-16 22:11 - 01197344 _____ C:\Users\Naomi\Downloads\trzDBE6.tmp
2015-06-16 22:09 - 2015-06-16 22:14 - 00000000 ____D C:\Users\Naomi\Documents\SoftMaker
2015-06-16 22:08 - 2015-06-16 22:09 - 61687304 _____ (SoftMaker Software GmbH) C:\Users\Naomi\Downloads\freeofficewindows.exe
2015-06-16 22:01 - 2015-06-16 22:01 - 01377255 _____ (Denzi) C:\Users\Naomi\Downloads\Denzi_setup.exe
2015-06-16 21:49 - 2015-06-16 21:50 - 39074536 _____ (Microsoft Corporation) C:\Users\Naomi\Downloads\FileFormatConverters.exe
2015-06-16 21:47 - 2015-06-16 21:47 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2015-06-16 21:46 - 2015-06-16 21:50 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-06-16 21:45 - 2015-06-16 21:45 - 01197344 _____ C:\Users\Naomi\Downloads\Word Viewer - CHIP-Installer (1).exe
2015-06-12 08:40 - 2015-06-12 08:40 - 00000232 _____ C:\Users\Naomi\Desktop\Far Cry 3.url
2015-06-12 08:40 - 2015-06-12 08:40 - 00000232 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Far Cry 3.url
2015-06-12 08:38 - 2015-06-12 08:38 - 00001228 _____ C:\Users\Naomi\Desktop\Uplay.lnk
2015-06-12 08:38 - 2015-06-12 08:38 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-06-12 08:37 - 2015-06-12 08:38 - 61778376 _____ (Ubisoft) C:\Users\Naomi\Downloads\UplayInstaller (1).exe
2015-06-10 23:58 - 2015-06-10 23:58 - 00000814 _____ C:\Users\Naomi\Downloads\Originals.lnk
2015-06-10 23:07 - 2015-06-10 23:07 - 01941744 _____ C:\Users\Naomi\Downloads\winrar-x64-521.exe
2015-06-10 23:05 - 2015-06-10 23:05 - 02058768 _____ C:\Users\Naomi\Downloads\winrar-x64-521d (1).exe
2015-06-10 22:39 - 2015-06-10 22:39 - 01197344 _____ C:\Users\Naomi\Downloads\Everest Ultimate Edition - CHIP-Installer.exe
2015-06-10 22:38 - 2015-06-10 22:40 - 209818191 _____ C:\Users\Naomi\Downloads\0005-Win7_Win8_Win81_Win10_R278.zip
2015-06-10 22:34 - 2015-06-10 22:34 - 35084080 _____ C:\Users\Naomi\Downloads\PROWinx64.exe
2015-06-10 22:32 - 2015-06-10 22:32 - 25883081 _____ C:\Users\Naomi\Downloads\E50E.tmp
2015-06-10 21:03 - 2015-06-10 21:05 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-06-10 21:03 - 2015-06-10 21:03 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-06-10 21:03 - 2015-06-10 21:03 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Canneverbe Limited
2015-06-10 21:03 - 2015-06-10 21:03 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-06-10 21:02 - 2015-06-10 21:02 - 05419688 _____ (Canneverbe Limited ) C:\Users\Naomi\Downloads\cdbxp_setup_4.5.5.5642_minimal.exe
2015-06-10 21:02 - 2015-06-10 21:02 - 05419688 _____ (Canneverbe Limited ) C:\Users\Naomi\Downloads\cdbxp_setup_4.5.5.5642_minimal (1).exe
2015-06-10 20:27 - 2015-06-10 21:01 - 3268147200 _____ C:\Users\Naomi\Downloads\Win_7_Hm_Prem_German_x64.iso
2015-06-10 19:56 - 2015-06-10 19:56 - 2682257408 _____ C:\Users\Naomi\Downloads\windows7-homepremium-sp1-64 [1].exe
2015-06-10 19:28 - 2015-06-10 19:28 - 00771552 _____ (Internet ) C:\Users\Naomi\Downloads\windows7-homepremium-sp1-64.exe
2015-06-10 11:36 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 11:36 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 11:35 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 11:35 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 11:35 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 11:35 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 11:35 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 11:35 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 11:35 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 11:35 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 11:35 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 11:35 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 11:35 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 11:35 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 11:35 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 11:35 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 11:35 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 11:35 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 11:35 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 11:35 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 11:35 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 11:35 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 11:35 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 11:35 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 11:35 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 11:35 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 11:35 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 11:35 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 11:35 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 11:35 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 11:35 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 11:35 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 11:35 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 11:35 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 11:35 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 11:35 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 11:35 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 11:35 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 11:35 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 11:35 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 11:35 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 11:35 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 11:35 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 11:35 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 11:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 11:34 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 11:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 11:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 11:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 11:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 11:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 11:34 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 11:34 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 11:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 11:34 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 11:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 