Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   IE Startseite wechselt auf "mysearch.avg.com" (https://www.trojaner-board.de/162213-ie-startseite-wechselt-mysearch-avg-com.html)

robra 28.12.2014 10:11
IE Startseite wechselt auf "mysearch.avg.com"
 
Liebe Community,

begonnen hat es damit, dass IE sich von alleine geöffnet hat und Seiten angewählt hat. Ich konnte das Fenster nur im Task-Manager sehen und konnte es dort nicht schließen.

IE und Google-Chrome überprüft: Hatten beide als Startseite "myserch.avg"
Konnte bei Google geändert werden, aber IE hat diese Startseite heute noch.

MalwareBytes, SpyBot, AdwCleaner, ESET Online-Scanner, SpyHunter, aswMBR, JRT, AdAware, SUPERAntiSpyware, cwshredder, HitmanPro, Slim Toolbar, Start Emsisoft Emergency Kit, mbar brachten alle keine Lösung.

EmsiSoft scheint weiteren Schaden zu begrenzen, da es das Anwählen fremder Hosts meldet und verhindert.

Aber wie oben beschrieben: IE hat noch immer "mysearch.avg" als Startseite ...

Danke im voraus.
Grüße


Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:46 on 28/12/2014 (monika)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by monika (administrator) on MONIKA-TOSCHIBA on 28-12-2014 08:50:19
Running from C:\Users\monika\Desktop
Loaded Profile: monika (Available profiles: monika)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Windows\System32\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolBarService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Brio) C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Novatel Wireless) C:\Program Files (x86)\Novatel Wireless\Mobilink\Lite.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Mobilink\Phoenix.exe
(Spotify Ltd) C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolbarTray.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-15] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4954576 2014-12-01] (Emsisoft GmbH)
HKLM-x32\...\Run: [ToolbarTray] => C:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolbarTray.exe [488720 2014-12-11] (Anvisoft)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [MobiLink Lite] => C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe [331865 2007-10-04] (Novatel Wireless)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [Spotify Web Helper] => C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-15] (Spotify Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {133afe21-6b8e-11e3-9a25-7c05072cbd2e} - E:\AutoRun.exe
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a3a-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a89-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {c49e9ff6-b821-11e3-a6a5-7c05072cbd2e} - E:\LiteAuto.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File
BootExecute: sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {74A15ED1-F189-4F52-9D51-521790B72443} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {A026434B-D747-433B-A7A9-711B1850B0FB} URL =
Toolbar: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll ()
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0C5A6CC2-E9C4-4C17-9634-BAC88ECE1F91}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{21CF76ED-97EF-4C9E-9F65-EA84725976FD}: [NameServer] 163.121.128.134 212.103.160.18

FireFox:
========
FF ProfilePath: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: https://www.facebook.com/NLP.Kompakt
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-9q1m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-i63m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-2cs8.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-e1wb.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-1jnc.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-enik.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\iobitascsurfingprotection@iobit.com [2014-12-21]
FF Extension: Flashblock - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: DownloadHelper - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-26]
FF Extension: DownThemAll! AntiContainer - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\anticontainer@downthemall.net.xpi [2014-12-26]
FF Extension: Autofill Forms - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\autofillForms@blueimp.net.xpi [2014-12-26]
FF Extension: TinEye Reverse Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\tineye@ideeinc.com.xpi [2014-12-27]
FF Extension: Google  Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2014-12-27]
FF Extension: NoScript - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-27]
FF Extension: gTranslate - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2014-12-26]
FF Extension: Adblock Plus - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-26]
FF Extension: DownThemAll! - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 astsvr; C:\Program Files (x86)\Anvisoft\Slim Toolbar\ToolBarService.exe [119568 2014-12-11] (Anvisoft)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FolderSize; C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio) [File not signed]
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-12-26] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 AdobeFlashPlayerUpdateSvc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [52000 2014-12-05] (AVG Technologies)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] () [File not signed]
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [196608 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-26] (Malwarebytes Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1147536 2012-07-26] (Realtek Semiconductor Corporation                          )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbnmeaext; system32\DRIVERS\ZTEusbnmeaext.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 08:50 - 2014-12-28 08:50 - 00024041 _____ () C:\Users\monika\Desktop\FRST.txt
2014-12-28 08:50 - 2014-12-28 08:50 - 00000000 ____D () C:\FRST
2014-12-28 08:49 - 2014-12-28 08:49 - 02122752 _____ (Farbar) C:\Users\monika\Desktop\FRST64.exe
2014-12-28 08:46 - 2014-12-28 08:46 - 00000000 _____ () C:\Users\monika\defogger_reenable
2014-12-28 08:43 - 2014-12-28 08:44 - 00050477 _____ () C:\Users\monika\Desktop\Defogger.exe
2014-12-28 07:20 - 2014-12-28 08:06 - 00000112 _____ () C:\windows\setupact.log
2014-12-28 07:20 - 2014-12-28 07:20 - 00000590 _____ () C:\windows\PFRO.log
2014-12-28 07:20 - 2014-12-28 07:20 - 00000000 _____ () C:\windows\setuperr.log
2014-12-27 17:28 - 2014-12-27 17:28 - 00000000 ____D () C:\SUPERDelete
2014-12-27 17:20 - 2014-12-28 08:06 - 00000512 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2e8a04bd-d138-41af-8e0b-672cf70e2b20.job
2014-12-27 17:20 - 2014-12-28 08:04 - 00003602 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2e8a04bd-d138-41af-8e0b-672cf70e2b20
2014-12-27 17:20 - 2014-12-27 20:14 - 00000512 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task b832acc4-f345-441a-b758-2ae8d185904f.job
2014-12-27 17:20 - 2014-12-27 17:20 - 00003528 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b832acc4-f345-441a-b758-2ae8d185904f
2014-12-27 17:20 - 2014-12-27 17:20 - 00000000 ____D () C:\Users\monika\AppData\Roaming\SUPERAntiSpyware.com
2014-12-27 17:19 - 2014-12-28 08:07 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-27 17:19 - 2014-12-27 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-27 17:19 - 2014-12-27 17:19 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-27 16:57 - 2014-12-27 16:57 - 00000627 _____ () C:\Users\monika\Documents\aswMBR.txt
2014-12-27 16:37 - 2014-12-27 16:37 - 00000000 ____D () C:\Users\monika\AppData\Local\Anvisoft
2014-12-27 16:37 - 2014-12-27 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-12-27 16:37 - 2014-12-27 16:37 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-12-27 14:34 - 2014-12-27 14:34 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\92500250.sys
2014-12-27 13:18 - 2014-12-27 13:20 - 00000000 ____D () C:\EEK
2014-12-26 09:37 - 2014-12-26 09:37 - 00000000 ____D () C:\Users\monika\AppData\Roaming\LavasoftStatistics
2014-12-26 09:37 - 2014-12-26 09:37 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Lavasoft
2014-12-26 09:37 - 2014-12-26 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-12-26 09:36 - 2014-12-26 09:36 - 00000000 ____D () C:\Program Files\Lavasoft
2014-12-26 09:34 - 2014-12-26 09:34 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-12-26 09:33 - 2014-12-26 09:33 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-26 09:29 - 2014-12-26 09:29 - 00001436 _____ () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 09:13 - 2014-12-26 09:13 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-26 08:49 - 2014-12-26 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-12-26 08:49 - 2014-12-26 08:49 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-26 07:49 - 2014-12-26 07:49 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2014-12-26 07:33 - 2014-12-26 07:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-26 07:33 - 2014-12-26 07:33 - 11222744 _____ (SurfRight B.V.) C:\Users\monika\Downloads\HitmanPro_x64.exe
2014-12-25 22:58 - 2014-12-26 05:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-25 22:45 - 2014-12-25 22:45 - 00000000 ____D () C:\windows\ERUNT
2014-12-25 22:30 - 2014-12-25 22:30 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-12-25 22:30 - 2014-12-25 22:30 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-12-25 22:00 - 2014-12-26 13:31 - 00000000 ____D () C:\AdwCleaner
2014-12-25 20:44 - 2014-12-25 20:48 - 00000700 _____ () C:\windows\Tasks\Open Chrome.job
2014-12-25 20:44 - 2014-12-25 20:44 - 00003020 _____ () C:\windows\System32\Tasks\Open Chrome
2014-12-25 18:52 - 2014-12-25 18:52 - 00000000 ____D () C:\Users\monika\Documents\OneNote-Notizbücher
2014-12-25 10:00 - 2014-12-25 18:54 - 00000748 _____ () C:\EamClean.log
2014-12-23 20:16 - 2014-12-23 20:16 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-23 19:23 - 2014-12-28 08:23 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-12-23 19:23 - 2014-12-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-12-23 06:34 - 2014-12-23 06:34 - 00000000 _____ () C:\autoexec.bat
2014-12-22 06:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-12-22 06:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-22 06:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-12-22 06:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-12-22 06:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-12-22 06:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-12-22 06:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-12-22 03:26 - 2014-12-22 03:26 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-21 21:10 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-21 21:10 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-21 21:10 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-21 07:41 - 2014-12-21 07:41 - 00002888 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_monika
2014-12-21 07:40 - 2014-12-21 07:40 - 00002856 _____ () C:\windows\System32\Tasks\ASC8_SkipUac_monika
2014-12-21 07:40 - 2014-12-21 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-12-21 07:40 - 2014-12-21 07:40 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-20 07:08 - 2014-12-20 07:08 - 00000000 ____D () C:\windows\Tasks\ImCleanDisabled
2014-12-20 06:17 - 2014-12-20 06:17 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-20 06:17 - 2014-12-20 06:17 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-14 06:20 - 2014-12-17 02:43 - 00000000 ____D () C:\Moni Trinergy
2014-12-13 19:09 - 2014-12-13 19:09 - 00000000 ____D () C:\Users\monika\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\Documents\Adobe
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Local\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-12-13 15:48 - 2012-04-29 23:06 - 00000000 ____D () C:\windows\SysWOW64\Adobe Indesign CS6
2014-12-13 07:19 - 2014-12-13 07:19 - 00000000 ___RD () C:\Users\monika\Creative Cloud Files
2014-12-13 07:08 - 2014-12-13 07:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-12 20:38 - 2014-12-12 20:38 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-12 20:24 - 2014-12-12 20:24 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-12 20:24 - 2014-12-12 20:24 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-12 20:22 - 2014-12-12 20:22 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-07 15:38 - 2014-12-07 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-05 06:08 - 2014-12-20 06:26 - 00002856 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (monika)
2014-12-04 12:10 - 2014-12-27 19:23 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 08:46 - 2013-11-18 09:02 - 00000000 ____D () C:\Users\monika
2014-12-28 08:29 - 2014-03-30 16:44 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-28 08:16 - 2013-11-18 13:23 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 08:14 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 08:14 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 08:08 - 2013-11-20 16:18 - 00000000 ___RD () C:\Users\monika\Dropbox
2014-12-28 08:08 - 2013-11-20 16:16 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Dropbox
2014-12-28 08:07 - 2014-06-16 17:38 - 00000000 ____D () C:\Users\monika\AppData\Roaming\ProductData
2014-12-28 08:07 - 2013-11-18 13:23 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-28 08:07 - 2013-11-13 16:17 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-12-28 08:06 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-27 19:48 - 2013-02-20 00:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-27 17:18 - 2013-12-01 22:41 - 00000000 ____D () C:\_Moni Trinergy
2014-12-27 15:25 - 2013-11-13 16:17 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-12-27 11:23 - 2013-11-18 13:10 - 00000000 ____D () C:\Users\monika\Documents\Outlook-Dateien
2014-12-27 09:15 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-26 13:45 - 2013-02-20 07:23 - 00000000 ____D () C:\windows\Panther
2014-12-26 09:20 - 2013-11-18 09:06 - 00089104 _____ () C:\Users\monika\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 09:19 - 2009-07-14 05:45 - 04968048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-26 09:14 - 2013-11-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-26 09:14 - 2013-11-18 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-26 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-26 09:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-26 09:09 - 2009-07-14 03:34 - 00000510 _____ () C:\windows\win.ini
2014-12-26 09:08 - 2010-11-21 08:17 - 00000000 ____D () C:\windows\ShellNew
2014-12-26 06:10 - 2014-01-15 14:55 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-12-26 05:41 - 2014-06-28 10:26 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-26 05:01 - 2014-06-28 10:26 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-25 23:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-25 22:26 - 2013-11-26 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus SmartSuite
2014-12-25 22:26 - 2013-11-18 13:24 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-12-25 21:42 - 2013-11-18 10:04 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-25 21:42 - 2013-11-18 09:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-25 21:14 - 2013-11-29 07:41 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IrfanView
2014-12-25 21:13 - 2013-11-26 10:58 - 00000000 ____D () C:\lotus
2014-12-25 21:02 - 2013-12-31 06:42 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Vodafone
2014-12-25 21:01 - 2013-12-31 06:40 - 00000000 ____D () C:\ProgramData\Vodafone
2014-12-25 20:52 - 2013-12-23 09:02 - 00000000 ____D () C:\windows\SysWOW64\SupportAppXL
2014-12-25 20:52 - 2013-02-20 00:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 20:40 - 2013-02-20 00:04 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-12-25 19:12 - 2013-11-18 09:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Adobe
2014-12-25 06:22 - 2013-11-18 12:05 - 00000000 ____D () C:\Users\monika\AppData\Local\Adobe
2014-12-25 06:10 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-23 06:32 - 2014-01-14 16:06 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IObit
2014-12-22 17:19 - 2014-08-31 09:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-22 06:34 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 06:31 - 2013-12-13 14:04 - 01593564 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-22 06:31 - 2011-02-11 10:56 - 00699342 _____ () C:\windows\system32\perfh007.dat
2014-12-22 06:31 - 2011-02-11 10:56 - 00149450 _____ () C:\windows\system32\perfc007.dat
2014-12-22 06:30 - 2009-07-14 06:13 - 01593564 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-22 03:26 - 2014-04-27 20:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-22 03:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-21 21:41 - 2013-11-23 07:43 - 00000000 ____D () C:\windows\system32\MRT
2014-12-21 20:12 - 2014-06-28 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-21 20:12 - 2014-06-28 10:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 07:40 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\IObit
2014-12-21 07:40 - 2014-01-14 16:07 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-20 06:23 - 2014-01-14 19:16 - 78077952 _____ () C:\windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00262144 _____ () C:\windows\system32\config\DEFAULT.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00065536 _____ () C:\windows\system32\config\SAM.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00024576 _____ () C:\windows\system32\config\SECURITY.iodefrag.bak
2014-12-17 08:33 - 2013-11-20 16:17 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-17 03:49 - 2013-12-18 20:12 - 00000000 ____D () C:\__Moni privat
2014-12-16 11:45 - 2014-03-30 16:44 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-16 11:45 - 2013-02-20 00:04 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 11:45 - 2013-02-20 00:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 11:31 - 2013-11-18 12:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-13 18:31 - 2014-05-06 14:48 - 00000000 ___HD () C:\Users\monika\AppData\Local\ex4tPm2rD
2014-12-12 20:39 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-08 20:40 - 2013-11-21 07:00 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Spotify
2014-12-08 20:29 - 2013-11-21 07:01 - 00000000 ____D () C:\Users\monika\AppData\Local\Spotify
2014-12-05 06:22 - 2013-11-18 09:35 - 00052000 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-12-05 06:19 - 2014-02-09 07:37 - 62242816 _____ () C:\windows\system32\config\COMPONENTS.iodefrag.bak
2014-12-02 09:02 - 2013-11-18 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 09:00 - 2014-11-10 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-29 01:11 - 2014-11-27 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-11-29 01:11 - 2014-11-27 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2014-11-29 00:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF

