Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.03.2015, 19:58   #1
dingsibumzi
 
Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Standard

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)



Guten Abend,
ich habe mir vor 1-2 Tagen das Programm "Daemon Tools" runtergeladen um eine Image Datei in ein Virtuelles Laufwerk zu Mounten und mir somit das Brennen zu ersparen.
Seitdem ich dies getan habe, sind alle Seiten die ich im Browser öffne voll mit Werbung (trotz AdBlocker) und bei sogut wie jedem Klick (egal wo hin) öffnet sich ein Popup oder Tab.

Die ganzen nervigen kleinen Programme, welche Automatisch im Hintergrund mit installiert wurden, habe ich schon entfernt.
Anfangs ist mir auch dauerhaft der Browser zu gegangen und es öffnete ihn immer wieder mit komischen Tabs, was allerdings durch das entfernen der Hintergrund Programme nicht mehr vorhanden ist.

Ich habe hier einmal die Anleitungen befolgt und hoffe, dass damit alle Informationen gegeben sind, die gewünscht sind.

defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:11 on 19/03/2015 (Joey)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Joey (administrator) on YAOI on 19-03-2015 19:12:26
Running from C:\Users\Joey\Downloads
Loaded Profiles: Joey (Available profiles: Joey)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Spotify Ltd) C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Disc Soft Ltd) D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify Web Helper] => C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google Update] => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-20] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google+ Auto Backup] => C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify] => C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {6fb6e9cb-c419-11e4-8259-ac9e17ec3e93} - "M:\LaunchU3.exe" -a
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {ea776981-cbbe-11e4-825f-ac9e17ec3e93} - "M:\SETUP.EXE" 
Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.)
Hosts: 69.167.144.15 camtasiatudi.techsmith.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Programme\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Programme\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Extension: CinemaPlus 1.0dV17.03 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [2015-03-17]
FF Extension: Zoom It - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{14e5d2fa-092b-ec85-01ab-ba8c709d84c8} [2015-03-17]
FF Extension: WOT - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-12]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-02-12]
FF Extension: ProxTube - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ich@maltegoetz.de.xpi [2015-02-12]
FF Extension: NoScript - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-12]
FF Extension: Mountain Bike 1.0.1 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{8eaa906e-24dc-48aa-a1bf-893f16c0e11d}.xpi [2015-03-17]
FF Extension: Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=78B0F80F411BFC9D&affID=119357&tsp=4979
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426619680&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H", "hxxp://www.istartsurf.com/?type=hppp&ts=1426619747&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (CinemaPlus 1.0dV17.03) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb [2015-03-17]
CHR Extension: (HD for YouTube™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]
CHR Extension: (WOT) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-12]
CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12]
CHR Extension: (Google Calendar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-02-12]
CHR Extension: (Google Sheets) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (AdBlock) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-12]
CHR Extension: (Snap Links Lite) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmmhhijggcmbeejedibpdcahpkneegg [2015-02-12]
CHR Extension: (Adblock for Facebook™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2015-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-12]
CHR Extension: (Google Maps) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-02-12]
CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-02-12]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-02-12]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2015-02-12]
CHR Extension: (Picasa) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-02-12]
CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-18] (Avira Operations GmbH & Co. KG)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-17] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 rusb3xhc; C:\Windows\System32\drivers\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 19:12 - 2015-03-19 19:12 - 00024758 _____ () C:\Users\Joey\Downloads\FRST.txt
2015-03-19 19:12 - 2015-03-19 19:12 - 00000000 ____D () C:\FRST
2015-03-19 19:11 - 2015-03-19 19:11 - 02095616 _____ (Farbar) C:\Users\Joey\Downloads\FRST64.exe
2015-03-19 19:11 - 2015-03-19 19:11 - 00000540 _____ () C:\Users\Joey\Downloads\defogger_disable.log
2015-03-19 19:11 - 2015-03-19 19:11 - 00000148 _____ () C:\Users\Joey\defogger_reenable
2015-03-19 19:09 - 2015-03-19 19:09 - 00050477 _____ () C:\Users\Joey\Downloads\Defogger.exe
2015-03-19 19:03 - 2015-03-19 19:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Joey\Downloads\tdsskiller.exe
2015-03-19 16:39 - 2015-03-16 06:27 - 00000000 ____D () C:\Users\Joey\Downloads\NLAG.612
2015-03-19 16:37 - 2015-03-19 16:38 - 328023164 _____ () C:\Users\Joey\Downloads\NLAG.612.rar
2015-03-18 20:20 - 2015-03-18 20:20 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-18 20:19 - 2015-03-18 20:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-17 21:06 - 2015-03-17 21:06 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Toolkit
2015-03-17 20:33 - 2015-03-17 20:33 - 01054912 _____ (Adobe) C:\Users\Joey\Downloads\install_flashplayer17x32au_mssd_aaa_aih.exe
2015-03-17 20:29 - 2015-03-19 16:35 - 00000000 ____D () C:\AdwCleaner
2015-03-17 20:29 - 2015-03-17 20:29 - 02171392 _____ () C:\Users\Joey\Downloads\adwcleaner_4.112.exe
2015-03-17 20:27 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{88895279-122e-9ae9-8889-9527912249e4}
2015-03-17 20:23 - 2015-03-17 20:23 - 00613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-03-17 20:22 - 2015-03-19 18:54 - 00001340 _____ () C:\Windows\Tasks\OHTY.job
2015-03-17 20:22 - 2015-03-19 18:54 - 00001340 _____ () C:\Windows\Tasks\CVJW.job
2015-03-17 20:22 - 2015-03-19 06:48 - 00000000 ____D () C:\Program Files (x86)\a44392f2-25b4-4f24-ae7b-895b85863b5f
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\OHTY
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\CVJW
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ECCF436F-1426620174-2F51-E082-AC9E17EC3E93
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\ProgramData\11245081753149381587
2015-03-17 20:21 - 2015-03-19 18:51 - 00000000 ____D () C:\Program Files (x86)\CinemaPlus 1.0dV17.03
2015-03-17 20:21 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{fb0ae85f-f0a9-0f48-fb0a-ae85ff0aa17f}
2015-03-17 20:15 - 2015-03-17 20:17 - 00008608 _____ () C:\Windows\SysWOW64\BasementDusterOff.ini
2015-03-17 20:15 - 2015-03-17 20:17 - 00008608 _____ () C:\Windows\system32\BasementDusterOff.ini
2015-03-17 20:15 - 2015-03-16 16:21 - 00295808 _____ (BD Inc.) C:\Windows\SysWOW64\BDL.dll
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-17 20:03 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-17 20:00 - 2015-03-17 20:00 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\DAEMON Tools Lite
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-17 19:59 - 2015-03-17 19:59 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-03-17 19:51 - 2015-03-17 19:51 - 00000000 ____D () C:\Users\Joey\Documents\Medium
2015-03-15 18:47 - 2015-03-15 18:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\QNAP
2015-03-15 18:46 - 2015-03-15 18:46 - 00002942 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2015-03-15 18:46 - 2015-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\TechSmith
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Local\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-12 20:10 - 2015-03-12 20:10 - 257992504 _____ () C:\Users\Joey\Downloads\camtasiade.exe
2015-03-12 06:51 - 2015-03-17 20:21 - 00000000 ____D () C:\Users\Joey\AppData\Local\CrashDumps
2015-03-11 19:22 - 2015-03-11 19:22 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-03-11 19:22 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMB6.DLL
2015-03-11 19:22 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNC_B6L.dll
2015-03-11 19:22 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\Windows\system32\CNC_B6C.dll
2015-03-11 19:22 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_B6I.dll
2015-03-11 19:22 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-03-11 17:15 - 2015-03-03 06:41 - 00000000 ____D () C:\Users\Joey\Downloads\NLAG.610
2015-03-10 21:31 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-10 21:31 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-10 21:31 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 21:31 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 21:30 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:30 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 21:30 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-03-06 00:20 - 2015-03-06 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-26 23:53 - 2015-02-26 23:53 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\MPC-HC
2015-02-20 21:38 - 2015-02-20 21:38 - 00000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-20 15:08 - 2015-03-19 18:18 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job
2015-02-20 15:08 - 2015-03-19 15:18 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job
2015-02-20 15:08 - 2015-02-20 15:13 - 00004070 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA
2015-02-20 15:08 - 2015-02-20 15:13 - 00003690 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core
2015-02-20 15:08 - 2015-02-20 15:08 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-02-19 20:46 - 2015-02-19 20:46 - 00000000 ____D () C:\Users\Joey\Documents\Electronic Arts
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:43 - 2015-02-19 20:44 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-19 19:53 - 2015-03-17 21:24 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\FileZilla
2015-02-19 19:40 - 2015-02-19 19:40 - 00000000 ____D () C:\Users\Joey\AppData\Local\Steam
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieUserList
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieSiteList
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieBrowserModeList
2015-02-17 18:01 - 2015-02-17 18:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-17 18:01 - 2015-02-17 18:01 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-02-17 17:37 - 1999-10-21 11:12 - 00020400 _____ (EnTech Taiwan) C:\Windows\SysWOW64\Drivers\entech.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 19:11 - 2015-02-12 18:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 19:11 - 2015-02-12 17:15 - 00000000 ____D () C:\Users\Joey
2015-03-19 19:06 - 2015-02-12 17:12 - 01901840 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 19:01 - 2014-11-21 04:35 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 19:01 - 2014-11-21 03:45 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-03-19 19:01 - 2014-11-21 03:45 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-03-19 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-19 18:55 - 2015-02-12 17:31 - 00000000 ____D () C:\Users\Joey\AppData\Local\Spotify
2015-03-19 18:55 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Spotify
2015-03-19 18:55 - 2015-02-12 17:19 - 00000000 ___RD () C:\Users\Joey\OneDrive
2015-03-19 18:55 - 2013-08-22 15:46 - 00041058 _____ () C:\Windows\setupact.log
2015-03-19 18:54 - 2015-02-12 17:26 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 18:54 - 2015-02-09 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 18:54 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 18:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-19 18:36 - 2015-02-12 17:26 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 16:39 - 2015-02-12 17:34 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Dropbox
2015-03-19 06:48 - 2015-02-09 10:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-18 20:26 - 2015-02-12 17:21 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2568549407-2221234275-1578291052-1001
2015-03-18 20:11 - 2015-02-14 14:21 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\NVIDIA
2015-03-18 20:01 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc
2015-03-17 21:06 - 2015-02-12 17:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Packages
2015-03-17 20:31 - 2014-11-20 19:24 - 00021292 _____ () C:\Windows\PFRO.log
2015-03-17 20:31 - 2013-08-22 15:44 - 00409896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 20:30 - 2015-02-12 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 20:27 - 2013-08-22 14:25 - 00000269 _____ () C:\Windows\win.ini
2015-03-17 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-17 20:03 - 2014-11-21 04:13 - 00000000 ____D () C:\Windows\ShellNew
2015-03-17 20:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-14 23:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-14 02:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-14 00:48 - 2015-02-12 17:35 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 17:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 06:51 - 2015-02-12 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-10 22:22 - 2015-01-23 13:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 22:19 - 2015-01-23 13:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 18:57 - 2015-02-12 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla
2015-03-04 22:24 - 2014-11-21 12:01 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-11-21 12:01 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 14:17 - 2015-02-12 17:51 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-20 15:08 - 2015-02-12 17:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Google