11:34 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 11:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 11:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 11:34 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 11:34 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 11:34 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 11:34 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 11:34 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 11:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 11:34 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 11:34 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 11:34 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 11:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 11:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 11:34 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 11:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 11:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 11:34 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-05 19:29 - 2015-06-05 19:30 - 61320528 _____ (Ubisoft) C:\Users\Naomi\Downloads\UplayInstaller.exe
2015-06-03 20:33 - 2015-06-03 20:33 - 00000000 ____D C:\Users\Naomi\AppData\Local\GWX
2015-05-28 22:10 - 2015-05-28 22:10 - 00000000 ____D C:\Users\Naomi\AppData\Local\Chromium
2015-05-28 22:06 - 2015-05-28 22:06 - 16242632 _____ (Rockstar Games) C:\Users\Naomi\Downloads\Social Club v1.1.0.1 Setup.exe
2015-05-28 21:57 - 2015-05-28 21:58 - 00000000 ____D C:\Users\Naomi\Documents\Rockstar Games
2015-05-28 21:57 - 2015-05-28 21:57 - 00000000 ____D C:\ProgramData\RELOADED
2015-05-28 21:55 - 2015-05-28 21:55 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\L.A.Noire
2015-05-28 21:55 - 2015-05-28 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-05-28 21:55 - 2015-05-28 21:55 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-05-28 21:00 - 2015-05-28 21:00 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-05-28 17:48 - 2015-05-28 17:48 - 02060664 _____ C:\Users\Naomi\Downloads\winrar-x64-521d.exe
2015-05-28 17:48 - 2015-05-28 17:48 - 00000000 ____D C:\Program Files\WinRAR
2015-05-28 17:30 - 2015-05-28 20:13 - 00000000 ____D C:\Users\Naomi\Downloads\L.A. Noire [R.G. Mechanics]
2015-05-28 17:26 - 2015-05-28 17:27 - 01998432 _____ (BitTorrent Inc.) C:\Users\Naomi\Downloads\uTorrent.exe
2015-05-28 17:22 - 2015-05-28 17:22 - 04001621 _____ (EZB Systems, Inc. ) C:\Users\Naomi\Downloads\uiso9_pe.exe
2015-05-28 17:17 - 2015-05-28 17:34 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\DMCache
2015-05-28 17:17 - 2015-05-28 17:17 - 00000000 ____D C:\Users\Naomi\Downloads\Video
2015-05-28 17:17 - 2015-05-28 17:17 - 00000000 ____D C:\Users\Naomi\Downloads\Compressed
2015-05-28 17:17 - 2015-05-28 17:17 - 00000000 ____D C:\ProgramData\IDM
2015-05-28 17:11 - 2015-05-28 17:12 - 06309520 _____ (Tonec Inc.) C:\Users\Naomi\Downloads\idman621build8.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-27 22:09 - 2015-04-03 15:42 - 01532125 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-27 22:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-27 21:45 - 2015-04-06 14:09 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8399745-9C2F-4951-9121-6F841BBF9BBF}
2015-06-27 15:57 - 2015-03-28 13:18 - 00807936 ___SH C:\Users\Naomi\Downloads\Thumbs.db
2015-06-27 12:42 - 2015-03-28 13:09 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2821126440-816702598-971368894-1001
2015-06-27 12:28 - 2015-03-28 13:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-27 12:28 - 2015-03-28 13:24 - 00000000 ____D C:\Users\Naomi\AppData\Local\Google
2015-06-27 10:16 - 2015-04-02 13:30 - 00000000 ____D C:\Users\Naomi\OneDrive
2015-06-27 10:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-27 10:10 - 2015-04-01 10:26 - 00000000 ____D C:\ProgramData\Origin
2015-06-27 10:07 - 2015-03-28 13:14 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 10:03 - 2015-05-07 12:56 - 00000000 ___RD C:\Users\Naomi\Dropbox
2015-06-27 10:03 - 2015-05-07 07:14 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Dropbox
2015-06-27 10:00 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-27 09:59 - 2015-04-02 12:51 - 00000000 ____D C:\Users\Naomi
2015-06-27 09:59 - 2013-08-27 12:48 - 00000000 ____D C:\AdwCleaner
2015-06-27 09:59 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-27 09:56 - 2015-03-28 13:35 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-24 21:13 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-24 21:13 - 2014-11-21 04:45 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-24 21:13 - 2014-11-21 04:45 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-24 20:20 - 2015-04-12 18:31 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\PhotoScape
2015-06-24 12:07 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-22 12:41 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-22 10:53 - 2013-08-22 16:44 - 00403632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-22 10:48 - 2015-03-28 13:36 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-22 10:48 - 2015-03-28 13:35 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-20 05:02 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 21:59 - 2015-04-06 20:00 - 00979968 ___SH C:\Users\Naomi\Desktop\Thumbs.db
2015-06-17 20:30 - 2015-04-01 17:19 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-06-17 20:30 - 2015-04-01 13:11 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-06-17 19:30 - 2015-04-01 20:15 - 00001373 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2015-06-17 19:30 - 2015-04-01 13:11 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-06-16 21:51 - 2013-01-29 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-12 10:32 - 2015-04-01 13:11 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-12 08:40 - 2015-04-01 10:27 - 00000000 ____D C:\Users\Naomi\AppData\Local\Ubisoft Game Launcher
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieUserList
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieSiteList
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieBrowserModeList
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 15:21 - 2015-04-06 18:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 15:21 - 2014-11-21 12:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 15:21 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 15:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 11:52 - 2015-03-30 12:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 11:48 - 2015-03-30 12:00 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-05 08:04 - 2015-04-01 10:35 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Origin
2015-06-05 08:03 - 2015-04-01 19:11 - 00000000 ____D C:\Program Files (x86)\Origin
2015-05-28 17:48 - 2015-04-17 10:08 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-28 17:48 - 2015-04-17 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
==================== Files in the root of some directories =======
2015-04-06 17:52 - 2015-04-06 17:52 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Naomi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpftnqem.dll
C:\Users\Naomi\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Naomi\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Naomi\AppData\Local\Temp\sdan.exe
C:\Users\Naomi\AppData\Local\Temp\sdapk.exe
C:\Users\Naomi\AppData\Local\Temp\sdaspwn.exe
C:\Users\Naomi\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-19 20:23
==================== End of log ============================
|
|
28.06.2015, 12:29
| #8 |
| /// the machine /// TB-Ausbilder | Google Chrome öffnet neuerdings Fenster mit Werbung Immer noch nur in Chrome? Du hast Chrome wie weiter oben beschrieben komplett gelöscht und Reste entfernt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.06.2015, 12:36
| #9 |
| | Google Chrome öffnet neuerdings Fenster mit Werbung Jap, immer noch in Chrome, obwohl ich alles gemacht habe, wie es oben beschrieben wurde. Hab jetzt als Test auch mal den Internet Explorer ausprobiert, da kam das dann auch, aber da habe ich auch keinen Werbeblocker, vielleicht liegts auch daran. |
|
29.06.2015, 06:15
| #10 |
| /// the machine /// TB-Ausbilder | Google Chrome öffnet neuerdings Fenster mit Werbung Aaah, dann kommen wir der Sache schon näher. Bitte Firefox installieren, testen ob es dort auch ist. Andere PC oder Handys in deinem Netzwerk haben keine Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2015, 06:39
| #11 |
| | Google Chrome öffnet neuerdings Fenster mit Werbung Bei Firefox ist es genauso wie bei den anderen Browsern. Nein, mein Laptop ist der Einzige, der da irgendwie in die Richtung Probleme macht. |
|
29.06.2015, 12:09
| #12 |
| /// the machine /// TB-Ausbilder | Google Chrome öffnet neuerdings Fenster mit Werbung Bitte FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logs.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2015, 12:33
| #13 |
| | Google Chrome öffnet neuerdings Fenster mit WerbungFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Naomi (administrator) on DÖRTE on 29-06-2015 13:28:39
Running from C:\Users\Naomi\Downloads
Loaded Profiles: Naomi (Available Profiles: Naomi & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
() C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-11-01] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Denzi] => C:\Program Files (x86)\Denzi\Launcher.bat --wait
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-05] (Electronic Arts)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Run: [Dropbox Update] => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\MountPoints2: {235c5be7-f406-11e4-be83-2cd05accbc66} - "F:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-05-01]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-22] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-2821126440-816702598-971368894-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2821126440-816702598-971368894-1001] => http=127.0.0.1:9881
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2821126440-816702598-971368894-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2821126440-816702598-971368894-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-28] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-28] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0F57EB35-668E-48B8-8F7B-2C249A861CF3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6516C150-9AAE-48C3-A54C-00687FB2888D}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Naomi\AppData\Roaming\Mozilla\Firefox\Profiles\q4u7l378.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-28]
Chrome:
=======
CHR Profile: C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-27]
CHR Extension: (Google Docs) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-27]
CHR Extension: (Google Drive) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-27]
CHR Extension: (YouTube) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-27]
CHR Extension: (Adblock Plus) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-27]
CHR Extension: (Google Search) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-27]
CHR Extension: (Avast SafePrice) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-27]
CHR Extension: (Google Sheets) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-27]
CHR Extension: (Avast Online Security) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Google Wallet) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-27]
CHR Extension: (Gmail) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-27]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-22] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-04-01] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 Izgingnessorbidies; C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe [281088 2015-06-16] () [File not signed] <==== ATTENTION
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-05] (Electronic Arts)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-06-12] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-02] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-12-18] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-22] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-02] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-29 13:28 - 2015-06-29 13:29 - 00018711 _____ C:\Users\Naomi\Downloads\FRST.txt
2015-06-29 13:15 - 2015-06-29 13:15 - 02112512 _____ (Farbar) C:\Users\Naomi\Downloads\FRST64.exe
2015-06-29 07:37 - 2015-06-29 07:37 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Mozilla