Some content of TEMP:
====================
C:\Users\monika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5rxp8p.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 10:57

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by monika at 2014-12-28 08:51:05
Running from C:\Users\monika\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Abalone (HKLM-x32\...\Abalone) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Amazon Kindle (HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Amazon Kindle) (Version:  - Amazon)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Folder Size for Windows (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.5 - Brio)
Folder Size for Windows (HKLM-x32\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.5 - Brio)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Foto-Mosaik-Edda Professional V6.8.13221.1 (HKLM-x32\...\{02D27E70-C87B-4375-A870-55F423D42BB5}_is1) (Version:  - Steffen Schirmer)
Foto-Mosaik-Edda Standard V6.8.13221.1 (HKLM-x32\...\{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1) (Version:  - Steffen Schirmer)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MixMeister Fusion + Video 7.3.2 (HKLM-x32\...\mmfvsetup_is1) (Version:  - MixMeister Technology LLC)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RtkClassFilter (HKLM-x32\...\InstallShield_{8220FCF2-A57F-4236-BFCC-C6C2268E851E}) (Version: 1.2.1.4 - REALTEK Semiconductor Corp)
RtkClassFilter (x32 Version: 1.2.1.4 - REALTEK Semiconductor Corp) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Slim Toolbar 1.4 (HKLM-x32\...\Slim Toolbar) (Version: 1.4 - Anvisoft)
Spotify (HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.39 - TOSHIBA Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
web'n'walk Manager (HKLM-x32\...\{28938B7C-B11B-49BD-84E4-44C8416D4C07}) (Version: 2.08.26 - Novatel Wireless Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows-Treiberpaket - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1) (HKLM\...\EA90D42054890B3938D0BEF1E8A316D20C6D6003) (Version: 12/02/2011 2.3.8.1 - Realtek Semiconductor Corp.)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

28-12-2014 08:02:28 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-11-18 12:05 - 00000854 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {046EED9B-E736-4787-B6FF-4284D2BE1138} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {1D8B069F-84F5-4E8D-BDE8-3CD667CF6BE3} - System32\Tasks\Uninstaller_SkipUac_monika => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {3B7E0F1C-0612-41B0-82F1-BD04688DFFEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {4B72462C-5B23-4220-A8EB-67F12E853E24} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {514B3510-AD22-485A-A9DC-60D58408BFC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {5B687F28-C912-47D4-A34C-AEFC5B3F3558} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {69944BA3-892D-4A04-8E61-327A5BF534CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {6FDDC07D-3A76-4AB1-8B50-599AC00D9405} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {7A5AC9DD-3F4E-4426-8D2B-2E2B61014EB8} - System32\Tasks\ASC8_SkipUac_monika => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-12-19] (IObit)
Task: {7B48479E-4035-4F9E-9776-8E9BE9CA1695} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {7F61DDE9-B8B9-4A7E-B826-C062C4A98EEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {91E10702-E3E0-4AB1-ADE2-2CDA9F0B37BA} - System32\Tasks\SUPERAntiSpyware Scheduled Task b832acc4-f345-441a-b758-2ae8d185904f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {964D3A38-409E-4176-896C-AE8941C9C824} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2e8a04bd-d138-41af-8e0b-672cf70e2b20 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9E77F8C8-4AE2-488B-93EA-18E291527749} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {A852A120-0F6F-4304-ADAF-1E600633432E} - System32\Tasks\Driver Booster SkipUAC (monika) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {AB756098-ADE2-49F7-A598-529C91BF92C9} - System32\Tasks\{BC449F3B-FE8D-4428-9803-A4C8BFF92530} => pcalua.exe -a C:\Users\monika\Downloads\iview436g_setup.exe -d C:\Users\monika\Downloads
Task: {ABFDF1B5-65C9-4758-AE9B-F45B8E58D57B} - System32\Tasks\NCH Software\ExpressRipSevenDays => C:\Program Files (x86)\NCH Software\ExpressRip\ExpressRip.exe
Task: {C983CBB4-27F9-495B-8141-86C24761B4B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EDD53A55-D1D1-4510-B2A8-06E0426BF1AE} - System32\Tasks\Open Chrome => Chrome.exe --new-window toolbar.avg.com/ch-uninstall?cid={C69FDC2B-6274-4549-81EC-27A8FE6B5071}&mid=14153488463947d3ba70ad4c41c854dd-7debb9164af7197c19e30b1ef1057a583746874e&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=&v=4.0.5.6&pid=wtu&sg=
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2e8a04bd-d138-41af-8e0b-672cf70e2b20.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task b832acc4-f345-441a-b758-2ae8d185904f.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2014-12-18 15:21 - 2014-12-18 15:21 - 02757456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-11-13 16:33 - 2010-09-09 17:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2013-11-13 16:17 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2012-05-10 07:16 - 2012-05-10 07:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-22 15:19 - 2011-08-22 15:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2012-02-28 19:00 - 2012-02-28 19:00 - 00594368 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-11-25 18:51 - 2011-11-25 18:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-12-21 07:40 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-12-11 03:56 - 2014-12-11 03:56 - 00785168 _____ () C:\Program Files (x86)\Anvisoft\Slim Toolbar\sqlite3.dll
2014-08-31 09:17 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-31 09:17 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-31 09:17 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-31 09:17 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-31 09:17 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2007-10-04 12:32 - 2007-10-04 12:32 - 00053340 _____ () C:\Program Files (x86)\Novatel Wireless\Mobilink\Blaze.ocx
2014-12-21 07:40 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-28 08:07 - 2014-12-28 08:07 - 00043008 _____ () c:\users\monika\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5rxp8p.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-01-14 16:07 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-01-14 16:07 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-01-14 16:07 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2012-01-25 10:57 - 2012-01-25 10:57 - 00172032 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll
2013-11-13 16:17 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\monika\Lokale Einstellungen:5bVKwUVXVbmLrwjM0lmzKpMB
AlternateDataStreams: C:\Users\monika\AppData\Local:5bVKwUVXVbmLrwjM0lmzKpMB
AlternateDataStreams: C:\Users\monika\AppData\Local\Anwendungsdaten:5bVKwUVXVbmLrwjM0lmzKpMB
AlternateDataStreams: C:\Users\monika\AppData\Local\Temp:PtErKuOjXE76MO8AbMjUsm

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\66708156.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\66708156.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2673460537-1904279275-2014630884-500 - Administrator - Disabled)
Gast (S-1-5-21-2673460537-1904279275-2014630884-501 - Limited - Disabled)
monika (S-1-5-21-2673460537-1904279275-2014630884-1000 - Administrator - Enabled) => C:\Users\monika

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2014 08:07:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 08:06:01 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (12/28/2014 07:56:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/28/2014 07:20:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 08:23:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 08:15:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 08:13:32 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (12/27/2014 08:13:32 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (12/27/2014 08:11:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/27/2014 05:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 1.0.1.2252, Zeitstempel: 0x5465ba64
Name des fehlerhaften Moduls: aswMBR.exe, Version: 1.0.1.2252, Zeitstempel: 0x5465ba64
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004e010
ID des fehlerhaften Prozesses: 0xd0c
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3


System errors:
=============
Error: (12/27/2014 07:16:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/27/2014 09:14:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/27/2014 09:14:56 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (12/26/2014 08:59:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/26/2014 08:59:11 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (12/26/2014 08:00:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/26/2014 08:00:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (12/26/2014 08:00:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/26/2014 08:00:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (12/25/2014 11:08:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (12/28/2014 08:07:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 08:06:01 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (12/28/2014 07:56:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/28/2014 07:20:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 08:23:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 08:15:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 08:13:32 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (12/27/2014 08:13:32 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (12/27/2014 08:11:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\monika\Downloads\esetsmartinstaller_enu.exe

Error: (12/27/2014 05:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswMBR.exe1.0.1.22525465ba64aswMBR.exe1.0.1.22525465ba64c00000050004e010d0c01d021efabf18a7dC:\_Moni Trinergy\aswMBR.exeC:\_Moni Trinergy\aswMBR.exe1df586d2-8de3-11e4-a552-7c05072cbd2e


CodeIntegrity Errors:
===================================
  Date: 2014-03-22 15:19:47.096
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:47.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:44.032
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:43.996
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:41.280
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:41.242
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:38.371
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:38.337
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:33.918
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:33.884
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 3979.3 MB
Available physical RAM: 1953.07 MB
Total Pagefile: 7956.78 MB
Available Pagefile: 5572.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI31047800A) (Fixed) (Total:452.42 GB) (Free:174.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20993064)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=17)

==================== End Of Log ============================
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.12.2014
Suchlauf-Zeit: 20:13:22
Logdatei:
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.21.04
Rootkit Datenbank: v2014.12.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: monika

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 337363
Verstrichene Zeit: 20 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],

Dateien: 12
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\a.db, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\b.db, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\b.res, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\c1.res, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\c1_64.res, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\c3.res, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\c4.arc, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\i.arc, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\pw.res, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\tb32.arc, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\tb64.arc, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],
PUP.Optional.SpeedItUP.A, C:\Program Files (x86)\ver2SpeeditUp\temp\u.arc, In Quarantäne, [4e2a283d4636013520b563e81ee5a65a],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

schrauber 28.12.2014 13:09
Hi,

bitte alles an Schutzsoftware deinstallieren, ausser du hast vor das Gerät zu toasten. Ein AV Programm, nicht mehr.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

robra 28.12.2014 14:08
Hi,

danke für Deine rasche Antwort!

Ok, ich habe alle Schutzsoftware bis auf EmsiSoft gelöscht.