==================== Files in the root of some directories =======

2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Joey\AppData\Roaming\OHTY
2015-03-17 20:23 - 2015-03-17 20:23 - 0613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-02-20 21:38 - 2015-02-20 21:38 - 0000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-09 10:36 - 2015-02-09 10:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Joey\AppData\Local\Temp\avgnt.exe
C:\Users\Joey\AppData\Local\Temp\avira_antivirus_pro_de.exe
C:\Users\Joey\AppData\Local\Temp\besE84A.exe
C:\Users\Joey\AppData\Local\Temp\bitool.dll
C:\Users\Joey\AppData\Local\Temp\D60A330C-D09A-E5F5-4799-F4322A86F3E4.dll
C:\Users\Joey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn8vx6i.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Joey\AppData\Local\Temp\nvStInst.exe
C:\Users\Joey\AppData\Local\Temp\ose00000.exe
C:\Users\Joey\AppData\Local\Temp\Quarantine.exe
C:\Users\Joey\AppData\Local\Temp\sdan.exe
C:\Users\Joey\AppData\Local\Temp\sdapk.exe
C:\Users\Joey\AppData\Local\Temp\sdaspwn.exe
C:\Users\Joey\AppData\Local\Temp\setup.exe
C:\Users\Joey\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\Joey\AppData\Local\Temp\SpOrder.dll
C:\Users\Joey\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 02:14

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Joey at 2015-03-19 19:12:40
Running from C:\Users\Joey\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Camtasia Studio 8 (HKLM-x32\...\{64CA5C05-4281-434C-A984-3A4FE6411805}) (Version: 8.5.0.1954 - TechSmith Corporation)
CinemaPlus 1.0dV17.03 (HKLM-x32\...\CinemaPlus 1.0dV17.03) (Version: 1.36.01.22 - CinemaPlus 1.0dV17.03) <==== ATTENTION
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0 (HKLM-x32\...\Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0) (Version:  - )
Dropbox (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
GU Player (remove only) (HKLM-x32\...\GU Player) (Version:  - )
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.2.5.0108 - QNAP Systems, Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 Update v1.4.83.1010 inc Outdoor Retreat DLC (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-03-2015 17:13:59 Windows Modules Installer
17-03-2015 20:02:58 Installed Microsoft Office Professional Plus 2013
17-03-2015 20:03:02 PROPLUS

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-12 20:17 - 2015-03-12 20:17 - 00000866 ____A C:\Windows\system32\Drivers\etc\hosts
69.167.144.15 camtasiatudi.techsmith.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {006DBC9F-E6C6-430B-AF69-D583868A35AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {063D42A9-F0B6-4C94-892F-F66530D74635} - System32\Tasks\CVJW => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: {1DCA829D-AEDE-4898-9EAC-2F6A687FFA9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {879C4521-051C-46E1-BEBF-F853CFB0E873} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {89C70B19-4F3A-4047-9A37-2CB497974324} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {96377C93-80B6-45D6-B804-BF545B28BD85} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {AB9CEB98-25F6-4605-9B8E-DAD6B02F9C63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B6E78CE3-DEE8-445E-BAF0-948DCB4D98F4} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {CFCC9FE2-25DC-4DE3-8C2D-1855CBBF8F5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {D027BDD3-63DA-441A-B7A4-6E6C7430AFB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D1EC3D12-BFC9-4693-B83E-FE3C3EB5EA93} - System32\Tasks\OHTY => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION
Task: {D949C1EB-7F0C-4B6D-8EEC-BD9115D44F6A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F2EBA190-0186-42E3-B2A2-B8EFAF1B3FD4} - System32\Tasks\iSCSIAgentAutoStartup => D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2015-01-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CVJW.job => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OHTY.job => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-02-09 11:00 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-12 17:49 - 2013-07-04 03:32 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-03-15 18:46 - 2015-01-27 08:16 - 01739952 _____ () D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
2015-02-12 17:49 - 2015-03-19 18:54 - 00028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-02-12 17:49 - 2012-05-07 17:04 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-02-13 12:15 - 2015-02-13 12:15 - 03219456 _____ () C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-03-02 21:30 - 2015-03-02 21:30 - 00039384 _____ () D:\Programme\FileZilla\fzshellext.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-12 21:37 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-12 21:37 - 2015-03-07 07:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Joey\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joey\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "shopperz64"
HKLM\...\StartupApproved\Run: => "shopperz"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "superpc_soft_partner.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "PriceLessInstaller.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== Accounts: =============================

Administrator (S-1-5-21-2568549407-2221234275-1578291052-500 - Administrator - Disabled)
Gast (S-1-5-21-2568549407-2221234275-1578291052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568549407-2221234275-1578291052-1003 - Limited - Enabled)
Joey (S-1-5-21-2568549407-2221234275-1578291052-1001 - Administrator - Enabled) => C:\Users\Joey

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2015 08:25:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm package_superpc_installer_multilang.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e24