2015-06-29 07:37 - 2015-06-29 07:37 - 00000000 ____D C:\Users\Naomi\AppData\Local\Mozilla
2015-06-29 07:36 - 2015-06-29 07:36 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-29 07:36 - 2015-06-29 07:36 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-29 07:36 - 2015-06-29 07:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-29 07:35 - 2015-06-29 07:36 - 40140720 _____ C:\Users\Naomi\Downloads\Firefox Setup 38.0.5.exe
2015-06-29 07:31 - 2015-06-29 07:31 - 00243592 _____ C:\Users\Naomi\Desktop\Firefox Setup Stub 38.0.5.exe
2015-06-28 21:17 - 2015-06-28 21:17 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-27 12:28 - 2015-06-27 12:28 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-27 12:28 - 2015-06-27 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-27 12:27 - 2015-06-29 12:32 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 12:27 - 2015-06-29 12:32 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-27 12:27 - 2015-06-27 12:27 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-27 12:27 - 2015-06-27 12:27 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-27 12:27 - 2015-06-27 12:27 - 00000000 ____D C:\Users\Naomi\Downloads\Google-Chrome
2015-06-27 10:10 - 2015-06-27 10:10 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DÖRTE-Windows-8.1-(64-bit).dat
2015-06-27 10:10 - 2015-06-27 10:10 - 00000000 ____D C:\RegBackup
2015-06-27 09:50 - 2015-06-27 10:00 - 00004036 _____ C:\WINDOWS\PFRO.log
2015-06-27 09:50 - 2015-06-27 10:00 - 00000154 _____ C:\WINDOWS\setupact.log
2015-06-27 09:50 - 2015-06-27 09:50 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-27 09:12 - 2015-06-27 09:12 - 00001291 _____ C:\Users\Naomi\Desktop\Revo Uninstaller.lnk
2015-06-27 09:12 - 2015-06-27 09:12 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-26 10:23 - 2015-06-29 13:28 - 00000000 ____D C:\FRST
2015-06-25 08:15 - 2015-06-25 08:15 - 00003202 _____ C:\WINDOWS\System32\Tasks\avastBCLRestart_chrome.exe
2015-06-24 20:28 - 2015-06-22 16:34 - 111524886 _____ C:\Users\Naomi\Desktop\20150622_163315.mp4
2015-06-24 19:17 - 2015-06-27 10:15 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-24 19:17 - 2015-06-24 19:17 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-24 19:17 - 2015-06-24 19:17 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-24 19:17 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-24 19:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-24 19:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-24 18:25 - 2015-06-24 18:25 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Enigma Software Group
2015-06-24 11:52 - 2015-06-24 11:52 - 00001461 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-22 13:37 - 2015-06-22 13:37 - 00000000 __SHD C:\Program Files (x86)\Izgingnessorbidies
2015-06-22 13:23 - 2015-06-22 13:23 - 00001879 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Opera Software
2015-06-22 13:23 - 2015-06-22 13:23 - 00000000 ____D C:\Users\Naomi\AppData\Local\Opera Software
2015-06-22 13:22 - 2015-06-22 13:22 - 00003836 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1434972161
2015-06-22 13:22 - 2015-06-22 13:22 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk.1434973094.old
2015-06-22 13:05 - 2015-06-22 13:05 - 00000046 _____ C:\WINDOWS\SysWOW64\DonationCoder_urlsnooper_InstallInfo.dat
2015-06-22 13:05 - 2015-06-22 13:05 - 00000000 ____D C:\Users\Naomi\Documents\DonationCoder
2015-06-22 13:05 - 2015-06-22 13:05 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\DonationCoder
2015-06-22 12:42 - 2015-06-22 12:42 - 00000000 ____D C:\Users\Naomi\Documents\StreamTransport
2015-06-22 11:02 - 2015-06-22 11:02 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-22 11:00 - 2015-06-29 13:05 - 00001236 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA.job
2015-06-22 11:00 - 2015-06-29 11:05 - 00001184 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core.job
2015-06-22 11:00 - 2015-06-22 11:00 - 00004182 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA
2015-06-22 11:00 - 2015-06-22 11:00 - 00003802 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core
2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\Users\Naomi\AppData\Local\Dropbox
2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-22 10:48 - 2015-06-22 10:48 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-22 10:48 - 2015-06-22 10:48 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-16 22:17 - 2015-06-16 22:17 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\LibreOffice
2015-06-16 22:16 - 2015-06-16 22:16 - 00001484 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-06-16 22:16 - 2015-06-16 22:16 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-06-16 22:14 - 2015-06-16 22:16 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-06-16 22:09 - 2015-06-16 22:14 - 00000000 ____D C:\Users\Naomi\Documents\SoftMaker
2015-06-16 21:47 - 2015-06-16 21:47 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2015-06-16 21:46 - 2015-06-16 21:50 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-06-12 08:40 - 2015-06-12 08:40 - 00000232 _____ C:\Users\Naomi\Desktop\Far Cry 3.url
2015-06-12 08:40 - 2015-06-12 08:40 - 00000232 _____ C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Far Cry 3.url
2015-06-12 08:38 - 2015-06-12 08:38 - 00001228 _____ C:\Users\Naomi\Desktop\Uplay.lnk
2015-06-12 08:38 - 2015-06-12 08:38 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-06-10 23:58 - 2015-06-10 23:58 - 00000814 _____ C:\Users\Naomi\Downloads\Originals.lnk
2015-06-10 21:03 - 2015-06-10 21:05 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-06-10 21:03 - 2015-06-10 21:03 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-06-10 21:03 - 2015-06-10 21:03 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Canneverbe Limited