Und hier die neuen Logs:

AdwCleaner Logfile:
Code:
# AdwCleaner v4.106 - Bericht erstellt am 28/12/2014 um 13:39:06
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-28.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : monika - MONIKA-TOSCHIBA
# Gestartet von : C:\Users\monika\Desktop\Alter Desktop\Anti-virus\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0 (x86 de)


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [3882 octets] - [25/12/2014 22:00:48]
AdwCleaner[R1].txt - [937 octets] - [25/12/2014 22:13:01]
AdwCleaner[R2].txt - [1055 octets] - [26/12/2014 05:37:06]
AdwCleaner[R3].txt - [1242 octets] - [26/12/2014 13:29:18]
AdwCleaner[R4].txt - [1394 octets] - [28/12/2014 13:36:27]
AdwCleaner[S0].txt - [3943 octets] - [25/12/2014 22:02:19]
AdwCleaner[S1].txt - [997 octets] - [25/12/2014 22:14:34]
AdwCleaner[S2].txt - [1117 octets] - [26/12/2014 05:38:26]
AdwCleaner[S3].txt - [1304 octets] - [26/12/2014 13:31:04]
AdwCleaner[S4].txt - [1315 octets] - [28/12/2014 13:39:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1375 octets] ##########
--- --- ---


Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by monika on 28.12.2014 at 13:43:39,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\prefetch\SLIMTOOLBAR.EXE-2741F1FF.pf
Successfully deleted: [File] C:\windows\prefetch\TOOLBARSERVICE.EXE-3FF267B3.pf
Successfully deleted: [File] C:\windows\prefetch\TOOLBARTRAY.EXE-36BAA3B6.pf



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\monika\AppData\Roaming\mozilla\firefox\profiles\7v8jzm1q.default\prefs.js

user_pref("extensions.dta.anticontainer.mergeids", "4pics.org,abload.de,bayimg.com,beeimg.com,bilder-space.de,bildercache.de,bildr.no,blogger.com,celebimagehost.com,cocoimage.



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.12.2014 at 13:50:37,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by monika (administrator) on MONIKA-TOSCHIBA on 28-12-2014 13:56:16
Running from C:\Users\monika\Desktop
Loaded Profile: monika (Available profiles: monika)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Brio) C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Novatel Wireless) C:\Program Files (x86)\Novatel Wireless\Mobilink\Lite.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Mobilink\Phoenix.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-15] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4954576 2014-12-01] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [MobiLink Lite] => C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe [331865 2007-10-04] (Novatel Wireless)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [Spotify Web Helper] => C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-15] (Spotify Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {133afe21-6b8e-11e3-9a25-7c05072cbd2e} - E:\AutoRun.exe
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a3a-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a89-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {c49e9ff6-b821-11e3-a6a5-7c05072cbd2e} - E:\LiteAuto.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File
BootExecute: sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {74A15ED1-F189-4F52-9D51-521790B72443} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {A026434B-D747-433B-A7A9-711B1850B0FB} URL =
Toolbar: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll ()
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0C5A6CC2-E9C4-4C17-9634-BAC88ECE1F91}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{21CF76ED-97EF-4C9E-9F65-EA84725976FD}: [NameServer] 163.121.128.134 212.103.160.18

FireFox:
========
FF ProfilePath: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: https://www.facebook.com/NLP.Kompakt
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-9q1m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-i63m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-2cs8.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-e1wb.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-1jnc.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-enik.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.xml
FF Extension: Flashblock - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: DownloadHelper - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-26]
FF Extension: DownThemAll! AntiContainer - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\anticontainer@downthemall.net.xpi [2014-12-26]
FF Extension: Autofill Forms - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\autofillForms@blueimp.net.xpi [2014-12-26]
FF Extension: TinEye Reverse Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\tineye@ideeinc.com.xpi [2014-12-27]
FF Extension: Google  Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2014-12-27]
FF Extension: NoScript - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-27]
FF Extension: gTranslate - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2014-12-26]
FF Extension: Adblock Plus - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-26]
FF Extension: DownThemAll! - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FolderSize; C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio) [File not signed]
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 AdobeFlashPlayerUpdateSvc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [52000 2014-12-05] (AVG Technologies)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] () [File not signed]
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [196608 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1147536 2012-07-26] (Realtek Semiconductor Corporation                          )
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbnmeaext; system32\DRIVERS\ZTEusbnmeaext.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 13:50 - 2014-12-28 13:50 - 00001189 _____ () C:\Users\monika\Desktop\JRT.txt
2014-12-28 13:30 - 2014-12-28 13:39 - 00003626 _____ () C:\windows\PFRO.log
2014-12-28 13:30 - 2014-12-28 13:39 - 00000112 _____ () C:\windows\setupact.log
2014-12-28 13:30 - 2014-12-28 13:30 - 00000000 _____ () C:\windows\setuperr.log
2014-12-28 09:13 - 2014-12-28 09:13 - 00239697 _____ () C:\Users\monika\Desktop\Gmer.txt
2014-12-28 08:53 - 2014-12-28 08:53 - 00380416 _____ () C:\Users\monika\Desktop\Gmer-19357.exe
2014-12-28 08:51 - 2014-12-28 08:51 - 00048423 _____ () C:\Users\monika\Desktop\Addition.txt
2014-12-28 08:50 - 2014-12-28 13:56 - 00021760 _____ () C:\Users\monika\Desktop\FRST.txt
2014-12-28 08:50 - 2014-12-28 13:56 - 00000000 ____D () C:\FRST
2014-12-28 08:49 - 2014-12-28 13:55 - 02122752 _____ (Farbar) C:\Users\monika\Desktop\FRST64.exe
2014-12-28 08:46 - 2014-12-28 08:46 - 00000474 _____ () C:\Users\monika\Desktop\defogger_disable.log
2014-12-28 08:46 - 2014-12-28 08:46 - 00000000 _____ () C:\Users\monika\defogger_reenable
2014-12-28 08:43 - 2014-12-28 08:44 - 00050477 _____ () C:\Users\monika\Desktop\Defogger.exe
2014-12-27 17:28 - 2014-12-27 17:28 - 00000000 ____D () C:\SUPERDelete
2014-12-27 17:19 - 2014-12-27 17:19 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-27 16:57 - 2014-12-27 16:57 - 00000627 _____ () C:\Users\monika\Documents\aswMBR.txt
2014-12-27 16:37 - 2014-12-28 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-12-27 16:37 - 2014-12-28 13:22 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-12-27 16:37 - 2014-12-27 16:37 - 00000000 ____D () C:\Users\monika\AppData\Local\Anvisoft
2014-12-27 14:34 - 2014-12-27 14:34 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\92500250.sys
2014-12-27 13:18 - 2014-12-27 13:20 - 00000000 ____D () C:\EEK
2014-12-26 09:37 - 2014-12-26 09:37 - 00000000 ____D () C:\Users\monika\AppData\Roaming\LavasoftStatistics
2014-12-26 09:29 - 2014-12-26 09:29 - 00001436 _____ () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 09:13 - 2014-12-26 09:13 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-26 07:49 - 2014-12-26 07:49 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2014-12-26 07:33 - 2014-12-26 07:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-26 07:33 - 2014-12-26 07:33 - 11222744 _____ (SurfRight B.V.) C:\Users\monika\Downloads\HitmanPro_x64.exe
2014-12-25 22:58 - 2014-12-26 05:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-25 22:45 - 2014-12-25 22:45 - 00000000 ____D () C:\windows\ERUNT
2014-12-25 22:30 - 2014-12-25 22:30 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-12-25 22:30 - 2014-12-25 22:30 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-12-25 22:00 - 2014-12-28 13:39 - 00000000 ____D () C:\AdwCleaner
2014-12-25 20:44 - 2014-12-25 20:48 - 00000700 _____ () C:\windows\Tasks\Open Chrome.job
2014-12-25 20:44 - 2014-12-25 20:44 - 00003020 _____ () C:\windows\System32\Tasks\Open Chrome
2014-12-25 18:52 - 2014-12-25 18:52 - 00000000 ____D () C:\Users\monika\Documents\OneNote-Notizbücher
2014-12-25 10:00 - 2014-12-25 18:54 - 00000748 _____ () C:\EamClean.log
2014-12-23 20:16 - 2014-12-23 20:16 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-23 19:23 - 2014-12-28 13:53 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-12-23 19:23 - 2014-12-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-12-23 06:34 - 2014-12-23 06:34 - 00000000 _____ () C:\autoexec.bat
2014-12-22 06:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-12-22 06:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-22 06:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-12-22 06:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-12-22 06:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-12-22 06:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-12-22 06:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-12-22 03:26 - 2014-12-22 03:26 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-21 21:10 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-21 21:10 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-21 21:10 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-21 07:41 - 2014-12-21 07:41 - 00002888 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_monika
2014-12-21 07:40 - 2014-12-21 07:40 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-20 07:08 - 2014-12-20 07:08 - 00000000 ____D () C:\windows\Tasks\ImCleanDisabled
2014-12-20 06:17 - 2014-12-20 06:17 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-20 06:17 - 2014-12-20 06:17 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-14 06:20 - 2014-12-17 02:43 - 00000000 ____D () C:\Moni Trinergy
2014-12-13 19:09 - 2014-12-13 19:09 - 00000000 ____D () C:\Users\monika\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\Documents\Adobe
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Local\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-12-13 15:48 - 2012-04-29 23:06 - 00000000 ____D () C:\windows\SysWOW64\Adobe Indesign CS6
2014-12-13 07:19 - 2014-12-13 07:19 - 00000000 ___RD () C:\Users\monika\Creative Cloud Files
2014-12-13 07:08 - 2014-12-13 07:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-12 20:38 - 2014-12-12 20:38 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-12 20:24 - 2014-12-12 20:24 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-12 20:24 - 2014-12-12 20:24 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-12 20:22 - 2014-12-12 20:22 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-07 15:38 - 2014-12-07 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-05 06:08 - 2014-12-20 06:26 - 00002856 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (monika)
2014-12-04 12:10 - 2014-12-27 19:23 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 13:47 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 13:47 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 13:40 - 2013-11-20 16:18 - 00000000 ___RD () C:\Users\monika\Dropbox
2014-12-28 13:40 - 2013-11-20 16:16 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Dropbox
2014-12-28 13:40 - 2013-11-18 13:23 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-28 13:40 - 2013-11-13 16:17 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-12-28 13:39 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-28 13:30 - 2014-01-14 16:07 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-28 13:29 - 2014-03-30 16:44 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-28 13:16 - 2013-11-18 13:23 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 13:14 - 2013-11-18 13:10 - 00000000 ____D () C:\Users\monika\Documents\Outlook-Dateien
2014-12-28 08:46 - 2013-11-18 09:02 - 00000000 ____D () C:\Users\monika
2014-12-28 08:07 - 2014-06-16 17:38 - 00000000 ____D () C:\Users\monika\AppData\Roaming\ProductData
2014-12-27 19:48 - 2013-02-20 00:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-27 17:18 - 2013-12-01 22:41 - 00000000 ____D () C:\_Moni Trinergy
2014-12-27 15:25 - 2013-11-13 16:17 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-12-27 09:15 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-26 13:45 - 2013-02-20 07:23 - 00000000 ____D () C:\windows\Panther
2014-12-26 09:20 - 2013-11-18 09:06 - 00089104 _____ () C:\Users\monika\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 09:19 - 2009-07-14 05:45 - 04968048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-26 09:14 - 2013-11-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-26 09:14 - 2013-11-18 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-26 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-26 09:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-26 09:09 - 2009-07-14 03:34 - 00000510 _____ () C:\windows\win.ini
2014-12-26 09:08 - 2010-11-21 08:17 - 00000000 ____D () C:\windows\ShellNew
2014-12-26 06:10 - 2014-01-15 14:55 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-12-25 23:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-25 22:26 - 2013-11-26 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus SmartSuite
2014-12-25 22:26 - 2013-11-18 13:24 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-12-25 21:42 - 2013-11-18 10:04 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-25 21:42 - 2013-11-18 09:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-25 21:14 - 2013-11-29 07:41 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IrfanView
2014-12-25 21:13 - 2013-11-26 10:58 - 00000000 ____D () C:\lotus
2014-12-25 21:02 - 2013-12-31 06:42 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Vodafone
2014-12-25 21:01 - 2013-12-31 06:40 - 00000000 ____D () C:\ProgramData\Vodafone
2014-12-25 20:52 - 2013-12-23 09:02 - 00000000 ____D () C:\windows\SysWOW64\SupportAppXL
2014-12-25 20:52 - 2013-02-20 00:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 20:40 - 2013-02-20 00:04 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-12-25 19:12 - 2013-11-18 09:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Adobe
2014-12-25 06:22 - 2013-11-18 12:05 - 00000000 ____D () C:\Users\monika\AppData\Local\Adobe
2014-12-25 06:10 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-23 06:32 - 2014-01-14 16:06 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IObit
2014-12-22 17:19 - 2014-08-31 09:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-22 06:34 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 06:31 - 2013-12-13 14:04 - 01593564 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-22 06:31 - 2011-02-11 10:56 - 00699342 _____ () C:\windows\system32\perfh007.dat
2014-12-22 06:31 - 2011-02-11 10:56 - 00149450 _____ () C:\windows\system32\perfc007.dat
2014-12-22 06:30 - 2009-07-14 06:13 - 01593564 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-22 03:26 - 2014-04-27 20:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-22 03:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-21 21:41 - 2013-11-23 07:43 - 00000000 ____D () C:\windows\system32\MRT
2014-12-21 07:40 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\IObit
2014-12-20 06:23 - 2014-01-14 19:16 - 78077952 _____ () C:\windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00262144 _____ () C:\windows\system32\config\DEFAULT.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00065536 _____ () C:\windows\system32\config\SAM.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00024576 _____ () C:\windows\system32\config\SECURITY.iodefrag.bak
2014-12-17 08:33 - 2013-11-20 16:17 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-17 03:49 - 2013-12-18 20:12 - 00000000 ____D () C:\__Moni privat
2014-12-16 11:45 - 2014-03-30 16:44 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-16 11:45 - 2013-02-20 00:04 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 11:45 - 2013-02-20 00:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 11:31 - 2013-11-18 12:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-13 18:31 - 2014-05-06 14:48 - 00000000 ___HD () C:\Users\monika\AppData\Local\ex4tPm2rD
2014-12-12 20:39 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-08 20:40 - 2013-11-21 07:00 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Spotify
2014-12-08 20:29 - 2013-11-21 07:01 - 00000000 ____D () C:\Users\monika\AppData\Local\Spotify
2014-12-05 06:22 - 2013-11-18 09:35 - 00052000 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-12-05 06:19 - 2014-02-09 07:37 - 62242816 _____ () C:\windows\system32\config\COMPONENTS.iodefrag.bak
2014-12-02 09:02 - 2013-11-18 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 09:00 - 2014-11-10 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-29 01:11 - 2014-11-27 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-11-29 01:11 - 2014-11-27 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2014-11-29 00:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF

Some content of TEMP:
====================
C:\Users\monika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvvge_m.dll
C:\Users\monika\AppData\Local\Temp\HitmanPro.exe
C:\Users\monika\AppData\Local\Temp\Quarantine.exe
C:\Users\monika\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 10:57

==================== End Of Log ============================
--- --- ---

schrauber 28.12.2014 19:35

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

robra 28.12.2014 21:45
ESET hat etwas gefunden:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=63aad183486ef641baff9520cb0d2bd0
# engine=21734
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-28 08:27:31
# local_time=2014-12-28 09:27:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 47247 171428301 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16642 16777213 100 100 9096 221040739 0 0
# scanned=195328
# found=1
# cleaned=0
# scan_time=5094
sh=B214A53E5AA2B73145692DFD943834267499B786 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\monika\AppData\Local\Mozilla\Firefox\Profiles\7v8jzm1q.default\cache2\entries\85996F560DC0A2D9FE21EAC1BA730F5F3A611043"
Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Emsisoft Anti-Malware 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java(TM) 6 Update 30 
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.235 
 Mozilla Firefox (34.0)
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 Emsisoft Anti-Malware a2service.exe 
 EMSISOFT ANTI-MALWARE a2guard.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by monika (administrator) on MONIKA-TOSCHIBA on 28-12-2014 21:42:40
Running from C:\Users\monika\Desktop
Loaded Profile: monika (Available profiles: monika)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Brio) C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Novatel Wireless) C:\Program Files (x86)\Novatel Wireless\Mobilink\Lite.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Mobilink\Phoenix.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-15] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4954576 2014-12-01] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [MobiLink Lite] => C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe [331865 2007-10-04] (Novatel Wireless)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [Spotify Web Helper] => C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-15] (Spotify Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {133afe21-6b8e-11e3-9a25-7c05072cbd2e} - E:\AutoRun.exe
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a3a-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a89-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {c49e9ff6-b821-11e3-a6a5-7c05072cbd2e} - E:\LiteAuto.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File
BootExecute: sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {74A15ED1-F189-4F52-9D51-521790B72443} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {A026434B-D747-433B-A7A9-711B1850B0FB} URL =
Toolbar: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll ()
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0C5A6CC2-E9C4-4C17-9634-BAC88ECE1F91}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{21CF76ED-97EF-4C9E-9F65-EA84725976FD}: [NameServer] 163.121.128.134 212.103.160.18

FireFox:
========
FF ProfilePath: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: https://www.facebook.com/NLP.Kompakt
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-9q1m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-i63m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-2cs8.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-e1wb.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-1jnc.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-enik.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.xml
FF Extension: Flashblock - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: DownloadHelper - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-26]
FF Extension: DownThemAll! AntiContainer - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\anticontainer@downthemall.net.xpi [2014-12-26]
FF Extension: Autofill Forms - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\autofillForms@blueimp.net.xpi [2014-12-26]
FF Extension: TinEye Reverse Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\tineye@ideeinc.com.xpi [2014-12-27]
FF Extension: Zoom Page - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\zoompage@DW-dev.xpi [2014-12-28]
FF Extension: Google  Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2014-12-27]
FF Extension: gTranslate - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2014-12-26]
FF Extension: Adblock Plus - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-26]
FF Extension: DownThemAll! - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FolderSize; C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio) [File not signed]
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 AdobeFlashPlayerUpdateSvc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [52000 2014-12-05] (AVG Technologies)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] () [File not signed]
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [196608 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1147536 2012-07-26] (Realtek Semiconductor Corporation                          )
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbnmeaext; system32\DRIVERS\ZTEusbnmeaext.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 21:42 - 2014-12-28 21:42 - 00000000 ____D () C:\Users\monika\Desktop\FRST-OlderVersion
2014-12-28 21:37 - 2014-12-28 21:37 - 00852505 _____ () C:\Users\monika\Desktop\SecurityCheck.exe
2014-12-28 19:51 - 2014-12-28 19:52 - 02347384 _____ (ESET) C:\Users\monika\Desktop\esetsmartinstaller_deu.exe
2014-12-28 13:50 - 2014-12-28 13:50 - 00001189 _____ () C:\Users\monika\Desktop\JRT.txt
2014-12-28 13:30 - 2014-12-28 14:37 - 00000168 _____ () C:\windows\setupact.log
2014-12-28 13:30 - 2014-12-28 13:39 - 00003626 _____ () C:\windows\PFRO.log
2014-12-28 13:30 - 2014-12-28 13:30 - 00000000 _____ () C:\windows\setuperr.log
2014-12-28 09:13 - 2014-12-28 09:13 - 00239697 _____ () C:\Users\monika\Desktop\Gmer.txt
2014-12-28 08:53 - 2014-12-28 08:53 - 00380416 _____ () C:\Users\monika\Desktop\Gmer-19357.exe
2014-12-28 08:51 - 2014-12-28 08:51 - 00048423 _____ () C:\Users\monika\Desktop\Addition.txt
2014-12-28 08:50 - 2014-12-28 21:42 - 00021732 _____ () C:\Users\monika\Desktop\FRST.txt
2014-12-28 08:50 - 2014-12-28 21:42 - 00000000 ____D () C:\FRST
2014-12-28 08:49 - 2014-12-28 21:42 - 02123264 _____ (Farbar) C:\Users\monika\Desktop\FRST64.exe
2014-12-28 08:46 - 2014-12-28 08:46 - 00000474 _____ () C:\Users\monika\Desktop\defogger_disable.log
2014-12-28 08:46 - 2014-12-28 08:46 - 00000000 _____ () C:\Users\monika\defogger_reenable
2014-12-28 08:43 - 2014-12-28 08:44 - 00050477 _____ () C:\Users\monika\Desktop\Defogger.exe
2014-12-27 17:28 - 2014-12-27 17:28 - 00000000 ____D () C:\SUPERDelete
2014-12-27 17:19 - 2014-12-27 17:19 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-27 16:57 - 2014-12-27 16:57 - 00000627 _____ () C:\Users\monika\Documents\aswMBR.txt
2014-12-27 16:37 - 2014-12-28 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-12-27 16:37 - 2014-12-28 13:22 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-12-27 16:37 - 2014-12-27 16:37 - 00000000 ____D () C:\Users\monika\AppData\Local\Anvisoft
2014-12-27 14:34 - 2014-12-27 14:34 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\92500250.sys
2014-12-27 13:18 - 2014-12-27 13:20 - 00000000 ____D () C:\EEK
2014-12-26 09:37 - 2014-12-26 09:37 - 00000000 ____D () C:\Users\monika\AppData\Roaming\LavasoftStatistics
2014-12-26 09:29 - 2014-12-26 09:29 - 00001436 _____ () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 09:13 - 2014-12-26 09:13 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-26 07:49 - 2014-12-26 07:49 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2014-12-26 07:33 - 2014-12-26 07:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-26 07:33 - 2014-12-26 07:33 - 11222744 _____ (SurfRight B.V.) C:\Users\monika\Downloads\HitmanPro_x64.exe
2014-12-25 22:58 - 2014-12-26 05:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-25 22:45 - 2014-12-25 22:45 - 00000000 ____D () C:\windows\ERUNT
2014-12-25 22:30 - 2014-12-25 22:30 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-12-25 22:30 - 2014-12-25 22:30 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-12-25 22:00 - 2014-12-28 13:39 - 00000000 ____D () C:\AdwCleaner
2014-12-25 20:44 - 2014-12-25 20:48 - 00000700 _____ () C:\windows\Tasks\Open Chrome.job
2014-12-25 20:44 - 2014-12-25 20:44 - 00003020 _____ () C:\windows\System32\Tasks\Open Chrome
2014-12-25 18:52 - 2014-12-25 18:52 - 00000000 ____D () C:\Users\monika\Documents\OneNote-Notizbücher
2014-12-25 10:00 - 2014-12-25 18:54 - 00000748 _____ () C:\EamClean.log
2014-12-23 20:16 - 2014-12-23 20:16 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-23 19:23 - 2014-12-28 21:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-12-23 19:23 - 2014-12-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-12-23 06:34 - 2014-12-23 06:34 - 00000000 _____ () C:\autoexec.bat
2014-12-22 06:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-12-22 06:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-22 06:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-12-22 06:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-12-22 06:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-12-22 06:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-12-22 06:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-12-22 03:26 - 2014-12-22 03:26 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-21 21:10 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-21 21:10 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-21 21:10 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-21 07:41 - 2014-12-21 07:41 - 00002888 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_monika
2014-12-21 07:40 - 2014-12-21 07:40 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-20 07:08 - 2014-12-20 07:08 - 00000000 ____D () C:\windows\Tasks\ImCleanDisabled
2014-12-20 06:17 - 2014-12-20 06:17 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-20 06:17 - 2014-12-20 06:17 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-14 06:20 - 2014-12-17 02:43 - 00000000 ____D () C:\Moni Trinergy
2014-12-13 19:09 - 2014-12-13 19:09 - 00000000 ____D () C:\Users\monika\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\Documents\Adobe
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Local\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-12-13 15:48 - 2012-04-29 23:06 - 00000000 ____D () C:\windows\SysWOW64\Adobe Indesign CS6
2014-12-13 07:19 - 2014-12-13 07:19 - 00000000 ___RD () C:\Users\monika\Creative Cloud Files
2014-12-13 07:08 - 2014-12-13 07:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-12 20:38 - 2014-12-12 20:38 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-12 20:24 - 2014-12-12 20:24 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-12 20:24 - 2014-12-12 20:24 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-12 20:22 - 2014-12-12 20:22 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-07 15:38 - 2014-12-07 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-05 06:08 - 2014-12-20 06:26 - 00002856 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (monika)
2014-12-04 12:10 - 2014-12-27 19:23 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 21:29 - 2014-03-30 16:44 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-28 21:16 - 2013-11-18 13:23 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 19:50 - 2013-11-18 13:10 - 00000000 ____D () C:\Users\monika\Documents\Outlook-Dateien
2014-12-28 18:27 - 2013-11-21 06:37 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Skype
2014-12-28 15:44 - 2013-11-13 16:17 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-12-28 14:45 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 14:45 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 14:38 - 2013-11-20 16:18 - 00000000 ___RD () C:\Users\monika\Dropbox
2014-12-28 14:38 - 2013-11-20 16:16 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Dropbox
2014-12-28 14:38 - 2013-11-18 13:23 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-28 14:38 - 2013-11-13 16:17 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-12-28 14:38 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-28 13:30 - 2014-01-14 16:07 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-28 08:46 - 2013-11-18 09:02 - 00000000 ____D () C:\Users\monika
2014-12-28 08:07 - 2014-06-16 17:38 - 00000000 ____D () C:\Users\monika\AppData\Roaming\ProductData
2014-12-27 19:48 - 2013-02-20 00:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-27 17:18 - 2013-12-01 22:41 - 00000000 ____D () C:\_Moni Trinergy
2014-12-27 09:15 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-26 13:45 - 2013-02-20 07:23 - 00000000 ____D () C:\windows\Panther
2014-12-26 09:20 - 2013-11-18 09:06 - 00089104 _____ () C:\Users\monika\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 09:19 - 2009-07-14 05:45 - 04968048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-26 09:14 - 2013-11-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-26 09:14 - 2013-11-18 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-26 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-26 09:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-26 09:09 - 2009-07-14 03:34 - 00000510 _____ () C:\windows\win.ini
2014-12-26 09:08 - 2010-11-21 08:17 - 00000000 ____D () C:\windows\ShellNew
2014-12-26 06:10 - 2014-01-15 14:55 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-12-25 23:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-25 22:26 - 2013-11-26 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus SmartSuite
2014-12-25 22:26 - 2013-11-18 13:24 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-12-25 21:42 - 2013-11-18 10:04 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-25 21:42 - 2013-11-18 09:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-25 21:14 - 2013-11-29 07:41 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IrfanView
2014-12-25 21:13 - 2013-11-26 10:58 - 00000000 ____D () C:\lotus
2014-12-25 21:02 - 2013-12-31 06:42 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Vodafone
2014-12-25 21:01 - 2013-12-31 06:40 - 00000000 ____D () C:\ProgramData\Vodafone
2014-12-25 20:52 - 2013-12-23 09:02 - 00000000 ____D () C:\windows\SysWOW64\SupportAppXL
2014-12-25 20:52 - 2013-02-20 00:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 20:40 - 2013-02-20 00:04 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-12-25 19:12 - 2013-11-18 09:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Adobe
2014-12-25 06:22 - 2013-11-18 12:05 - 00000000 ____D () C:\Users\monika\AppData\Local\Adobe
2014-12-25 06:10 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-23 06:32 - 2014-01-14 16:06 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IObit
2014-12-22 17:19 - 2014-08-31 09:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-22 06:34 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 06:31 - 2013-12-13 14:04 - 01593564 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-22 06:31 - 2011-02-11 10:56 - 00699342 _____ () C:\windows\system32\perfh007.dat
2014-12-22 06:31 - 2011-02-11 10:56 - 00149450 _____ () C:\windows\system32\perfc007.dat
2014-12-22 06:30 - 2009-07-14 06:13 - 01593564 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-22 03:26 - 2014-04-27 20:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-22 03:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-21 21:41 - 2013-11-23 07:43 - 00000000 ____D () C:\windows\system32\MRT
2014-12-21 07:40 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\IObit
2014-12-20 06:23 - 2014-01-14 19:16 - 78077952 _____ () C:\windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00262144 _____ () C:\windows\system32\config\DEFAULT.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00065536 _____ () C:\windows\system32\config\SAM.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00024576 _____ () C:\windows\system32\config\SECURITY.iodefrag.bak
2014-12-17 08:33 - 2013-11-20 16:17 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-17 03:49 - 2013-12-18 20:12 - 00000000 ____D () C:\__Moni privat
2014-12-16 11:45 - 2014-03-30 16:44 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-16 11:45 - 2013-02-20 00:04 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 11:45 - 2013-02-20 00:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 11:31 - 2013-11-18 12:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-13 18:31 - 2014-05-06 14:48 - 00000000 ___HD () C:\Users\monika\AppData\Local\ex4tPm2rD
2014-12-12 20:39 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-08 20:40 - 2013-11-21 07:00 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Spotify
2014-12-08 20:29 - 2013-11-21 07:01 - 00000000 ____D () C:\Users\monika\AppData\Local\Spotify
2014-12-05 06:22 - 2013-11-18 09:35 - 00052000 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-12-05 06:19 - 2014-02-09 07:37 - 62242816 _____ () C:\windows\system32\config\COMPONENTS.iodefrag.bak
2014-12-02 09:02 - 2013-11-18 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 09:00 - 2014-11-10 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-29 01:11 - 2014-11-27 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-11-29 01:11 - 2014-11-27 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2014-11-29 00:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF

Some content of TEMP:
====================
C:\Users\monika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpebl35p.dll
C:\Users\monika\AppData\Local\Temp\HitmanPro.exe
C:\Users\monika\AppData\Local\Temp\Quarantine.exe
C:\Users\monika\AppData\Local\Temp\SkypeSetup.exe
C:\Users\monika\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 10:57

==================== End Of Log ============================
--- --- ---

schrauber 29.12.2014 19:20
Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\monika\AppData\Local\Mozilla\Firefox\Profiles\7v8jzm1q.default\cache2\entries\85996F560DC0A2D9FE21EAC1BA730F5F3A611043
Tcpip\..\Interfaces\{21CF76ED-97EF-4C9E-9F65-EA84725976FD}: [NameServer] 163.121.128.134 212.103.160.18
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

robra 29.12.2014 20:28
HI,

Sorry!

Java hab ich upgedated.

Fixlist.txt erstellt und mit FRST Fix Button angewendet.

Dann Defogger und DelFix --> leider auch Fixlog.txt glöscht, bevor ich es hier eingefügt habe :(

Und aus dem IE ist das mysearch.AVG noch immer nicht rauszukriegen!

schrauber 30.12.2014 14:41
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {74A15ED1-F189-4F52-9D51-521790B72443} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {A026434B-D747-433B-A7A9-711B1850B0FB} URL =
Toolbar: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Setze folgendermassen den Internet Explorer zurück:
  • Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
  • Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
  • Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.
(Hier findest du die bebilderte Anleitung.)

robra 30.12.2014 17:07
Hi Schrauber,

ich habe den neuen Fixlist.txt angewendet und IE zurückgesetzt, aber leider noch immer mysearch.avg als Startseite im IE :(

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by monika at 2014-12-30 16:57:33 Run:1
Running from C:\Users\monika\Desktop
Loaded Profile: monika (Available profiles: monika)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {74A15ED1-F189-4F52-9D51-521790B72443} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> {A026434B-D747-433B-A7A9-711B1850B0FB} URL =
Toolbar: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts:
       
*****************

HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74A15ED1-F189-4F52-9D51-521790B72443} => Key not found.
HKCR\CLSID\{74A15ED1-F189-4F52-9D51-521790B72443} => Key not found.
"HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A026434B-D747-433B-A7A9-711B1850B0FB}" => Key deleted successfully.
HKCR\CLSID\{A026434B-D747-433B-A7A9-711B1850B0FB} => Key not found.
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog 16:57:51 ====

schrauber 31.12.2014 14:56
Trotz zurücksetzen??

FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logs.

robra 31.12.2014 18:21
Danke und guten Rutsch!