Startzeit: 01d060e7cf8a9677

Endzeit: 4294967295

Anwendungspfad: C:\Users\Joey\AppData\Local\Temp\is-PRB45.tmp\package_superpc_installer_multilang.tmp

Berichts-ID: 4d41023e-ccdb-11e4-825f-ac9e17ec3e93

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/17/2015 08:24:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AnyProtect.exe, Version 1.0.0.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 149c

Startzeit: 01d060e7f611fc3b

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Berichts-ID: 44f974e6-ccdb-11e4-825f-ac9e17ec3e93

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/17/2015 08:23:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm nsv415B.tmp, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 19fc

Startzeit: 01d060e6c4fc815a

Endzeit: 4294967295

Anwendungspfad: C:\Users\Joey\AppData\Local\Temp\nsv415B.tmp

Berichts-ID: 1e790abe-ccdb-11e4-825f-ac9e17ec3e93

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/17/2015 08:22:02 PM) (Source: MsiInstaller) (EventID: 11309) (User: YAOI)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (03/17/2015 08:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 41.0.2272.89, Zeitstempel: 0x54fa819a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x197c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (03/17/2015 08:20:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: qrsvc.exe, Version: 1.10.0.9, Zeitstempel: 0x54d51cc7
Name des fehlerhaften Moduls: qrsvc.exe, Version: 1.10.0.9, Zeitstempel: 0x54d51cc7
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000250ec
ID des fehlerhaften Prozesses: 0x1db0
Startzeit der fehlerhaften Anwendung: 0xqrsvc.exe0
Pfad der fehlerhaften Anwendung: qrsvc.exe1
Pfad des fehlerhaften Moduls: qrsvc.exe2
Berichtskennung: qrsvc.exe3
Vollständiger Name des fehlerhaften Pakets: qrsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: qrsvc.exe5

Error: (03/15/2015 02:36:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (03/14/2015 02:30:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (03/13/2015 06:51:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/12/2015 05:04:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: StartIsBack64.dll, Version: 3.5.0.39, Zeitstempel: 0x52b9f014
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000022eee
ID des fehlerhaften Prozesses: 0xd44
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5


System errors:
=============
Error: (03/19/2015 06:55:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:55:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:55:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:55:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:55:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SuperOptimizer Stats erreicht.

Error: (03/19/2015 06:54:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:53:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 06:36:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 04:36:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/19/2015 02:36:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "YAOI           :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.97
registriert werden. Der Computer mit IP-Adresse 192.168.178.85 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (03/17/2015 08:25:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: package_superpc_installer_multilang.tmp51.52.0.0e2401d060e7cf8a96774294967295C:\Users\Joey\AppData\Local\Temp\is-PRB45.tmp\package_superpc_installer_multilang.tmp4d41023e-ccdb-11e4-825f-ac9e17ec3e93

Error: (03/17/2015 08:24:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AnyProtect.exe1.0.0.4149c01d060e7f611fc3b4294967295C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe44f974e6-ccdb-11e4-825f-ac9e17ec3e93

Error: (03/17/2015 08:23:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsv415B.tmp0.0.0.019fc01d060e6c4fc815a4294967295C:\Users\Joey\AppData\Local\Temp\nsv415B.tmp1e790abe-ccdb-11e4-825f-ac9e17ec3e93

Error: (03/17/2015 08:22:02 PM) (Source: MsiInstaller) (EventID: 11309) (User: YAOI)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/17/2015 08:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.8954fa819antdll.dll6.3.9600.1763054b0d74fc00001420009e0b2197c01d060e7a23997bfC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dlldfe88550-ccda-11e4-825f-ac9e17ec3e93

Error: (03/17/2015 08:20:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: qrsvc.exe1.10.0.954d51cc7qrsvc.exe1.10.0.954d51cc7c0000409000250ec1db001d060e6909000daC:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exeC:\Program Files (x86)\QuickRef_1.10.0.9\Service\qrsvc.exeb2bf6a7f-ccda-11e4-825f-ac9e17ec3e93

Error: (03/15/2015 02:36:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: SystemFalscher Parameter. (0x80070057)

Error: (03/14/2015 02:30:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: SystemFalscher Parameter. (0x80070057)

Error: (03/13/2015 06:51:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/12/2015 05:04:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2StartIsBack64.dll3.5.0.3952b9f014c000041d0000000000022eeed4401d05cde3b68818bC:\Windows\Explorer.EXEC:\Program Files (x86)\StartIsBack\StartIsBack64.dll79bbf64a-c8d1-11e4-825e-ac9e17ec3e93


CodeIntegrity Errors:
===================================
  Date: 2015-03-18 03:04:18.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 19%
Total physical RAM: 16319.17 MB
Available physical RAM: 13080.86 MB
Total Pagefile: 18751.17 MB
Available Pagefile: 14839.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:100.41 GB) (Free:41.59 GB) NTFS
Drive d: (Programme) (Fixed) (Total:931.51 GB) (Free:901.11 GB) NTFS
Drive f: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:3.63 GB) (Free:2.16 GB) FAT32
Drive h: (Games) (Fixed) (Total:930.86 GB) (Free:368.69 GB) NTFS
Drive j: (Serien) (Fixed) (Total:1863.01 GB) (Free:1268.59 GB) NTFS
Drive k: (Animes) (Fixed) (Total:1862.98 GB) (Free:695.94 GB) NTFS
Drive l: (Sicherung) (Fixed) (Total:931.51 GB) (Free:367.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D64245DE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B7EFD763)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B78A4E50)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 3.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002F734)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

gmer.log
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-19 19:27:06
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000027 Samsung_SSD_850_EVO_120GB rev.EMT01B6Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Joey\AppData\Local\Temp\pgldrpod.sys


---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [628:652]                                                                                                                                                                                         fffff9600083a2d0
Thread   C:\Windows\system32\csrss.exe [628:724]                                                                                                                                                                                         fffff9600083a2d0
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2932]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2936]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2940]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2944]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2948]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2952]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2956]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2960]                                                                                                                                                                            0000000003ada690
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2968]                                                                                                                                                                            0000000003af1b60
Thread   D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2064:2984]                                                                                                                                                                            0000000003af1b60
---- Processes - GMER 2.1 ----

Library  C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll (*** suspicious ***) @ C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [5412](2015-02-13 11:15:16)  00000000027b0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                                               1259671043
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{2bf570e8-dfd8-47df-a4af-15d890248277}@LastProbeTime                                                                                                           1426624580
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                                                   0x4B 0x02 0x29 0x0D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                                                                                 1698
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                                                                81
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In                                                                                      v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out                                                                                     v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In                                                                                      v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out                                                                                     v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile@EnableFirewall                                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile@EnableFirewall                                                                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                                                                                                          23
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                                                                                                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                                                0x0C 0xFB 0x24 0xDE ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter                                                                                                                                               62
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                                                                                                                                  1
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime                                                                                                                        0x61 0x67 0xAC 0xD9 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime                                                                                                                   0x61 0x67 0xAC 0xD9 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherBandwidthBucketDrainTime                                                                                                                        0x9A 0xD8 0xCC 0x6E ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime                                                                                                                          0x61 0x67 0xAC 0xD9 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime                                                                                                                         0x61 0x67 0xAC 0xD9 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken                                                                                                                                         LM%3d63562303568113%3bID%3d108FE72B08E15310!104%3bLR%3d63562325497380%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest                                                                                                                          0xC0 0x9F 0xCE 0xEE ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Lite                                                                                                                                                            "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report                                                                                                                                                                   C:\AdwCleaner\AdwCleaner[S2].txt
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations                                                                                                                                           19

---- EOF - GMER 2.1 ----
         

Info: Die Avira Virenscanner Ergebnisse haben leider wegen zu vielen Zeichen nicht mehr in den Beitrag gepasst, weshalb ich diese nun im Anhang poste, hoffe das ist ok...


Mit freundlichen Grüßen
dingsibumzi (Joey)
Angehängte Dateien
Dateityp: txt Ereignisse.txt (72,6 KB, 586x aufgerufen)

Geändert von dingsibumzi (19.03.2015 um 20:06 Uhr)

Alt 19.03.2015, 20:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Standard

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    CinemaPlus 1.0dV17.03


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 19.03.2015, 20:37   #3
dingsibumzi
 
Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Standard

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)



So, vielen Dank erstmal für die schnelle Antwort...