2015-06-10 21:03 - 2015-06-10 21:03 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-06-10 11:36 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 11:36 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 11:36 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 11:35 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 11:35 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 11:35 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 11:35 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 11:35 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 11:35 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 11:35 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 11:35 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 11:35 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 11:35 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 11:35 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 11:35 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 11:35 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 11:35 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 11:35 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 11:35 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 11:35 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 11:35 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 11:35 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 11:35 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 11:35 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 11:35 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 11:35 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 11:35 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 11:35 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 11:35 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 11:35 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 11:35 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 11:35 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 11:35 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 11:35 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 11:35 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 11:35 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 11:35 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 11:35 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 11:35 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 11:35 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 11:35 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 11:35 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 11:35 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 11:35 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 11:35 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 11:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 11:34 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 11:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 11:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 11:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 11:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 11:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 11:34 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 11:34 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 11:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 11:34 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 11:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 11:34 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 11:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 11:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 11:34 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 11:34 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 11:34 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 11:34 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 11:34 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 11:34 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 11:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 11:34 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 11:34 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 11:34 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 11:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 11:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 11:34 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 11:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 11:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 11:34 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-03 20:33 - 2015-06-03 20:33 - 00000000 ____D C:\Users\Naomi\AppData\Local\GWX
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-29 13:23 - 2015-04-03 15:42 - 01157833 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-29 13:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-29 07:52 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-29 07:52 - 2014-11-21 04:45 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-29 07:52 - 2014-11-21 04:45 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-29 07:31 - 2015-04-06 14:09 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8399745-9C2F-4951-9121-6F841BBF9BBF}
2015-06-29 07:31 - 2015-03-28 13:18 - 00930304 ___SH C:\Users\Naomi\Downloads\Thumbs.db
2015-06-27 22:26 - 2015-04-12 18:31 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\PhotoScape
2015-06-27 12:42 - 2015-03-28 13:09 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2821126440-816702598-971368894-1001
2015-06-27 12:28 - 2015-03-28 13:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-27 12:28 - 2015-03-28 13:24 - 00000000 ____D C:\Users\Naomi\AppData\Local\Google
2015-06-27 10:16 - 2015-04-02 13:30 - 00000000 ____D C:\Users\Naomi\OneDrive
2015-06-27 10:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-27 10:10 - 2015-04-01 10:26 - 00000000 ____D C:\ProgramData\Origin
2015-06-27 10:07 - 2015-03-28 13:14 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 10:03 - 2015-05-07 12:56 - 00000000 ___RD C:\Users\Naomi\Dropbox
2015-06-27 10:03 - 2015-05-07 07:14 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Dropbox
2015-06-27 10:00 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-27 09:59 - 2015-04-02 12:51 - 00000000 ____D C:\Users\Naomi
2015-06-27 09:59 - 2013-08-27 12:48 - 00000000 ____D C:\AdwCleaner
2015-06-27 09:59 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-27 09:56 - 2015-03-28 13:35 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-24 12:07 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-22 12:41 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-22 10:53 - 2013-08-22 16:44 - 00403632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-22 10:48 - 2015-03-28 13:36 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-22 10:48 - 2015-03-28 13:35 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-22 10:48 - 2015-03-28 13:35 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-20 05:02 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 21:59 - 2015-04-06 20:00 - 00979968 ___SH C:\Users\Naomi\Desktop\Thumbs.db