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by monika (administrator) on MONIKA-TOSCHIBA on 31-12-2014 18:17:38
Running from C:\Users\monika\Desktop
Loaded Profile: monika (Available profiles: monika)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Brio) C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(Novatel Wireless) C:\Program Files (x86)\Novatel Wireless\Mobilink\Lite.exe
(Spotify Ltd) C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Mobilink\Phoenix.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-15] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [MobiLink Lite] => C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe [331865 2007-10-04] (Novatel Wireless)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [Spotify Web Helper] => C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-15] (Spotify Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {133afe21-6b8e-11e3-9a25-7c05072cbd2e} - E:\AutoRun.exe
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a3a-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a89-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {c49e9ff6-b821-11e3-a6a5-7c05072cbd2e} - E:\LiteAuto.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File
BootExecute: sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll ()
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0C5A6CC2-E9C4-4C17-9634-BAC88ECE1F91}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: https://www.facebook.com/NLP.Kompakt
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-9q1m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-i63m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-2cs8.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-e1wb.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-1jnc.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-enik.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.xml
FF Extension: Flashblock - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: WOT - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-30]
FF Extension: DownloadHelper - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-26]
FF Extension: DownThemAll! AntiContainer - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\anticontainer@downthemall.net.xpi [2014-12-26]
FF Extension: Autofill Forms - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\autofillForms@blueimp.net.xpi [2014-12-26]
FF Extension: TinEye Reverse Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\tineye@ideeinc.com.xpi [2014-12-27]
FF Extension: Zoom Page - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\zoompage@DW-dev.xpi [2014-12-28]
FF Extension: Google  Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2014-12-27]
FF Extension: gTranslate - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2014-12-26]
FF Extension: Adblock Plus - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-26]
FF Extension: DownThemAll! - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FolderSize; C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio) [File not signed]
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 AdobeFlashPlayerUpdateSvc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [52000 2014-12-05] (AVG Technologies)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] () [File not signed]
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [196608 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1147536 2012-07-26] (Realtek Semiconductor Corporation                          )
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbnmeaext; system32\DRIVERS\ZTEusbnmeaext.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 18:17 - 2014-12-31 18:18 - 00021461 _____ () C:\Users\monika\Desktop\FRST.txt
2014-12-31 18:15 - 2014-12-31 18:15 - 00000056 _____ () C:\windows\setupact.log
2014-12-31 18:15 - 2014-12-31 18:15 - 00000000 _____ () C:\windows\setuperr.log
2014-12-31 11:34 - 2014-12-31 11:34 - 00001905 _____ () C:\Users\monika\Desktop\IrfanView Thumbnails.lnk
2014-12-31 11:34 - 2014-12-31 11:34 - 00001013 _____ () C:\Users\monika\Desktop\IrfanView.lnk
2014-12-31 11:34 - 2014-12-31 11:34 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-12-31 11:28 - 2014-12-31 11:28 - 01898640 _____ (Irfan Skiljan) C:\Users\monika\Downloads\iview438_setup.exe
2014-12-30 16:57 - 2014-12-31 18:17 - 00000000 ____D () C:\FRST
2014-12-30 16:56 - 2014-12-30 16:56 - 02123264 _____ (Farbar) C:\Users\monika\Desktop\FRST64.exe
2014-12-29 20:15 - 2014-12-29 20:16 - 00001691 _____ () C:\DelFix.txt
2014-12-29 20:04 - 2014-12-29 20:04 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Oracle
2014-12-29 19:59 - 2014-12-29 20:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-29 19:59 - 2014-12-29 19:59 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-29 19:59 - 2014-12-29 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-28 09:13 - 2014-12-28 09:13 - 00239697 _____ () C:\Users\monika\Desktop\Gmer.txt
2014-12-28 08:53 - 2014-12-28 08:53 - 00380416 _____ () C:\Users\monika\Desktop\Gmer-19357.exe
2014-12-27 17:28 - 2014-12-27 17:28 - 00000000 ____D () C:\SUPERDelete
2014-12-27 17:19 - 2014-12-27 17:19 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-27 16:57 - 2014-12-27 16:57 - 00000627 _____ () C:\Users\monika\Documents\aswMBR.txt
2014-12-27 16:37 - 2014-12-28 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-12-27 16:37 - 2014-12-28 13:22 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-12-27 16:37 - 2014-12-27 16:37 - 00000000 ____D () C:\Users\monika\AppData\Local\Anvisoft
2014-12-27 14:34 - 2014-12-27 14:34 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\92500250.sys
2014-12-27 13:18 - 2014-12-27 13:20 - 00000000 ____D () C:\EEK
2014-12-26 09:37 - 2014-12-26 09:37 - 00000000 ____D () C:\Users\monika\AppData\Roaming\LavasoftStatistics
2014-12-26 09:29 - 2014-12-26 09:29 - 00001436 _____ () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 09:13 - 2014-12-26 09:13 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-26 07:49 - 2014-12-26 07:49 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2014-12-26 07:33 - 2014-12-26 07:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-26 07:33 - 2014-12-26 07:33 - 11222744 _____ (SurfRight B.V.) C:\Users\monika\Downloads\HitmanPro_x64.exe
2014-12-25 22:58 - 2014-12-26 05:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-25 22:45 - 2014-12-29 20:15 - 00000000 ____D () C:\windows\ERUNT
2014-12-25 22:30 - 2014-12-25 22:30 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-12-25 22:30 - 2014-12-25 22:30 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-12-25 20:44 - 2014-12-25 20:48 - 00000700 _____ () C:\windows\Tasks\Open Chrome.job
2014-12-25 20:44 - 2014-12-25 20:44 - 00003020 _____ () C:\windows\System32\Tasks\Open Chrome
2014-12-25 18:52 - 2014-12-25 18:52 - 00000000 ____D () C:\Users\monika\Documents\OneNote-Notizbücher
2014-12-25 10:00 - 2014-12-25 18:54 - 00000748 _____ () C:\EamClean.log
2014-12-23 20:16 - 2014-12-23 20:16 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-23 19:23 - 2014-12-31 18:16 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-12-23 19:23 - 2014-12-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-12-23 06:34 - 2014-12-23 06:34 - 00000000 _____ () C:\autoexec.bat
2014-12-22 06:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-12-22 06:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-22 06:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-12-22 06:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-12-22 06:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-12-22 06:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-12-22 06:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-12-22 03:26 - 2014-12-22 03:26 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-21 21:10 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-21 21:10 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-21 21:10 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-21 07:41 - 2014-12-21 07:41 - 00002888 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_monika
2014-12-21 07:40 - 2014-12-21 07:40 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-20 07:08 - 2014-12-20 07:08 - 00000000 ____D () C:\windows\Tasks\ImCleanDisabled
2014-12-20 06:17 - 2014-12-20 06:17 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-20 06:17 - 2014-12-20 06:17 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-14 06:20 - 2014-12-17 02:43 - 00000000 ____D () C:\Moni Trinergy
2014-12-13 19:09 - 2014-12-13 19:09 - 00000000 ____D () C:\Users\monika\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\Documents\Adobe
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Local\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-12-13 15:48 - 2012-04-29 23:06 - 00000000 ____D () C:\windows\SysWOW64\Adobe Indesign CS6
2014-12-13 07:19 - 2014-12-13 07:19 - 00000000 ___RD () C:\Users\monika\Creative Cloud Files
2014-12-13 07:08 - 2014-12-13 07:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-12 20:38 - 2014-12-12 20:38 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-12 20:24 - 2014-12-12 20:24 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-12 20:24 - 2014-12-12 20:24 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-12 20:22 - 2014-12-12 20:22 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-07 15:38 - 2014-12-07 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-05 06:08 - 2014-12-20 06:26 - 00002856 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (monika)
2014-12-04 12:10 - 2014-12-27 19:23 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 18:16 - 2013-11-18 13:23 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 18:15 - 2013-11-20 16:18 - 00000000 ___RD () C:\Users\monika\Dropbox
2014-12-31 18:15 - 2013-11-20 16:16 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Dropbox
2014-12-31 18:15 - 2013-11-18 13:23 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 18:15 - 2013-11-13 16:17 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-12-31 18:15 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-31 14:30 - 2013-11-18 13:10 - 00000000 ____D () C:\Users\monika\Documents\Outlook-Dateien
2014-12-31 14:29 - 2014-03-30 16:44 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 11:34 - 2013-11-29 07:41 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IrfanView
2014-12-31 11:34 - 2013-11-18 13:24 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-12-31 10:03 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 10:03 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 15:25 - 2013-11-13 16:17 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-12-30 10:38 - 2013-12-18 20:12 - 00000000 ____D () C:\__Moni privat
2014-12-29 20:13 - 2013-11-18 09:02 - 00000000 ____D () C:\Users\monika
2014-12-29 20:00 - 2014-11-10 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-29 20:00 - 2013-02-19 23:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-29 19:59 - 2013-02-19 23:48 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-12-29 19:59 - 2013-02-19 23:48 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-12-29 19:59 - 2013-02-19 23:48 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-12-29 19:57 - 2013-12-01 22:41 - 00000000 ____D () C:\_Moni Trinergy
2014-12-28 18:27 - 2013-11-21 06:37 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Skype
2014-12-28 13:30 - 2014-01-14 16:07 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-28 08:07 - 2014-06-16 17:38 - 00000000 ____D () C:\Users\monika\AppData\Roaming\ProductData
2014-12-27 19:48 - 2013-02-20 00:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-27 09:15 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-26 13:45 - 2013-02-20 07:23 - 00000000 ____D () C:\windows\Panther
2014-12-26 09:20 - 2013-11-18 09:06 - 00089104 _____ () C:\Users\monika\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 09:19 - 2009-07-14 05:45 - 04968048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-26 09:14 - 2013-11-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-26 09:14 - 2013-11-18 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-26 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-26 09:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-26 09:09 - 2009-07-14 03:34 - 00000510 _____ () C:\windows\win.ini
2014-12-26 09:08 - 2010-11-21 08:17 - 00000000 ____D () C:\windows\ShellNew
2014-12-26 06:10 - 2014-01-15 14:55 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-12-25 23:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-25 22:26 - 2013-11-26 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus SmartSuite
2014-12-25 21:42 - 2013-11-18 10:04 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-25 21:42 - 2013-11-18 09:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-25 21:13 - 2013-11-26 10:58 - 00000000 ____D () C:\lotus
2014-12-25 21:02 - 2013-12-31 06:42 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Vodafone
2014-12-25 21:01 - 2013-12-31 06:40 - 00000000 ____D () C:\ProgramData\Vodafone
2014-12-25 20:52 - 2013-12-23 09:02 - 00000000 ____D () C:\windows\SysWOW64\SupportAppXL
2014-12-25 20:52 - 2013-02-20 00:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 20:40 - 2013-02-20 00:04 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-12-25 19:12 - 2013-11-18 09:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Adobe
2014-12-25 06:22 - 2013-11-18 12:05 - 00000000 ____D () C:\Users\monika\AppData\Local\Adobe
2014-12-25 06:10 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-23 06:32 - 2014-01-14 16:06 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IObit
2014-12-22 17:19 - 2014-08-31 09:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-22 06:34 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 06:31 - 2013-12-13 14:04 - 01593564 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-22 06:31 - 2011-02-11 10:56 - 00699342 _____ () C:\windows\system32\perfh007.dat
2014-12-22 06:31 - 2011-02-11 10:56 - 00149450 _____ () C:\windows\system32\perfc007.dat
2014-12-22 06:30 - 2009-07-14 06:13 - 01593564 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-22 03:26 - 2014-04-27 20:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-22 03:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-21 21:41 - 2013-11-23 07:43 - 00000000 ____D () C:\windows\system32\MRT
2014-12-21 07:40 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\IObit
2014-12-20 06:23 - 2014-01-14 19:16 - 78077952 _____ () C:\windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00262144 _____ () C:\windows\system32\config\DEFAULT.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00065536 _____ () C:\windows\system32\config\SAM.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00024576 _____ () C:\windows\system32\config\SECURITY.iodefrag.bak
2014-12-17 08:33 - 2013-11-20 16:17 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 11:45 - 2014-03-30 16:44 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-16 11:45 - 2013-02-20 00:04 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 11:45 - 2013-02-20 00:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 11:31 - 2013-11-18 12:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-13 18:31 - 2014-05-06 14:48 - 00000000 ___HD () C:\Users\monika\AppData\Local\ex4tPm2rD
2014-12-12 20:39 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-08 20:40 - 2013-11-21 07:00 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Spotify
2014-12-08 20:29 - 2013-11-21 07:01 - 00000000 ____D () C:\Users\monika\AppData\Local\Spotify
2014-12-05 06:22 - 2013-11-18 09:35 - 00052000 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-12-05 06:19 - 2014-02-09 07:37 - 62242816 _____ () C:\windows\system32\config\COMPONENTS.iodefrag.bak
2014-12-02 09:02 - 2013-11-18 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\monika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxpr1i.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 10:57

==================== End Of Log ============================
--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by monika at 2014-12-31 18:18:41
Running from C:\Users\monika\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Abalone (HKLM-x32\...\Abalone) (Version:  - )
Amazon Kindle (HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Amazon Kindle) (Version:  - Amazon)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Folder Size for Windows (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.5 - Brio)
Folder Size for Windows (HKLM-x32\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.5 - Brio)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Foto-Mosaik-Edda Professional V6.8.13221.1 (HKLM-x32\...\{02D27E70-C87B-4375-A870-55F423D42BB5}_is1) (Version:  - Steffen Schirmer)
Foto-Mosaik-Edda Standard V6.8.13221.1 (HKLM-x32\...\{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1) (Version:  - Steffen Schirmer)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MixMeister Fusion + Video 7.3.2 (HKLM-x32\...\mmfvsetup_is1) (Version:  - MixMeister Technology LLC)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RtkClassFilter (HKLM-x32\...\InstallShield_{8220FCF2-A57F-4236-BFCC-C6C2268E851E}) (Version: 1.2.1.4 - REALTEK Semiconductor Corp)
RtkClassFilter (x32 Version: 1.2.1.4 - REALTEK Semiconductor Corp) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.39 - TOSHIBA Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
web'n'walk Manager (HKLM-x32\...\{28938B7C-B11B-49BD-84E4-44C8416D4C07}) (Version: 2.08.26 - Novatel Wireless Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows-Treiberpaket - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1) (HKLM\...\EA90D42054890B3938D0BEF1E8A316D20C6D6003) (Version: 12/02/2011 2.3.8.1 - Realtek Semiconductor Corp.)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-12-2014 20:15:50 Ende der Bereinigung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-30 16:57 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {046EED9B-E736-4787-B6FF-4284D2BE1138} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {1D8B069F-84F5-4E8D-BDE8-3CD667CF6BE3} - System32\Tasks\Uninstaller_SkipUac_monika => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {3B7E0F1C-0612-41B0-82F1-BD04688DFFEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {4B72462C-5B23-4220-A8EB-67F12E853E24} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {514B3510-AD22-485A-A9DC-60D58408BFC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {5B687F28-C912-47D4-A34C-AEFC5B3F3558} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {69944BA3-892D-4A04-8E61-327A5BF534CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {6FDDC07D-3A76-4AB1-8B50-599AC00D9405} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {7B48479E-4035-4F9E-9776-8E9BE9CA1695} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {7F61DDE9-B8B9-4A7E-B826-C062C4A98EEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {9E77F8C8-4AE2-488B-93EA-18E291527749} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {A852A120-0F6F-4304-ADAF-1E600633432E} - System32\Tasks\Driver Booster SkipUAC (monika) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {AB756098-ADE2-49F7-A598-529C91BF92C9} - System32\Tasks\{BC449F3B-FE8D-4428-9803-A4C8BFF92530} => pcalua.exe -a C:\Users\monika\Downloads\iview436g_setup.exe -d C:\Users\monika\Downloads
Task: {ABFDF1B5-65C9-4758-AE9B-F45B8E58D57B} - System32\Tasks\NCH Software\ExpressRipSevenDays => C:\Program Files (x86)\NCH Software\ExpressRip\ExpressRip.exe
Task: {C983CBB4-27F9-495B-8141-86C24761B4B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EDD53A55-D1D1-4510-B2A8-06E0426BF1AE} - System32\Tasks\Open Chrome => Chrome.exe --new-window toolbar.avg.com/ch-uninstall?cid={C69FDC2B-6274-4549-81EC-27A8FE6B5071}&mid=14153488463947d3ba70ad4c41c854dd-7debb9164af7197c19e30b1ef1057a583746874e&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=&v=4.0.5.6&pid=wtu&sg=
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) =============

2013-11-13 16:33 - 2010-09-09 17:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2013-11-13 16:17 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-05-10 07:16 - 2012-05-10 07:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-22 15:19 - 2011-08-22 15:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2012-02-28 19:00 - 2012-02-28 19:00 - 00594368 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-11-25 18:51 - 2011-11-25 18:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-08-31 09:17 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-31 09:17 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-31 09:17 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-31 09:17 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-31 09:17 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2007-10-04 12:32 - 2007-10-04 12:32 - 00053340 _____ () C:\Program Files (x86)\Novatel Wireless\Mobilink\Blaze.ocx
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-31 18:15 - 2014-12-31 18:15 - 00043008 _____ () c:\users\monika\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxpr1i.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-01-25 10:57 - 2012-01-25 10:57 - 00172032 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll
2013-11-13 16:17 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\monika\Lokale Einstellungen:5bVKwUVXVbmLrwjM0lmzKpMB
AlternateDataStreams: C:\Users\monika\AppData\Local:5bVKwUVXVbmLrwjM0lmzKpMB
AlternateDataStreams: C:\Users\monika\AppData\Local\Anwendungsdaten:5bVKwUVXVbmLrwjM0lmzKpMB
AlternateDataStreams: C:\Users\monika\AppData\Local\Temp:PtErKuOjXE76MO8AbMjUsm

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\66708156.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\66708156.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2673460537-1904279275-2014630884-500 - Administrator - Disabled)
Gast (S-1-5-21-2673460537-1904279275-2014630884-501 - Limited - Disabled)
monika (S-1-5-21-2673460537-1904279275-2014630884-1000 - Administrator - Enabled) => C:\Users\monika

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 06:15:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 09:56:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 05:18:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 05:02:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 10:16:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:18:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:12:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 07:54:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 09:36:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/30/2014 04:57:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (12/28/2014 02:36:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (12/31/2014 06:15:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 09:56:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 05:18:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 05:02:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 10:16:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:18:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:12:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 07:54:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 09:36:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-03-22 15:19:47.096
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:47.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:44.032
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:43.996
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:41.280
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:41.242
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:38.371
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:38.337
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:33.918
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:33.884
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 3979.3 MB
Available physical RAM: 2185.51 MB
Total Pagefile: 7956.78 MB
Available Pagefile: 5934.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI31047800A) (Fixed) (Total:452.42 GB) (Free:173.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20993064)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=17)

==================== End Of Log ============================
--- --- ---

schrauber 31.12.2014 19:24
Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :regfind
    mysearch
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

robra 31.12.2014 20:36
Hier ist es:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:27 on 31/12/2014 by monika
Administrator - Elevation successful