Habe alles gemacht wie beschrieben...


mbam.txt
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.03.2015
Suchlauf-Zeit: 20:20:37
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.19.07
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Joey

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 341886
Verstrichene Zeit: 4 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

adwcleaner.txt
Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 19/03/2015 um 20:29:41
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Joey - YAOI
# Gestarted von : C:\Users\Joey\Downloads\adwcleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
Datei Gelöscht : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 de)


-\\ Google Chrome v41.0.2272.89


*************************

AdwCleaner[R0].txt - [26987 Bytes] - [17/03/2015 20:29:54]
AdwCleaner[R1].txt - [1468 Bytes] - [17/03/2015 20:33:20]
AdwCleaner[R2].txt - [2739 Bytes] - [19/03/2015 16:34:08]
AdwCleaner[R3].txt - [2278 Bytes] - [19/03/2015 20:29:06]
AdwCleaner[S0].txt - [24335 Bytes] - [17/03/2015 20:30:37]
AdwCleaner[S1].txt - [1529 Bytes] - [17/03/2015 20:34:56]
AdwCleaner[S2].txt - [2818 Bytes] - [19/03/2015 16:35:13]
AdwCleaner[S3].txt - [2200 Bytes] - [19/03/2015 20:29:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2259  Bytes] ##########
         

JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 8.1 x64
Ran by Joey on 19.03.2015 at 20:32:46,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Joey\AppData\Roaming\mozilla\firefox\profiles\u35kl8ja.default\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "face");
user_pref("browser.search.searchengine.uid", "SamsungXSSDX850XEVOX120GB_S21UNSAG156319H");
user_pref("extensions.OJ1Bk8W25WiItH4n.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHU9pjwErdgFrjCHrdgEpdY9\")>-1){return;}}catch(e){}try{var d=[[\"triangl



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2015 at 20:34:32,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Mit freundlichen Grüßen
Joey


//Edit: Sry 2 Logs vergessen...

Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Joey at 2015-03-19 20:39:38
Running from C:\Users\Joey\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Camtasia Studio 8 (HKLM-x32\...\{64CA5C05-4281-434C-A984-3A4FE6411805}) (Version: 8.5.0.1954 - TechSmith Corporation)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0 (HKLM-x32\...\Die Sims 4 Digital Deluxe Edition ReRelease MULTi2 1.0) (Version:  - )
Dropbox (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
GU Player (remove only) (HKLM-x32\...\GU Player) (Version:  - )
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.2.5.0108 - QNAP Systems, Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 Update v1.4.83.1010 inc Outdoor Retreat DLC (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2568549407-2221234275-1578291052-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

17-03-2015 20:02:58 Installed Microsoft Office Professional Plus 2013
17-03-2015 20:03:02 PROPLUS
19-03-2015 20:12:27 Revo Uninstaller's restore point - CinemaPlus 1.0dV17.03

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-12 20:17 - 2015-03-12 20:17 - 00000866 ____A C:\Windows\system32\Drivers\etc\hosts
69.167.144.15 camtasiatudi.techsmith.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {006DBC9F-E6C6-430B-AF69-D583868A35AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {063D42A9-F0B6-4C94-892F-F66530D74635} - System32\Tasks\CVJW => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: {1DCA829D-AEDE-4898-9EAC-2F6A687FFA9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {879C4521-051C-46E1-BEBF-F853CFB0E873} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {89C70B19-4F3A-4047-9A37-2CB497974324} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {96377C93-80B6-45D6-B804-BF545B28BD85} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {AB9CEB98-25F6-4605-9B8E-DAD6B02F9C63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B6E78CE3-DEE8-445E-BAF0-948DCB4D98F4} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {CFCC9FE2-25DC-4DE3-8C2D-1855CBBF8F5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {D027BDD3-63DA-441A-B7A4-6E6C7430AFB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Programme\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D1EC3D12-BFC9-4693-B83E-FE3C3EB5EA93} - System32\Tasks\OHTY => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION
Task: {D949C1EB-7F0C-4B6D-8EEC-BD9115D44F6A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F2EBA190-0186-42E3-B2A2-B8EFAF1B3FD4} - System32\Tasks\iSCSIAgentAutoStartup => D:\Programme\QNAP\Qfinder\iSCSIAgent.exe [2015-01-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CVJW.job => C:\Users\Joey\AppData\Roaming\CVJW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OHTY.job => C:\Users\Joey\AppData\Roaming\OHTY.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-02-09 11:00 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-12 17:49 - 2013-07-04 03:32 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-03-15 18:46 - 2015-01-27 08:16 - 01739952 _____ () D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
2015-03-02 15:43 - 2015-03-02 15:43 - 00099288 _____ () D:\Programme\FileZilla\fzshellext_64.dll
2015-02-12 17:49 - 2015-03-19 20:30 - 00028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-02-12 17:49 - 2012-05-07 17:04 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-02-13 12:15 - 2015-02-13 12:15 - 03219456 _____ () C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-03-02 21:30 - 2015-03-02 21:30 - 00039384 _____ () D:\Programme\FileZilla\fzshellext.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-12 21:37 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-12 21:37 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Joey\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joey\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "shopperz64"
HKLM\...\StartupApproved\Run: => "shopperz"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "superpc_soft_partner.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\StartupFolder: => "PriceLessInstaller.lnk"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== Accounts: =============================

Administrator (S-1-5-21-2568549407-2221234275-1578291052-500 - Administrator - Disabled)
Gast (S-1-5-21-2568549407-2221234275-1578291052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2568549407-2221234275-1578291052-1003 - Limited - Enabled)
Joey (S-1-5-21-2568549407-2221234275-1578291052-1001 - Administrator - Enabled) => C:\Users\Joey