2015-06-17 20:30 - 2015-04-01 17:19 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-06-17 20:30 - 2015-04-01 13:11 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-06-17 19:30 - 2015-04-01 20:15 - 00001373 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2015-06-17 19:30 - 2015-04-01 13:11 - 00281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-06-16 21:51 - 2013-01-29 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-12 10:32 - 2015-04-01 13:11 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-12 08:40 - 2015-04-01 10:27 - 00000000 ____D C:\Users\Naomi\AppData\Local\Ubisoft Game Launcher
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieUserList
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieSiteList
2015-06-10 23:02 - 2015-04-06 14:09 - 00000000 __SHD C:\Users\Naomi\AppData\Local\EmieBrowserModeList
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 15:21 - 2015-04-06 18:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 15:21 - 2014-11-21 12:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 15:21 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 15:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 11:52 - 2015-03-30 12:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 11:48 - 2015-03-30 12:00 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-05 08:04 - 2015-04-01 10:35 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Origin
2015-06-05 08:03 - 2015-04-01 19:11 - 00000000 ____D C:\Program Files (x86)\Origin
==================== Files in the root of some directories =======
2015-04-06 17:52 - 2015-04-06 17:52 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Naomi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpftnqem.dll
C:\Users\Naomi\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Naomi\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Naomi\AppData\Local\Temp\sdan.exe
C:\Users\Naomi\AppData\Local\Temp\sdapk.exe
C:\Users\Naomi\AppData\Local\Temp\sdaspwn.exe
C:\Users\Naomi\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-29 08:25
==================== End of log ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Naomi at 2015-06-29 13:29:34
Running from C:\Users\Naomi\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2821126440-816702598-971368894-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-2821126440-816702598-971368894-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2821126440-816702598-971368894-1010 - Limited - Enabled)
Naomi (S-1-5-21-2821126440-816702598-971368894-1001 - Administrator - Enabled) => C:\Users\Naomi
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{95EF3DDB-27C8-CDA9-9E72-5EC3F02C1B02}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Standard Edition 5.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 11 v.11.1.5 (HKLM-x32\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.1.5 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version: - )
Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version: - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.8.61.1020 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-2821126440-816702598-971368894-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft)
Fotor 2.0.2 (HKLM-x32\...\Fotor) (Version: 2.0.2 - Everimaging Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
L.A.Noire (HKLM-x32\...\L.A.Noire_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{B099E941-4789-46A1-9B14-01CFD04E03B3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{302642B7-320C-42AD-893E-52A233CF014A}) (Version: 6.1.4.0 - Husdawg, LLC)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.21-A - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 7.1 - Ubisoft)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2821126440-816702598-971368894-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Naomi\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
==================== Restore Points =========================
14-06-2015 12:38:44 DirectX wurde installiert
15-06-2015 14:42:19 DirectX wurde installiert
16-06-2015 21:46:53 Microsoft Office Word Viewer 2003 wird installiert
22-06-2015 10:45:34 avast! antivirus system restore point
27-06-2015 09:13:29 Revo Uninstaller's restore point - Your Software Deals 1.0.0
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07FE524D-4E20-43AC-9175-EEAAFE4F1ABC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {10B4BD5E-CFF2-4276-A0B7-6451933E22F0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {15E1244E-8F14-478F-AFF4-2D4FF82D3C3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-27] (Google Inc.)
Task: {22AFD037-9652-4CF6-8FEC-2545C2A14D82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {3CEAAD02-B2D0-4A3A-BE51-6AA0436EC7DD} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {3D74ACCB-DE24-4641-B88F-1BEB3C757E03} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
Task: {44DCBFAA-2E55-49B5-80A5-C30357750AB8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {53E6ED92-E957-490C-849C-ADA79F0206C3} - System32\Tasks\{990B77C5-3142-4060-8C61-C71DA91C1280} => pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe"
Task: {79CFC67B-2925-4622-86E1-3A5471BEF584} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH)
Task: {8ABFF965-269D-4D4B-A128-9C72715CC168} - System32\Tasks\{EABA3504-5329-41DA-8119-CB071F87A63E} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {958064CA-7D16-46BF-8132-022B6E20AFF6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {99FFB420-2C8E-487A-8187-99D89DD87D33} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {9A5C3439-6394-424B-801A-1BF9944EEDF9} - System32\Tasks\Opera scheduled Autoupdate 1434972161 => C:\Program Files (x86)\Opera\launcher.exe
Task: {BFE2A253-4458-451B-8E6B-53D354A181C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {C7D66FDF-E4A9-426C-8D9F-19A4FA966A6F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-22] (Avast Software s.r.o.)