========== regfind ==========

Searching for "mysearch"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearch-results.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchnow.com]
[HKEY_USERS\.DEFAULT\Software\AVG Web TuneUp]
"CurrentHomepage"="https://mysearch.avg.com?cid={C69FDC2B-6274-4549-81EC-27A8FE6B5071}&mid=14153488463947d3ba70ad4c41c854dd-7debb9164af7197c19e30b1ef1057a583746874e&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-07 20:57:53&v=4.0.5.6&pid=wtu&sg=&sap=hp"
[HKEY_USERS\.DEFAULT\Software\AVG Web TuneUp]
"CurrentSearchProvider"="https://mysearch.avg.com/search?cid={C69FDC2B-6274-4549-81EC-27A8FE6B5071}&mid=14153488463947d3ba70ad4c41c854dd-7debb9164af7197c19e30b1ef1057a583746874e&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-07 20:57:53&v=4.0.5.6&pid=wtu&sg=&sap=dsp&q={searchTerms}"
[HKEY_USERS\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearch-results.com]
[HKEY_USERS\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchnow.com]
[HKEY_USERS\S-1-5-18\Software\AVG Web TuneUp]
"CurrentHomepage"="https://mysearch.avg.com?cid={C69FDC2B-6274-4549-81EC-27A8FE6B5071}&mid=14153488463947d3ba70ad4c41c854dd-7debb9164af7197c19e30b1ef1057a583746874e&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-07 20:57:53&v=4.0.5.6&pid=wtu&sg=&sap=hp"
[HKEY_USERS\S-1-5-18\Software\AVG Web TuneUp]
"CurrentSearchProvider"="https://mysearch.avg.com/search?cid={C69FDC2B-6274-4549-81EC-27A8FE6B5071}&mid=14153488463947d3ba70ad4c41c854dd-7debb9164af7197c19e30b1ef1057a583746874e&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-07 20:57:53&v=4.0.5.6&pid=wtu&sg=&sap=dsp&q={searchTerms}"

Searching for "        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#13012902006681&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#13022851002088&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ8&REV_0100#0000000000000000005F1900130674&0#]
"DeviceDesc"="DMC-TZ8        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ8&REV_0100#6&F4085E9&0&0000000000000000005F1900130674&0#]
"DeviceDesc"="DMC-TZ8        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB&PROD_DISK&REV_PMAP#9BBB1D00DF200EA5&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#13012902006681&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#13022851002088&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ8&REV_0100#0000000000000000005F1900130674&0#]
"DeviceDesc"="DMC-TZ8        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ8&REV_0100#6&F4085E9&0&0000000000000000005F1900130674&0#]
"DeviceDesc"="DMC-TZ8        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB&PROD_DISK&REV_PMAP#9BBB1D00DF200EA5&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#13012902006681&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#13022851002088&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ8&REV_0100#0000000000000000005F1900130674&0#]
"DeviceDesc"="DMC-TZ8        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ8&REV_0100#6&F4085E9&0&0000000000000000005F1900130674&0#]
"DeviceDesc"="DMC-TZ8        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB&PROD_DISK&REV_PMAP#9BBB1D00DF200EA5&0#]
"DeviceDesc"="DISK            "

-= EOF =-

schrauber 31.12.2014 22:25
Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)

Code:
Windows Registry Editor Version 5.00

[-HKEY_USERS\.DEFAULT\Software\AVG Web TuneUp]
[-HKEY_USERS\S-1-5-18\Software\AVG Web TuneUp]
Starte die regfix.reg duch Doppelklick.

robra 31.12.2014 23:35
Hi Schrauber,
leider noch immer mysearch.avg nach regfix.reg und zurücksetzen des IE.
In meiner Verzweiflung hier nochmal SystemLook (mit mysearch) und FRST+Addition ...

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 23:28 on 31/12/2014 by monika
Administrator - Elevation successful

========== regfind ==========

Searching for "mysearch"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearch-results.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchnow.com]
[HKEY_USERS\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com]
[HKEY_USERS\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearch-results.com]
[HKEY_USERS\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchnow.com]

-= EOF =-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by monika (administrator) on MONIKA-TOSCHIBA on 31-12-2014 23:31:55
Running from C:\Users\monika\Desktop
Loaded Profile: monika (Available profiles: monika)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Brio) C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Novatel Wireless) C:\Program Files (x86)\Novatel Wireless\Mobilink\Lite.exe
(Spotify Ltd) C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Mobilink\Phoenix.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-15] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [MobiLink Lite] => C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe [331865 2007-10-04] (Novatel Wireless)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Run: [Spotify Web Helper] => C:\Users\monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-15] (Spotify Ltd)
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {133afe21-6b8e-11e3-9a25-7c05072cbd2e} - E:\AutoRun.exe
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a3a-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {59bd3a89-71dc-11e3-873e-7c05072cbd2e} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\MountPoints2: {c49e9ff6-b821-11e3-a6a5-7c05072cbd2e} - E:\LiteAuto.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File
BootExecute: sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll ()
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0C5A6CC2-E9C4-4C17-9634-BAC88ECE1F91}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: https://www.facebook.com/NLP.Kompakt
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-9q1m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined-i63m.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\allmusic--music-search-recommendations-videos-and-reviews.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-2cs8.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined-e1wb.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-1jnc.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined-enik.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.undefined.undefined
FF SearchPlugin: C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\searchplugins\youtube.xml
FF Extension: Flashblock - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: WOT - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-30]
FF Extension: DownloadHelper - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-26]
FF Extension: DownThemAll! AntiContainer - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\anticontainer@downthemall.net.xpi [2014-12-26]
FF Extension: Autofill Forms - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\autofillForms@blueimp.net.xpi [2014-12-26]
FF Extension: TinEye Reverse Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\tineye@ideeinc.com.xpi [2014-12-27]
FF Extension: Zoom Page - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\zoompage@DW-dev.xpi [2014-12-28]
FF Extension: Google  Image Search - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2014-12-27]
FF Extension: gTranslate - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2014-12-26]
FF Extension: Adblock Plus - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-26]
FF Extension: DownThemAll! - C:\Users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\7v8jzm1q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FolderSize; C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio) [File not signed]
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 AdobeFlashPlayerUpdateSvc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [52000 2014-12-05] (AVG Technologies)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] () [File not signed]
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [196608 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [113536 2007-07-17] (Novatel Wireless Inc.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1147536 2012-07-26] (Realtek Semiconductor Corporation                          )
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbnmeaext; system32\DRIVERS\ZTEusbnmeaext.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 23:19 - 2014-12-31 23:19 - 00000134 _____ () C:\Users\monika\Desktop\regfix.reg
2014-12-31 23:16 - 2014-12-31 23:24 - 00000168 _____ () C:\windows\setupact.log
2014-12-31 23:16 - 2014-12-31 23:16 - 00000000 _____ () C:\windows\setuperr.log
2014-12-31 20:27 - 2014-12-31 23:29 - 00001942 _____ () C:\Users\monika\Desktop\SystemLook.txt
2014-12-31 20:26 - 2014-12-31 20:26 - 00165376 _____ () C:\Users\monika\Desktop\SystemLook_x64.exe
2014-12-31 18:18 - 2014-12-31 18:19 - 00034358 _____ () C:\Users\monika\Desktop\Addition.txt
2014-12-31 18:17 - 2014-12-31 23:32 - 00021519 _____ () C:\Users\monika\Desktop\FRST.txt
2014-12-31 11:34 - 2014-12-31 11:34 - 00001905 _____ () C:\Users\monika\Desktop\IrfanView Thumbnails.lnk
2014-12-31 11:34 - 2014-12-31 11:34 - 00001013 _____ () C:\Users\monika\Desktop\IrfanView.lnk
2014-12-31 11:34 - 2014-12-31 11:34 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-12-31 11:28 - 2014-12-31 11:28 - 01898640 _____ (Irfan Skiljan) C:\Users\monika\Downloads\iview438_setup.exe
2014-12-30 16:57 - 2014-12-31 23:31 - 00000000 ____D () C:\FRST
2014-12-30 16:56 - 2014-12-30 16:56 - 02123264 _____ (Farbar) C:\Users\monika\Desktop\FRST64.exe
2014-12-29 20:15 - 2014-12-29 20:16 - 00001691 _____ () C:\DelFix.txt
2014-12-29 20:04 - 2014-12-29 20:04 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Oracle
2014-12-29 19:59 - 2014-12-29 20:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-29 19:59 - 2014-12-29 19:59 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-29 19:59 - 2014-12-29 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-28 09:13 - 2014-12-28 09:13 - 00239697 _____ () C:\Users\monika\Desktop\Gmer.txt
2014-12-28 08:53 - 2014-12-28 08:53 - 00380416 _____ () C:\Users\monika\Desktop\Gmer-19357.exe
2014-12-27 17:28 - 2014-12-27 17:28 - 00000000 ____D () C:\SUPERDelete
2014-12-27 17:19 - 2014-12-27 17:19 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-27 16:57 - 2014-12-27 16:57 - 00000627 _____ () C:\Users\monika\Documents\aswMBR.txt
2014-12-27 16:37 - 2014-12-28 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-12-27 16:37 - 2014-12-28 13:22 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-12-27 16:37 - 2014-12-27 16:37 - 00000000 ____D () C:\Users\monika\AppData\Local\Anvisoft
2014-12-27 14:34 - 2014-12-27 14:34 - 00242376 _____ (Kaspersky Lab, Yury Parshin) C:\windows\system32\Drivers\92500250.sys
2014-12-27 13:18 - 2014-12-27 13:20 - 00000000 ____D () C:\EEK
2014-12-26 09:37 - 2014-12-26 09:37 - 00000000 ____D () C:\Users\monika\AppData\Roaming\LavasoftStatistics
2014-12-26 09:29 - 2014-12-26 09:29 - 00001436 _____ () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 09:13 - 2014-12-26 09:13 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-26 07:49 - 2014-12-26 07:49 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2014-12-26 07:33 - 2014-12-26 07:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-26 07:33 - 2014-12-26 07:33 - 11222744 _____ (SurfRight B.V.) C:\Users\monika\Downloads\HitmanPro_x64.exe
2014-12-25 22:58 - 2014-12-26 05:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-25 22:45 - 2014-12-29 20:15 - 00000000 ____D () C:\windows\ERUNT
2014-12-25 22:30 - 2014-12-25 22:30 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-12-25 22:30 - 2014-12-25 22:30 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-12-25 20:44 - 2014-12-25 20:48 - 00000700 _____ () C:\windows\Tasks\Open Chrome.job
2014-12-25 20:44 - 2014-12-25 20:44 - 00003020 _____ () C:\windows\System32\Tasks\Open Chrome
2014-12-25 18:52 - 2014-12-25 18:52 - 00000000 ____D () C:\Users\monika\Documents\OneNote-Notizbücher
2014-12-25 10:00 - 2014-12-25 18:54 - 00000748 _____ () C:\EamClean.log
2014-12-23 20:16 - 2014-12-23 20:16 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-23 19:23 - 2014-12-31 23:25 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-12-23 19:23 - 2014-12-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-12-23 06:34 - 2014-12-23 06:34 - 00000000 _____ () C:\autoexec.bat
2014-12-22 06:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-12-22 06:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-22 06:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-12-22 06:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-12-22 06:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-12-22 06:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-12-22 06:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-12-22 06:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-12-22 06:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-12-22 06:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-12-22 06:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-12-22 03:26 - 2014-12-22 03:26 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-21 21:10 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-21 21:10 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-21 21:10 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-21 21:10 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-21 07:41 - 2014-12-21 07:41 - 00002888 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_monika
2014-12-21 07:40 - 2014-12-21 07:40 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-20 07:08 - 2014-12-20 07:08 - 00000000 ____D () C:\windows\Tasks\ImCleanDisabled
2014-12-20 06:17 - 2014-12-20 06:17 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-20 06:17 - 2014-12-20 06:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-20 06:17 - 2014-12-20 06:17 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-14 06:20 - 2014-12-17 02:43 - 00000000 ____D () C:\Moni Trinergy
2014-12-13 19:09 - 2014-12-13 19:09 - 00000000 ____D () C:\Users\monika\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\Documents\Adobe
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\Users\monika\AppData\Local\PACE Anti-Piracy
2014-12-13 18:31 - 2014-12-13 18:31 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-12-13 15:48 - 2012-04-29 23:06 - 00000000 ____D () C:\windows\SysWOW64\Adobe Indesign CS6
2014-12-13 07:19 - 2014-12-13 07:19 - 00000000 ___RD () C:\Users\monika\Creative Cloud Files
2014-12-13 07:08 - 2014-12-13 07:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-12 20:38 - 2014-12-12 20:38 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-12 20:38 - 2014-12-12 20:38 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-12 20:38 - 2014-12-12 20:38 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-12 20:38 - 2014-12-12 20:38 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-12 20:38 - 2014-12-12 20:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-12 20:24 - 2014-12-12 20:24 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-12 20:24 - 2014-12-12 20:24 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 20:23 - 2014-12-12 20:23 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-12 20:23 - 2014-12-12 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-12 20:22 - 2014-12-12 20:22 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-07 15:38 - 2014-12-07 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-07 15:38 - 2014-12-07 15:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-05 06:08 - 2014-12-20 06:26 - 00002856 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (monika)
2014-12-04 12:10 - 2014-12-27 19:23 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 23:32 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 23:32 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 23:29 - 2014-03-30 16:44 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 23:25 - 2013-11-20 16:18 - 00000000 ___RD () C:\Users\monika\Dropbox
2014-12-31 23:25 - 2013-11-20 16:16 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Dropbox
2014-12-31 23:24 - 2013-11-18 13:23 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 23:24 - 2013-11-13 16:17 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-12-31 23:24 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-31 22:05 - 2013-11-18 13:10 - 00000000 ____D () C:\Users\monika\Documents\Outlook-Dateien
2014-12-31 21:45 - 2013-11-18 13:23 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 11:34 - 2013-11-29 07:41 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IrfanView
2014-12-31 11:34 - 2013-11-18 13:24 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-12-30 15:25 - 2013-11-13 16:17 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-12-30 10:38 - 2013-12-18 20:12 - 00000000 ____D () C:\__Moni privat
2014-12-29 20:13 - 2013-11-18 09:02 - 00000000 ____D () C:\Users\monika
2014-12-29 20:00 - 2014-11-10 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-29 20:00 - 2013-02-19 23:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-29 19:59 - 2013-02-19 23:48 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-12-29 19:59 - 2013-02-19 23:48 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-12-29 19:59 - 2013-02-19 23:48 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-12-29 19:57 - 2013-12-01 22:41 - 00000000 ____D () C:\_Moni Trinergy
2014-12-28 18:27 - 2013-11-21 06:37 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Skype
2014-12-28 13:30 - 2014-01-14 16:07 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-28 08:07 - 2014-06-16 17:38 - 00000000 ____D () C:\Users\monika\AppData\Roaming\ProductData
2014-12-27 19:48 - 2013-02-20 00:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-27 09:15 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-26 13:45 - 2013-02-20 07:23 - 00000000 ____D () C:\windows\Panther
2014-12-26 09:20 - 2013-11-18 09:06 - 00089104 _____ () C:\Users\monika\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 09:19 - 2009-07-14 05:45 - 04968048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-26 09:14 - 2013-11-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-26 09:14 - 2013-11-18 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-26 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-26 09:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-26 09:09 - 2009-07-14 03:34 - 00000510 _____ () C:\windows\win.ini
2014-12-26 09:08 - 2010-11-21 08:17 - 00000000 ____D () C:\windows\ShellNew
2014-12-26 06:10 - 2014-01-15 14:55 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-12-25 23:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-25 22:26 - 2013-11-26 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus SmartSuite
2014-12-25 21:42 - 2013-11-18 10:04 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-25 21:42 - 2013-11-18 09:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-25 21:13 - 2013-11-26 10:58 - 00000000 ____D () C:\lotus
2014-12-25 21:02 - 2013-12-31 06:42 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Vodafone
2014-12-25 21:01 - 2013-12-31 06:40 - 00000000 ____D () C:\ProgramData\Vodafone
2014-12-25 20:52 - 2013-12-23 09:02 - 00000000 ____D () C:\windows\SysWOW64\SupportAppXL
2014-12-25 20:52 - 2013-02-20 00:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 20:40 - 2013-02-20 00:04 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-12-25 19:12 - 2013-11-18 09:31 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Adobe
2014-12-25 06:22 - 2013-11-18 12:05 - 00000000 ____D () C:\Users\monika\AppData\Local\Adobe
2014-12-25 06:10 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-23 06:32 - 2014-01-14 16:06 - 00000000 ____D () C:\Users\monika\AppData\Roaming\IObit
2014-12-22 17:19 - 2014-08-31 09:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-22 06:34 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 06:31 - 2013-12-13 14:04 - 01593564 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-22 06:31 - 2011-02-11 10:56 - 00699342 _____ () C:\windows\system32\perfh007.dat
2014-12-22 06:31 - 2011-02-11 10:56 - 00149450 _____ () C:\windows\system32\perfc007.dat
2014-12-22 06:30 - 2009-07-14 06:13 - 01593564 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-22 03:26 - 2014-04-27 20:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-22 03:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-21 21:41 - 2013-11-23 07:43 - 00000000 ____D () C:\windows\system32\MRT
2014-12-21 07:40 - 2014-01-14 16:07 - 00000000 ____D () C:\ProgramData\IObit
2014-12-20 06:23 - 2014-01-14 19:16 - 78077952 _____ () C:\windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00262144 _____ () C:\windows\system32\config\DEFAULT.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00065536 _____ () C:\windows\system32\config\SAM.iodefrag.bak
2014-12-20 06:23 - 2014-01-14 19:16 - 00024576 _____ () C:\windows\system32\config\SECURITY.iodefrag.bak
2014-12-17 08:33 - 2013-11-20 16:17 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 11:45 - 2014-03-30 16:44 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-16 11:45 - 2013-02-20 00:04 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 11:45 - 2013-02-20 00:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 11:31 - 2013-11-18 12:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-13 18:31 - 2014-05-06 14:48 - 00000000 ___HD () C:\Users\monika\AppData\Local\ex4tPm2rD
2014-12-12 20:39 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-08 20:40 - 2013-11-21 07:00 - 00000000 ____D () C:\Users\monika\AppData\Roaming\Spotify
2014-12-08 20:29 - 2013-11-21 07:01 - 00000000 ____D () C:\Users\monika\AppData\Local\Spotify
2014-12-05 06:22 - 2013-11-18 09:35 - 00052000 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-12-05 06:19 - 2014-02-09 07:37 - 62242816 _____ () C:\windows\system32\config\COMPONENTS.iodefrag.bak
2014-12-02 09:02 - 2013-11-18 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\monika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdh544n.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 10:57