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/19/2015 08:39:42 PM) (Source: DCOM) (EventID: 10010) (User: YAOI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/19/2015 08:39:12 PM) (Source: DCOM) (EventID: 10010) (User: YAOI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/19/2015 08:38:42 PM) (Source: DCOM) (EventID: 10010) (User: YAOI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/19/2015 08:38:12 PM) (Source: DCOM) (EventID: 10010) (User: YAOI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 13%
Total physical RAM: 16319.17 MB
Available physical RAM: 14124.89 MB
Total Pagefile: 18751.17 MB
Available Pagefile: 16077.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:100.41 GB) (Free:59.74 GB) NTFS
Drive d: (Programme) (Fixed) (Total:931.51 GB) (Free:901.06 GB) NTFS
Drive f: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive h: (Games) (Fixed) (Total:930.86 GB) (Free:368.69 GB) NTFS
Drive j: (Serien) (Fixed) (Total:1863.01 GB) (Free:1261.54 GB) NTFS
Drive k: (Animes) (Fixed) (Total:1862.98 GB) (Free:693.72 GB) NTFS
Drive l: (Sicherung) (Fixed) (Total:931.51 GB) (Free:367.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D64245DE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B7EFD763)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B78A4E50)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002F734)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Joey (administrator) on YAOI on 19-03-2015 20:39:23
Running from C:\Users\Joey\Downloads
Loaded Profiles: Joey (Available profiles: Joey)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify Web Helper] => C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google Update] => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-20] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google+ Auto Backup] => C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify] => C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {6fb6e9cb-c419-11e4-8259-ac9e17ec3e93} - "M:\LaunchU3.exe" -a
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {ea776981-cbbe-11e4-825f-ac9e17ec3e93} - "M:\SETUP.EXE" 
Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: 69.167.144.15 camtasiatudi.techsmith.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Programme\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Programme\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Extension: Zoom It - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{14e5d2fa-092b-ec85-01ab-ba8c709d84c8} [2015-03-17]
FF Extension: WOT - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-12]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-02-12]
FF Extension: ProxTube - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ich@maltegoetz.de.xpi [2015-02-12]
FF Extension: NoScript - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-12]
FF Extension: Mountain Bike 1.0.1 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{8eaa906e-24dc-48aa-a1bf-893f16c0e11d}.xpi [2015-03-17]
FF Extension: Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]
FF Extension: No Name - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=78B0F80F411BFC9D&affID=119357&tsp=4979
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426619680&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H", "hxxp://www.istartsurf.com/?type=hppp&ts=1426619747&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (No Name) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb [2015-03-17]
CHR Extension: (HD for YouTube™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]
CHR Extension: (WOT) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-12]
CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12]
CHR Extension: (Google Calendar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-02-12]
CHR Extension: (Google Sheets) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (AdBlock) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-12]
CHR Extension: (Snap Links Lite) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmmhhijggcmbeejedibpdcahpkneegg [2015-02-12]
CHR Extension: (Adblock for Facebook™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2015-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-12]
CHR Extension: (Google Maps) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-02-12]
CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-02-12]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-02-12]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2015-02-12]
CHR Extension: (Picasa) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-02-12]
CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-18] (Avira Operations GmbH & Co. KG)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-17] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 rusb3xhc; C:\Windows\System32\drivers\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 20:39 - 2015-03-19 20:39 - 02095616 _____ (Farbar) C:\Users\Joey\Downloads\FRST64.exe
2015-03-19 20:39 - 2015-03-19 20:39 - 00024467 _____ () C:\Users\Joey\Downloads\FRST.txt
2015-03-19 20:34 - 2015-03-19 20:34 - 00001229 _____ () C:\Users\Joey\Desktop\JRT.txt
2015-03-19 20:32 - 2015-03-19 20:32 - 01388672 _____ (Thisisu) C:\Users\Joey\Downloads\JRT.exe
2015-03-19 20:31 - 2015-03-19 20:31 - 00002339 _____ () C:\Users\Joey\Desktop\adwcleaner.txt
2015-03-19 20:25 - 2015-03-19 20:25 - 00001186 _____ () C:\Users\Joey\Desktop\mbam.txt
2015-03-19 20:19 - 2015-03-19 20:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 20:19 - 2015-03-19 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-19 20:19 - 2015-03-19 20:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 20:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-19 20:19 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-19 20:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-19 19:12 - 2015-03-19 20:39 - 00000000 ____D () C:\FRST
2015-03-19 19:11 - 2015-03-19 19:11 - 00000148 _____ () C:\Users\Joey\defogger_reenable
2015-03-18 20:20 - 2015-03-18 20:20 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-18 20:19 - 2015-03-18 20:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-17 21:06 - 2015-03-17 21:06 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Toolkit
2015-03-17 20:29 - 2015-03-19 20:29 - 00000000 ____D () C:\AdwCleaner
2015-03-17 20:27 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{88895279-122e-9ae9-8889-9527912249e4}
2015-03-17 20:23 - 2015-03-17 20:23 - 00613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-03-17 20:22 - 2015-03-19 20:30 - 00001340 _____ () C:\Windows\Tasks\OHTY.job
2015-03-17 20:22 - 2015-03-19 20:30 - 00001340 _____ () C:\Windows\Tasks\CVJW.job
2015-03-17 20:22 - 2015-03-19 06:48 - 00000000 ____D () C:\Program Files (x86)\a44392f2-25b4-4f24-ae7b-895b85863b5f
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\OHTY
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\CVJW
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ECCF436F-1426620174-2F51-E082-AC9E17EC3E93
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\ProgramData\11245081753149381587
2015-03-17 20:21 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{fb0ae85f-f0a9-0f48-fb0a-ae85ff0aa17f}
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-17 20:03 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-17 20:00 - 2015-03-17 20:00 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\DAEMON Tools Lite
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-17 19:59 - 2015-03-17 19:59 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-03-15 18:47 - 2015-03-15 18:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\QNAP
2015-03-15 18:46 - 2015-03-15 18:46 - 00002942 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2015-03-15 18:46 - 2015-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\TechSmith
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Local\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-12 06:51 - 2015-03-17 20:21 - 00000000 ____D () C:\Users\Joey\AppData\Local\CrashDumps
2015-03-11 19:22 - 2015-03-11 19:22 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-03-11 19:22 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMB6.DLL
2015-03-11 19:22 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNC_B6L.dll
2015-03-11 19:22 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\Windows\system32\CNC_B6C.dll
2015-03-11 19:22 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_B6I.dll
2015-03-11 19:22 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-03-10 21:31 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-10 21:31 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-10 21:31 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 21:31 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 21:30 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:30 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 21:30 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-03-06 00:20 - 2015-03-06 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-26 23:53 - 2015-02-26 23:53 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\MPC-HC
2015-02-20 21:38 - 2015-02-20 21:38 - 00000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-20 15:08 - 2015-03-19 20:18 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job
2015-02-20 15:08 - 2015-03-19 15:18 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job
2015-02-20 15:08 - 2015-02-20 15:13 - 00004070 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA
2015-02-20 15:08 - 2015-02-20 15:13 - 00003690 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core
2015-02-20 15:08 - 2015-02-20 15:08 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-02-19 20:46 - 2015-02-19 20:46 - 00000000 ____D () C:\Users\Joey\Documents\Electronic Arts
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:43 - 2015-02-19 20:44 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-19 19:53 - 2015-03-17 21:24 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\FileZilla
2015-02-19 19:40 - 2015-02-19 19:40 - 00000000 ____D () C:\Users\Joey\AppData\Local\Steam
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieUserList
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieSiteList
2015-02-17 18:10 - 2015-02-17 18:10 - 00000000 __SHD () C:\Users\Joey\AppData\Local\EmieBrowserModeList
2015-02-17 18:01 - 2015-02-17 18:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-17 18:01 - 2015-02-17 18:01 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-02-17 17:37 - 1999-10-21 11:12 - 00020400 _____ (EnTech Taiwan) C:\Windows\SysWOW64\Drivers\entech.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 20:38 - 2015-02-12 17:21 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2568549407-2221234275-1578291052-1001
2015-03-19 20:37 - 2014-11-21 04:35 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 20:37 - 2014-11-21 03:45 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-03-19 20:37 - 2014-11-21 03:45 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-03-19 20:36 - 2015-02-12 17:26 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 20:32 - 2015-02-12 17:12 - 01973634 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 20:31 - 2015-02-12 17:19 - 00000000 ___RD () C:\Users\Joey\OneDrive
2015-03-19 20:31 - 2013-08-22 15:46 - 00041406 _____ () C:\Windows\setupact.log
2015-03-19 20:30 - 2015-02-12 17:26 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 20:30 - 2015-02-09 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 20:30 - 2014-11-20 19:24 - 00139172 _____ () C:\Windows\PFRO.log
2015-03-19 20:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System
2015-03-19 20:30 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 20:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-19 20:19 - 2015-02-12 17:31 - 00000000 ____D () C:\Users\Joey\AppData\Local\Spotify
2015-03-19 20:16 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Spotify
2015-03-19 20:11 - 2015-02-12 18:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-19 19:11 - 2015-02-12 17:15 - 00000000 ____D () C:\Users\Joey
2015-03-19 16:39 - 2015-02-12 17:34 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Dropbox
2015-03-19 06:48 - 2015-02-09 10:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-18 20:11 - 2015-02-14 14:21 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\NVIDIA
2015-03-18 20:01 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc
2015-03-17 21:06 - 2015-02-12 17:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Packages
2015-03-17 20:31 - 2013-08-22 15:44 - 00409896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 20:30 - 2015-02-12 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 20:27 - 2013-08-22 14:25 - 00000269 _____ () C:\Windows\win.ini
2015-03-17 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-17 20:03 - 2014-11-21 04:13 - 00000000 ____D () C:\Windows\ShellNew
2015-03-17 20:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-14 23:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-14 02:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-14 00:48 - 2015-02-12 17:35 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 17:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 06:51 - 2015-02-12 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-10 22:22 - 2015-01-23 13:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 22:19 - 2015-01-23 13:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 18:57 - 2015-02-12 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla
2015-03-04 22:24 - 2014-11-21 12:01 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-11-21 12:01 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 14:17 - 2015-02-12 17:51 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-20 15:08 - 2015-02-12 17:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Google