Task: {D70FC6D9-8172-48C1-9403-272A68DED9C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-27] (Google Inc.)
Task: {E0CB1D33-C4DA-4359-9158-576BA6125673} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F22F68BB-CA8B-4474-912D-9676854E947F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {FD0FFE8D-715A-46B8-9084-F98427D02F75} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001Core.job => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2821126440-816702598-971368894-1001UA.job => C:\Users\Naomi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-05-11 10:27 - 2015-05-11 10:27 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2015-05-11 10:28 - 2015-05-11 10:28 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2015-05-11 10:27 - 2015-05-11 10:27 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2015-06-22 13:37 - 2015-06-16 08:50 - 00281088 ___SH () C:\Program Files (x86)\Izgingnessorbidies\Izgingnessorbidies.exe
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-22 10:48 - 2015-06-22 10:48 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-22 10:48 - 2015-06-22 10:48 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-27 09:15 - 2015-06-27 09:15 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062601\algo.dll
2015-06-29 13:18 - 2015-06-29 13:18 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062900\algo.dll
2015-03-28 13:35 - 2015-03-28 13:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-27 12:28 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-27 12:28 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-27 12:28 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Naomi\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Naomi\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\Naomi\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Naomi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hintergrundbild der windows-fotoanzeige.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{80A4A0ED-E1F7-4FC4-B59B-984C9AA57F51}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [TCP Query User{36D70838-3006-4400-BEC5-C898AA9D3AC7}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{107CF001-8933-4E47-83A3-1DC42247B5F5}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{339D5565-612C-44E9-84D5-AE5BC626FF85}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{CE20560B-A0C8-4F6E-9F35-5108075EA332}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{8C28EB15-F5C3-474F-A63E-71E214FC024F}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{3F59CB0C-3D65-4374-A410-1E15FFA0D065}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{4B0E606E-2C0D-48C6-9959-B6BCB0234EC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0D7CCE3F-66A8-473C-B1D6-E83EC33C0E39}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D3B8CF29-37E1-4D6A-B064-23F110655A4E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C8DABE6D-7653-4DE2-8BE8-B3DC4C894AB5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7CBCAAC9-D5D7-4225-82D6-6DFA6A2B53CE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7BFB93AB-269A-4AF0-B5B9-66823BE482B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2591A3B5-24CB-460E-A6C8-3CA1AEAB4A7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CE1CD6CF-81CA-4A71-8637-00C1C1433577}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{84C42943-AFFF-4E90-9DB5-92B7CCF74E3C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{73318B95-F320-4C04-8AA8-77A924187945}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{38A09E30-9992-48E3-9D3C-0B4823C81CF1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B8AA07B2-2CBC-467B-A497-39A431F4C47F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0761410D-9026-4420-921B-A63355D8FE85}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{77B6848B-26AF-457B-BD7C-24FF418313EC}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{45D8A849-B6A5-491E-8B59-D6723D2E1B3E}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{64C37BD1-0102-4D99-9F9C-33CDE6670B8A}] => (Allow) C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{91D65D95-3811-4D96-9D6F-E71925BB4B3D}] => (Allow) C:\Users\Naomi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9F44720-A60E-4517-83C2-7B49B711C292}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9857E3D7-9F09-4AF8-A23A-D92E800D046A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BF8DAA2D-C453-426E-B9F8-B54F03C7DA08}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1256486F-5B9F-48FB-A648-AED6A0637B64}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A376655-F8CC-444A-AE97-0DD763FC222E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{6943EE32-ED52-4BF4-9834-5304CFB94F92}C:\users\naomi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\naomi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{ADCD6427-91AB-4EB2-9D8B-48A8407D819A}C:\users\naomi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\naomi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{04D01FD4-CFC9-4035-ADEA-D11BDF538B12}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6379D532-ED24-4675-9753-69EACFEF0618}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{466D205A-1DC0-414D-9598-F5EF7B80E371}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2B855785-F123-47B5-9F4D-51B220E2CAA0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{65613329-5B33-4735-ABF0-35B688EC8B8C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{C1F025FA-1AC4-43E0-987F-8FC4C0BB5CE1}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{859D7E25-0000-4AD1-975E-030053852A02}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{51E760ED-71EE-4A31-9217-C2830EF4FEF4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{72FAD2B5-C3AB-4E3E-9787-D227A65BBE62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{15D521EB-C331-475B-A251-AA4E71596AEC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC995B16-83CD-4341-9C60-D2B05BF05032}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/29/2015 07:32:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/28/2015 10:16:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20905 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 7dc