==================== End Of Log ============================
--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by monika at 2014-12-31 23:32:53
Running from C:\Users\monika\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Abalone (HKLM-x32\...\Abalone) (Version:  - )
Amazon Kindle (HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Amazon Kindle) (Version:  - Amazon)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Folder Size for Windows (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.5 - Brio)
Folder Size for Windows (HKLM-x32\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.5 - Brio)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Foto-Mosaik-Edda Professional V6.8.13221.1 (HKLM-x32\...\{02D27E70-C87B-4375-A870-55F423D42BB5}_is1) (Version:  - Steffen Schirmer)
Foto-Mosaik-Edda Standard V6.8.13221.1 (HKLM-x32\...\{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1) (Version:  - Steffen Schirmer)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MixMeister Fusion + Video 7.3.2 (HKLM-x32\...\mmfvsetup_is1) (Version:  - MixMeister Technology LLC)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RtkClassFilter (HKLM-x32\...\InstallShield_{8220FCF2-A57F-4236-BFCC-C6C2268E851E}) (Version: 1.2.1.4 - REALTEK Semiconductor Corp)
RtkClassFilter (x32 Version: 1.2.1.4 - REALTEK Semiconductor Corp) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2673460537-1904279275-2014630884-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.39 - TOSHIBA Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
web'n'walk Manager (HKLM-x32\...\{28938B7C-B11B-49BD-84E4-44C8416D4C07}) (Version: 2.08.26 - Novatel Wireless Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows-Treiberpaket - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (12/02/2011 2.3.8.1) (HKLM\...\EA90D42054890B3938D0BEF1E8A316D20C6D6003) (Version: 12/02/2011 2.3.8.1 - Realtek Semiconductor Corp.)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2673460537-1904279275-2014630884-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\monika\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-12-2014 20:15:50 Ende der Bereinigung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-30 16:57 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {046EED9B-E736-4787-B6FF-4284D2BE1138} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {1D8B069F-84F5-4E8D-BDE8-3CD667CF6BE3} - System32\Tasks\Uninstaller_SkipUac_monika => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {3B7E0F1C-0612-41B0-82F1-BD04688DFFEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {4B72462C-5B23-4220-A8EB-67F12E853E24} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {514B3510-AD22-485A-A9DC-60D58408BFC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {5B687F28-C912-47D4-A34C-AEFC5B3F3558} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {69944BA3-892D-4A04-8E61-327A5BF534CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6FDDC07D-3A76-4AB1-8B50-599AC00D9405} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {7B48479E-4035-4F9E-9776-8E9BE9CA1695} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {7F61DDE9-B8B9-4A7E-B826-C062C4A98EEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {9E77F8C8-4AE2-488B-93EA-18E291527749} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A852A120-0F6F-4304-ADAF-1E600633432E} - System32\Tasks\Driver Booster SkipUAC (monika) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {AB756098-ADE2-49F7-A598-529C91BF92C9} - System32\Tasks\{BC449F3B-FE8D-4428-9803-A4C8BFF92530} => pcalua.exe -a C:\Users\monika\Downloads\iview436g_setup.exe -d C:\Users\monika\Downloads
Task: {ABFDF1B5-65C9-4758-AE9B-F45B8E58D57B} - System32\Tasks\NCH Software\ExpressRipSevenDays => C:\Program Files (x86)\NCH Software\ExpressRip\ExpressRip.exe
Task: {C983CBB4-27F9-495B-8141-86C24761B4B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EDD53A55-D1D1-4510-B2A8-06E0426BF1AE} - System32\Tasks\Open Chrome => Chrome.exe --new-window toolbar.avg.com/ch-uninstall?cid={C69FDC2B-6274-4549-81EC-27A8FE6B5071}&amp;mid=14153488463947d3ba70ad4c41c854dd-7debb9164af7197c19e30b1ef1057a583746874e&amp;lang=en&amp;ds=AVG&amp;coid=avgtbavg&amp;cmpid=1214tb&amp;pr=fr&amp;d=&amp;v=4.0.5.6&amp;pid=wtu&amp;sg=
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-11-13 16:33 - 2010-09-09 17:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2013-11-13 16:17 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-05-10 07:16 - 2012-05-10 07:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-22 15:19 - 2011-08-22 15:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2012-02-28 19:00 - 2012-02-28 19:00 - 00594368 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-11-25 18:51 - 2011-11-25 18:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-08-31 09:17 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-31 09:17 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-31 09:17 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-31 09:17 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-31 09:17 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2007-10-04 12:32 - 2007-10-04 12:32 - 00053340 _____ () C:\Program Files (x86)\Novatel Wireless\Mobilink\Blaze.ocx
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-31 23:25 - 2014-12-31 23:25 - 00043008 _____ () c:\users\monika\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdh544n.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\monika\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-01-25 10:57 - 2012-01-25 10:57 - 00172032 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll
2013-11-13 16:17 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-11-10 21:41 - 2014-12-02 09:00 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\monika\Lokale Einstellungen:5bVKwUVXVbmLrwjM0lmzKpMB
AlternateDataStreams: C:\Users\monika\AppData\Local:5bVKwUVXVbmLrwjM0lmzKpMB
AlternateDataStreams: C:\Users\monika\AppData\Local\Anwendungsdaten:5bVKwUVXVbmLrwjM0lmzKpMB
AlternateDataStreams: C:\Users\monika\AppData\Local\Temp:PtErKuOjXE76MO8AbMjUsm

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\66708156.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\66708156.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2673460537-1904279275-2014630884-500 - Administrator - Disabled)
Gast (S-1-5-21-2673460537-1904279275-2014630884-501 - Limited - Disabled)
monika (S-1-5-21-2673460537-1904279275-2014630884-1000 - Administrator - Enabled) => C:\Users\monika

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 11:25:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 11:22:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 11:17:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/31/2014 11:17:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/31/2014 11:17:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/31/2014 11:17:02 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/31/2014 11:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 11:16:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/31/2014 11:16:42 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/31/2014 11:16:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (12/31/2014 11:17:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/31/2014 11:17:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (12/30/2014 04:57:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (12/28/2014 02:36:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (12/31/2014 11:25:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 11:22:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 11:17:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/31/2014 11:17:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/31/2014 11:17:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/31/2014 11:17:02 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/31/2014 11:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2014 11:16:42 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/31/2014 11:16:42 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/31/2014 11:16:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


CodeIntegrity Errors:
===================================
  Date: 2014-03-22 15:19:47.096
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:47.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:44.032
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:43.996
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:41.280
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:41.242
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:38.371
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:38.337
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:33.918
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-22 15:19:33.884
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 3979.3 MB
Available physical RAM: 2020.54 MB
Total Pagefile: 7956.78 MB
Available Pagefile: 5544.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI31047800A) (Fixed) (Total:452.42 GB) (Free:174.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20993064)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=17)

==================== End Of Log ============================
--- --- ---


Gruß, Roman


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:39 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19