==================== Files in the root of some directories =======

2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Joey\AppData\Roaming\OHTY
2015-03-17 20:23 - 2015-03-17 20:23 - 0613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-02-20 21:38 - 2015-02-20 21:38 - 0000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-09 10:36 - 2015-02-09 10:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Joey\AppData\Local\Temp\avgnt.exe
C:\Users\Joey\AppData\Local\Temp\avira_antivirus_pro_de.exe
C:\Users\Joey\AppData\Local\Temp\besE84A.exe
C:\Users\Joey\AppData\Local\Temp\bitool.dll
C:\Users\Joey\AppData\Local\Temp\D60A330C-D09A-E5F5-4799-F4322A86F3E4.dll
C:\Users\Joey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn8vx6i.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Joey\AppData\Local\Temp\nvStInst.exe
C:\Users\Joey\AppData\Local\Temp\ose00000.exe
C:\Users\Joey\AppData\Local\Temp\Quarantine.exe
C:\Users\Joey\AppData\Local\Temp\sdan.exe
C:\Users\Joey\AppData\Local\Temp\sdapk.exe
C:\Users\Joey\AppData\Local\Temp\sdaspwn.exe
C:\Users\Joey\AppData\Local\Temp\setup.exe
C:\Users\Joey\AppData\Local\Temp\SpOrder.dll
C:\Users\Joey\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 02:14

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 20.03.2015, 06:39   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Standard

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.03.2015, 14:28   #5
dingsibumzi
 
Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Standard

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)



ESET Log
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=decabdc1602ee340a258b8d09c589be6
# engine=23001
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-20 12:54:27
# local_time=2015-03-20 01:54:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 149676 17160386 0 0
# scanned=324993
# found=27
# cleaned=27
# scan_time=1695
sh=56AC31EBC54597C6E194D9B5ADDF6B29458245F9 ft=1 fh=5f3daecbd404e087 vn="Win32/Toolbar.Perion.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\grunt.exe.vir"
sh=66608BCB88F6457E34237167FA6FBC49DD251CED ft=1 fh=d4755eb64e31f0fe vn="Variante von Win32/Toolbar.BitCocktail.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi32.dll.vir"
sh=A2778D4B49DA215BBD11D9D8CF67F97DF9455757 ft=1 fh=ec14f6e921ad2e8b vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi64.dll.vir"
sh=B3B169E220BD591802B05759ADEE1C353E15B112 ft=1 fh=9d6c1fda665ceb54 vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir"
sh=014302BCFCE8E95F675D856ADC42614B6769BD78 ft=1 fh=d796cde0598a222b vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir"
sh=F5E9CFA83893B70D39165F042DBE6BBDC5BC9DF3 ft=1 fh=cef96969f9ed33f7 vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\liara64.dll.vir"
sh=5A10F30C11DCE52228B78385750B0B8BC1ABC042 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir"
sh=DA924F88C5F215759BB80EEDF46C05BBA4DAEFA8 ft=1 fh=a1dd0c72d6b1a031 vn="Variante von Win32/SpeedingUpMyPC Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SuperOptimizer.exe.vir"
sh=108E966199540F13F1B87F41EAE1FFCF109F45D3 ft=1 fh=a71bb00c38b9082e vn="Variante von Win32/OptimizerPro.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptHelper.dll.vir"
sh=315FEC335BF71E0CE2F465E0C38945ABEAE09372 ft=1 fh=cfa5557ee7beb9a5 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe.vir"
sh=8C8E2A338F04848E754C25DC19C1430580D462C6 ft=1 fh=f76e2c97d8443672 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=AEA1F8ECDBFE8E7BD55BCA9B24160C99A58F655B ft=1 fh=00817a312f73db7a vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=987B7AAE8131855FE75145719FF5F076B2299C97 ft=1 fh=712332c590681590 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=454CD903C123F611BCB0570843035C0A79F4982C ft=1 fh=cd56a5d579cc2e31 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=CD37191EE4233E55E613DD2D34DA1620EC9752E6 ft=1 fh=779e3b53bab7b8cc vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=9703A00A9033EA51B40B4772437460089D4503D6 ft=1 fh=da99dbaa01de7d6c vn="Win32/Adware.ConvertAd.AQ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Roaming\ASPackage\ASPackage.exe.vir"
sh=F9E79A4BC82B743DC56BE6916EDC3540154BFADE ft=1 fh=2b7a9d9ab840913b vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\20150317158907[1].exe"
sh=09737D2395AC1B238DF2C801D0EB786EC082D56D ft=1 fh=1c4a9958d65de32e vn="Variante von MSIL/Adware.Imali.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\OfferInstaller[1].exe"
sh=701E5C91D38312D6058AE6FCEAB51D6C54ADF07A ft=1 fh=4ba78ebfe1725d18 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\JM9SA1QX\setup[1].exe"
sh=FA96F438B577DA63C2BF89B05BCD2DADD8AC99BE ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\8B374F555B5E3B43D93C37100CC3E6748FAE7093"
sh=9D42FD36ED3A2C624B8888F133EF6D2286F38F82 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\97B20B4F812BBBB56E5CDDA1A8942C5533AD1D13"
sh=09737D2395AC1B238DF2C801D0EB786EC082D56D ft=1 fh=1c4a9958d65de32e vn="Variante von MSIL/Adware.Imali.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Temp\besE84A.exe"
sh=701E5C91D38312D6058AE6FCEAB51D6C54ADF07A ft=1 fh=4ba78ebfe1725d18 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Temp\nsp5B1C.tmp"
sh=9703A00A9033EA51B40B4772437460089D4503D6 ft=1 fh=da99dbaa01de7d6c vn="Win32/Adware.ConvertAd.AQ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Temp\setup.exe"
sh=097FB925C9B77946F2FE596B6E1411461C1361BB ft=1 fh=ba43d6af3759cc18 vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Local\Temp\nsu57E9.tmp\nsWeb_DispWPag.dll"
sh=90B83EA3A71D176CA8D03DDCEF3C3F270D9639DB ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\staged\veggy@veggyAddon.com\chrome\content\main.js"
         
Bei Security Check kommt leider nur " UNSUPPORTED OPERATING SYSTEM! ABORTED!" beim Starten...

Sollte ich die Funde von "Eset Online Scanner" in Quarantäne verschieben?


FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Joey (administrator) on YAOI on 20-03-2015 14:20:13
Running from C:\Users\Joey\Downloads
Loaded Profiles: Joey &  (Available profiles: Joey)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() D:\Programme\QNAP\Qfinder\iSCSIAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify Web Helper] => C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google Update] => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-20] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Google+ Auto Backup] => C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\Run: [Spotify] => C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {6fb6e9cb-c419-11e4-8259-ac9e17ec3e93} - "M:\LaunchU3.exe" -a
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\...\MountPoints2: {ea776981-cbbe-11e4-825f-ac9e17ec3e93} - "M:\SETUP.EXE" 
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_D9540B1D2E0771D2E8A7B5A41E5C3BFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Joey\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-20] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => C:\Users\Joey\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6fb6e9cb-c419-11e4-8259-ac9e17ec3e93} - "M:\LaunchU3.exe" -a
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ea776981-cbbe-11e4-825f-ac9e17ec3e93} - "M:\SETUP.EXE" 
Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joey\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: 69.167.144.15 camtasiatudi.techsmith.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Programme\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Programme\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2568549407-2221234275-1578291052-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Joey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Extension: Zoom It - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{14e5d2fa-092b-ec85-01ab-ba8c709d84c8} [2015-03-17]
FF Extension: WOT - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-12]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-02-12]
FF Extension: ProxTube - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\ich@maltegoetz.de.xpi [2015-02-12]
FF Extension: NoScript - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-12]
FF Extension: Mountain Bike 1.0.1 - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{8eaa906e-24dc-48aa-a1bf-893f16c0e11d}.xpi [2015-03-17]
FF Extension: Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=78B0F80F411BFC9D&affID=119357&tsp=4979
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426619680&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H", "hxxp://www.istartsurf.com/?type=hppp&ts=1426619747&from=face&uid=SamsungXSSDX850XEVOX120GB_S21UNSAG156319H"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (No Name) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb [2015-03-17]
CHR Extension: (HD for YouTube™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]
CHR Extension: (WOT) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-12]
CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12]
CHR Extension: (Google Calendar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-02-12]
CHR Extension: (Google Sheets) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (AdBlock) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-12]
CHR Extension: (Snap Links Lite) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmmhhijggcmbeejedibpdcahpkneegg [2015-02-12]
CHR Extension: (Adblock for Facebook™) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2015-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-12]
CHR Extension: (Google Maps) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-02-12]
CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-02-12]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-02-12]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2015-02-12]
CHR Extension: (Picasa) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-02-12]
CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; D:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-18] (Avira Operations GmbH & Co. KG)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-17] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 rusb3xhc; C:\Windows\System32\drivers\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 14:20 - 2015-03-20 14:20 - 00027278 _____ () C:\Users\Joey\Downloads\FRST.txt
2015-03-20 14:19 - 2015-03-20 14:19 - 02095616 _____ (Farbar) C:\Users\Joey\Downloads\FRST64.exe
2015-03-20 14:12 - 2015-03-20 14:12 - 00852604 _____ () C:\Users\Joey\Downloads\SecurityCheck.exe
2015-03-20 13:24 - 2015-03-20 13:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-19 20:19 - 2015-03-20 13:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 20:19 - 2015-03-19 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-19 20:19 - 2015-03-19 20:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 20:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-19 20:19 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-19 20:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-19 19:12 - 2015-03-20 14:20 - 00000000 ____D () C:\FRST
2015-03-19 19:11 - 2015-03-19 19:11 - 00000148 _____ () C:\Users\Joey\defogger_reenable
2015-03-18 20:20 - 2015-03-18 20:20 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\ProgramData\Avira
2015-03-18 20:19 - 2015-03-18 20:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-18 20:19 - 2015-03-18 20:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-18 20:19 - 2015-03-18 20:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-17 21:06 - 2015-03-17 21:06 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Toolkit
2015-03-17 20:29 - 2015-03-19 20:29 - 00000000 ____D () C:\AdwCleaner
2015-03-17 20:27 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{88895279-122e-9ae9-8889-9527912249e4}
2015-03-17 20:23 - 2015-03-17 20:23 - 00613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-03-17 20:22 - 2015-03-20 12:04 - 00001340 _____ () C:\Windows\Tasks\OHTY.job
2015-03-17 20:22 - 2015-03-20 09:44 - 00001340 _____ () C:\Windows\Tasks\CVJW.job
2015-03-17 20:22 - 2015-03-19 06:48 - 00000000 ____D () C:\Program Files (x86)\a44392f2-25b4-4f24-ae7b-895b85863b5f
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\OHTY
2015-03-17 20:22 - 2015-03-17 20:22 - 00004336 _____ () C:\Windows\System32\Tasks\CVJW
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\ECCF436F-1426620174-2F51-E082-AC9E17EC3E93
2015-03-17 20:22 - 2015-03-17 20:22 - 00000000 ____D () C:\ProgramData\11245081753149381587
2015-03-17 20:21 - 2015-03-18 20:20 - 00000000 ____D () C:\ProgramData\{fb0ae85f-f0a9-0f48-fb0a-ae85ff0aa17f}
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-17 20:04 - 2015-03-17 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-17 20:03 - 2015-03-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Users\Joey\AppData\Local\Microsoft Help
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-17 20:03 - 2015-03-17 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-17 20:00 - 2015-03-17 20:00 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\DAEMON Tools Lite
2015-03-17 20:00 - 2015-03-17 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-17 19:59 - 2015-03-17 19:59 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-03-15 18:47 - 2015-03-15 18:47 - 00000000 ____D () C:\Users\Joey\AppData\Local\QNAP
2015-03-15 18:46 - 2015-03-15 18:46 - 00002942 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2015-03-15 18:46 - 2015-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\TechSmith
2015-03-12 20:13 - 2015-03-12 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Local\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-12 20:12 - 2015-03-12 20:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-12 06:51 - 2015-03-17 20:21 - 00000000 ____D () C:\Users\Joey\AppData\Local\CrashDumps
2015-03-11 19:22 - 2015-03-11 19:22 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-03-11 19:22 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMB6.DLL
2015-03-11 19:22 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNC_B6L.dll
2015-03-11 19:22 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\Windows\system32\CNC_B6C.dll
2015-03-11 19:22 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_B6I.dll
2015-03-11 19:22 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-03-10 21:31 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-10 21:31 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-10 21:31 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-10 21:31 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-10 21:31 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-10 21:31 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 21:31 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 21:30 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:30 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 21:30 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-03-06 00:20 - 2015-03-06 00:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-26 23:53 - 2015-02-26 23:53 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\MPC-HC
2015-02-20 21:38 - 2015-02-20 21:38 - 00000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-20 15:08 - 2015-03-20 14:18 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA.job
2015-02-20 15:08 - 2015-03-19 15:18 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core.job
2015-02-20 15:08 - 2015-02-20 15:13 - 00004070 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001UA
2015-02-20 15:08 - 2015-02-20 15:13 - 00003690 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2568549407-2221234275-1578291052-1001Core
2015-02-20 15:08 - 2015-02-20 15:08 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-02-19 20:46 - 2015-02-19 20:46 - 00000000 ____D () C:\Users\Joey\Documents\Electronic Arts
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:44 - 2015-02-19 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-19 20:43 - 2015-02-19 20:44 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-19 19:53 - 2015-03-17 21:24 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\FileZilla
2015-02-19 19:40 - 2015-02-19 19:40 - 00000000 ____D () C:\Users\Joey\AppData\Local\Steam

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 14:11 - 2015-02-12 18:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-20 13:36 - 2015-02-12 17:26 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 13:30 - 2015-02-12 17:21 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2568549407-2221234275-1578291052-1001
2015-03-20 06:06 - 2015-02-12 17:12 - 02023039 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 20:37 - 2014-11-21 04:35 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 20:37 - 2014-11-21 03:45 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-03-19 20:37 - 2014-11-21 03:45 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-03-19 20:31 - 2015-02-12 17:19 - 00000000 ____D () C:\Users\Joey\OneDrive
2015-03-19 20:31 - 2013-08-22 15:46 - 00041406 _____ () C:\Windows\setupact.log
2015-03-19 20:30 - 2015-02-12 17:26 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 20:30 - 2015-02-09 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 20:30 - 2014-11-20 19:24 - 00139172 _____ () C:\Windows\PFRO.log
2015-03-19 20:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System
2015-03-19 20:30 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 20:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-19 20:19 - 2015-02-12 17:31 - 00000000 ____D () C:\Users\Joey\AppData\Local\Spotify
2015-03-19 20:16 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Spotify
2015-03-19 19:11 - 2015-02-12 17:15 - 00000000 ____D () C:\Users\Joey
2015-03-19 16:39 - 2015-02-12 17:34 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Dropbox
2015-03-19 06:48 - 2015-02-09 10:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-18 20:11 - 2015-02-14 14:21 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\NVIDIA
2015-03-18 20:01 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\vlc
2015-03-17 21:06 - 2015-02-12 17:16 - 00000000 ____D () C:\Users\Joey\AppData\Local\Packages
2015-03-17 20:31 - 2013-08-22 15:44 - 00409896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 20:30 - 2015-02-12 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 20:27 - 2013-08-22 14:25 - 00000269 _____ () C:\Windows\win.ini
2015-03-17 20:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-17 20:03 - 2014-11-21 04:13 - 00000000 ____D () C:\Windows\ShellNew
2015-03-17 20:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-14 23:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-14 02:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-14 00:48 - 2015-02-12 17:35 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 17:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 06:51 - 2015-02-12 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-10 22:22 - 2015-01-23 13:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 22:19 - 2015-01-23 13:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 18:57 - 2015-02-12 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla
2015-03-04 22:24 - 2014-11-21 12:01 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-11-21 12:01 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 14:17 - 2015-02-12 17:51 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-20 15:08 - 2015-02-12 17:25 - 00000000 ____D () C:\Users\Joey\AppData\Local\Google