Startzeit: 01d0b1de87aff83f
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 7c5295c8-1dd2-11e5-be90-2cd05accbc66
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/28/2015 09:17:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/28/2015 09:17:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/28/2015 08:40:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/27/2015 10:15:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/27/2015 10:07:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/27/2015 07:32:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/27/2015 07:32:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/27/2015 07:32:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
System errors:
=============
Error: (06/29/2015 07:57:46 AM) (Source: Virtual Disk Service) (EventID: 9) (User: )
Description: Unerwarteter Anbieterfehler. Möglicherweise kann das Problem durch erneutes Starten des Dienstes behoben werden. Fehlercode: 8007001F@02000014
Error: (06/29/2015 07:53:25 AM) (Source: Virtual Disk Service) (EventID: 10) (User: )
Description: Fehler beim Schreiben eines Startcodes auf einen Datenträger durch VDS während eines Bereinigungsvorgangs. Fehlercode: 80070015@02070008
Error: (06/29/2015 07:52:59 AM) (Source: Virtual Disk Service) (EventID: 10) (User: )
Description: Fehler beim Schreiben eines Startcodes auf einen Datenträger durch VDS während eines Bereinigungsvorgangs. Fehlercode: 80070015@02070008
Error: (06/29/2015 07:52:40 AM) (Source: Virtual Disk Service) (EventID: 9) (User: )
Description: Unerwarteter Anbieterfehler. Möglicherweise kann das Problem durch erneutes Starten des Dienstes behoben werden. Fehlercode: 8007001F@02000014
Error: (06/27/2015 07:33:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/27/2015 07:33:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Naomi\AppData\Local\Temp\ehdrv.sys
Error: (06/27/2015 07:33:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/27/2015 07:33:30 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Naomi\AppData\Local\Temp\ehdrv.sys
Error: (06/27/2015 07:33:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/27/2015 07:33:30 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Naomi\AppData\Local\Temp\ehdrv.sys
Microsoft Office:
=========================
Error: (06/29/2015 07:32:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\$Recycle.Bin\S-1-5-21-2821126440-816702598-971368894-1001\$RJQE15P.exe
Error: (06/28/2015 10:16:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209057dc01d0b1de87aff83f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe7c5295c8-1dd2-11e5-be90-2cd05accbc66microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/28/2015 09:17:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Naomi\Downloads\esetsmartinstaller_deu.exe
Error: (06/28/2015 09:17:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Naomi\Downloads\esetsmartinstaller_deu.exe
Error: (06/28/2015 08:40:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestc:\users\naomi\downloads\esetsmartinstaller_deu.exe
Error: (06/27/2015 10:15:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Naomi\Downloads\esetsmartinstaller_deu.exe
Error: (06/27/2015 10:07:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (06/27/2015 07:32:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Naomi\Downloads\esetsmartinstaller_deu.exe
Error: (06/27/2015 07:32:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Naomi\Downloads\esetsmartinstaller_deu.exe
Error: (06/27/2015 07:32:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Naomi\Downloads\esetsmartinstaller_deu.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 55%
Total physical RAM: 4047.22 MB
Available physical RAM: 1815.25 MB
Total Pagefile: 5007.22 MB
Available Pagefile: 2557.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (TI31051200A) (Fixed) (Total:686.62 GB) (Free:505.36 GB) NTFS
Drive h: () (Removable) (Total:3.68 GB) (Free:0.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
30.06.2015, 06:16
| #14 |
| /// the machine /// TB-Ausbilder | Google Chrome öffnet neuerdings Fenster mit Werbung Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter File: C:\Program Files (x86)\Denzi\Launcher.bat
RemoveProxy:
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.06.2015, 17:12
| #15 |
| | Google Chrome öffnet neuerdings Fenster mit WerbungCode:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Naomi at 2015-06-30 18:03:35 Run:1
Running from C:\Users\Naomi\Downloads
Loaded Profiles: Naomi (Available Profiles: Naomi & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
File: C:\Program Files (x86)\Denzi\Launcher.bat
RemoveProxy:
Emptytemp:
*****************
========================= File: C:\Program Files (x86)\Denzi\Launcher.bat ========================
"C:\Program Files (x86)\Denzi\Launcher.bat" not found.
====== End of File: ======
========= RemoveProxy: =========
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-2821126440-816702598-971368894-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-2821126440-816702598-971368894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2821126440-816702598-971368894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => 968.7 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 18:03:48 ====
|
|
| Themen zu Google Chrome öffnet neuerdings Fenster mit Werbung |
| aufgepasst, beheben, chrome, deinstalliert, download, fenster, gen, google, immer wieder, installier, installiert, liebe, lieben, nicht mehr, problem, programme, seitdem, seite, seiten, sofort, werbun, werbung, überhaupt, zusätzliche, öffnet |
dann auf 
und dann auf 
. 
Linear-Darstellung