==================== Files in the root of some directories =======

2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Joey\AppData\Roaming\CVJW
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Joey\AppData\Roaming\OHTY
2015-03-17 20:23 - 2015-03-17 20:23 - 0613255 _____ (CMI Limited) C:\Users\Joey\AppData\Local\nsy9EAF.tmp
2015-02-20 21:38 - 2015-02-20 21:38 - 0000017 _____ () C:\Users\Joey\AppData\Local\resmon.resmoncfg
2015-02-09 10:36 - 2015-02-09 10:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Joey\AppData\Local\Temp\avgnt.exe
C:\Users\Joey\AppData\Local\Temp\avira_antivirus_pro_de.exe
C:\Users\Joey\AppData\Local\Temp\bitool.dll
C:\Users\Joey\AppData\Local\Temp\D60A330C-D09A-E5F5-4799-F4322A86F3E4.dll
C:\Users\Joey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn8vx6i.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Joey\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Joey\AppData\Local\Temp\nvStInst.exe
C:\Users\Joey\AppData\Local\Temp\ose00000.exe
C:\Users\Joey\AppData\Local\Temp\Quarantine.exe
C:\Users\Joey\AppData\Local\Temp\sdan.exe
C:\Users\Joey\AppData\Local\Temp\sdapk.exe
C:\Users\Joey\AppData\Local\Temp\sdaspwn.exe
C:\Users\Joey\AppData\Local\Temp\SpOrder.dll
C:\Users\Joey\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 02:14

==================== End Of Log ============================
         
--- --- ---


Alt 21.03.2015, 10:50   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Standard

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
c:\Program Files (x86)\Super Optimizer

C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\20150317158907[1].exe

C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\OfferInstaller[1].exe

C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\JM9SA1QX\setup[1].exe

C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\8B374F555B5E3B43D93C37100CC3E6748FAE7093

C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\97B20B4F812BBBB56E5CDDA1A8942C5533AD1D13

C:\Users\Joey\AppData\Local\Temp\besE84A.exe

C:\Users\Joey\AppData\Local\Temp\nsp5B1C.tmp

C:\Users\Joey\AppData\Local\Temp\setup.exe

C:\Users\Joey\AppData\Local\Temp\nsu57E9.tmp\nsWeb_DispWPag.dll

C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\staged\veggy@veggyAddon.com\chrome\content\main.js
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Noch Probleme?
__________________
--> Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)

Alt 21.03.2015, 19:20   #7
dingsibumzi
 
Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Standard

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)



Fixlog.txt
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Joey at 2015-03-21 15:48:49 Run:1
Running from C:\Users\Joey\Downloads
Loaded Profiles: Joey (Available profiles: Joey)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
c:\Program Files (x86)\Super Optimizer

C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\20150317158907[1].exe

C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\OfferInstaller[1].exe

C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\JM9SA1QX\setup[1].exe

C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\8B374F555B5E3B43D93C37100CC3E6748FAE7093

C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\97B20B4F812BBBB56E5CDDA1A8942C5533AD1D13

C:\Users\Joey\AppData\Local\Temp\besE84A.exe

C:\Users\Joey\AppData\Local\Temp\nsp5B1C.tmp

C:\Users\Joey\AppData\Local\Temp\setup.exe

C:\Users\Joey\AppData\Local\Temp\nsu57E9.tmp\nsWeb_DispWPag.dll

C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\staged\veggy@veggyAddon.com\chrome\content\main.js
Emptytemp:
         
*****************

cae99edb => Service deleted successfully.
"c:\Program Files (x86)\Super Optimizer" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\20150317158907[1].exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\3WL8VMWL\OfferInstaller[1].exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Microsoft\Windows\INetCache\IE\JM9SA1QX\setup[1].exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\8B374F555B5E3B43D93C37100CC3E6748FAE7093" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Mozilla\Firefox\Profiles\u35kl8ja.default\cache2\entries\97B20B4F812BBBB56E5CDDA1A8942C5533AD1D13" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Temp\besE84A.exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Temp\nsp5B1C.tmp" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Temp\setup.exe" => File/Directory not found.
"C:\Users\Joey\AppData\Local\Temp\nsu57E9.tmp\nsWeb_DispWPag.dll" => File/Directory not found.
"C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\u35kl8ja.default\extensions\staged\veggy@veggyAddon.com\chrome\content\main.js" => File/Directory not found.
EmptyTemp: => Removed 2.4 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:49:12 ====
         
Also die Werbung scheint weg zu sein und Avira findet keine Viren oder ähnliches mehr... Ich glaube das Problem sollte behoben sein?! :x

Wenn ja auf jeden Fall vielen vielen Dank *.*

Mit freundlichen Grüßen
Joey

(Falls nicht, melde ich mich einfach wieder )

Alt 22.03.2015, 08:07   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Standard

Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)
antivirus, cinemaplus 1.0dv17.03 entfernen, computer, entfernen, fehlercode 0x80070057, fehlercode 0xc0000142, fehlercode 0xc0000409, fehlercode 0xc000041d, fehlercode windows, flash player, gmer.log, homepage, js/kryptik.i, msil/adware.imali.a, programm, super, super optimizer, system error, win32/adware.convertad.aq, win32/adware.speedingupmypc.c, win32/elex.bm, win32/installmonetizer.bc, win32/optimizerpro.a, win32/somoto.g, win32/toolbar.bitcocktail.c, win32/toolbar.perion.k, win32/toolbar.perion.l, win64/toolbar.perion.b



Ähnliche Themen: Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)


  1. Chrome öffnet bei Klick auf Link Werbung & Werbung PopUps im Browser
    Plagegeister aller Art und deren Bekämpfung - 03.11.2015 (1)
  2. Alle Browser öffnen Werbung in neuen Fenstern, und auf aktueller Seite?
    Antiviren-, Firewall- und andere Schutzprogramme - 28.02.2015 (1)
  3. Popups und Werbung im Browser Win 7 64 Bit nach Winzip Installation
    Plagegeister aller Art und deren Bekämpfung - 13.06.2014 (19)
  4. Win 7, PopUps und Werbung im Browser
    Log-Analyse und Auswertung - 17.03.2014 (9)
  5. Windows8, Popups, Werbung im Browser,
    Log-Analyse und Auswertung - 13.03.2014 (21)
  6. Die selbe Werbung auf jeder Seite mehrmals und Virenfunde
    Log-Analyse und Auswertung - 06.02.2014 (8)
  7. Werbung "ads not by this site" auf jeder Internet-Seite
    Log-Analyse und Auswertung - 23.01.2014 (9)
  8. Mozilla firefox: viele Popups (Werbung, updates), related search sites bei jeder neu geöffneten Internetseite
    Log-Analyse und Auswertung - 16.01.2014 (10)
  9. Mozilla Firefox / Pop ups mit werbung auf fast jeder Seite
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (11)
  10. Problem mit Browser; vermehrt Werbung, verlinkte Wörter, plötzliche Popups
    Log-Analyse und Auswertung - 18.11.2013 (13)
  11. Lästige Spam-Banner Werbung auf JEDER Seite!
    Lob, Kritik und Wünsche - 04.09.2013 (0)
  12. Lästige Spam-Banner Werbung auf JEDER Seite!
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (21)
  13. Zufällige Links mit Werbung auf jeder aufgerufenen Seite ( Mac/Safari)
    Alles rund um Mac OSX & Linux - 09.07.2013 (10)
  14. Zufällige Links mit Werbung auf jeder aufgerufenen Seite ( Mac/Safari)
    Mülltonne - 09.07.2013 (8)
  15. clkads.com Werbung bei jeder Seite
    Log-Analyse und Auswertung - 28.08.2012 (6)
  16. Werbe PopUps nach jeder 3-4 Seite
    Log-Analyse und Auswertung - 15.08.2008 (9)
  17. Trojanermeldung und Popups auf jeder Seite
    Plagegeister aller Art und deren Bekämpfung - 11.10.2006 (4)

Zum Thema Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) - Guten Abend, ich habe mir vor 1-2 Tagen das Programm "Daemon Tools" runtergeladen um eine Image Datei in ein Virtuelles Laufwerk zu Mounten und mir somit das Brennen zu ersparen. - Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1)...
Archiv
Du betrachtest: Werbung auf jeder Seite im Browser und dauerhafte Popups (Win 8.1) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.