Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Speicher voll, Archivbombe geöffnet? (https://www.trojaner-board.de/162667-speicher-voll-archivbombe-geoeffnet.html)

Pjonga 11.01.2015 17:28
Speicher voll, Archivbombe geöffnet?
 
Hallo liebe Betreiber und Mitforennutzer,

mein Problem ist vielfältig und Google konnte mir leider nur in soweit helfen, als das es mich immer wieder an das Forum verwies. :abklatsch: Ich hoffe jetzt einfach das ihr mir helfen könnt.

Es fing damit an das mein Ex mir erzählte, er bekäme zweideutige Werbung :pfeiff: von meiner Emailadresse. War ja erst lustig, aber nicht lange.
Dann hatte ich irgendwelche Spieleverknüpfungen auf meinem Desktop die vorher nicht dort waren.
Avast gab mehrere Archivbomben an, ein Programm das wohl nicht ganz koscher war 0.o und win42 (über die Zahl bin ich mir nicht sicher). Im Minutentakt bekam ich Virenwarnungen durchgegeben. Ich löchste das Programm und erneute Spieleverknüpfungen blieben aus.
Mozilla fiel aus und statt dessen konnte ich nur über ein mir unbekanntes Programm "BoBrowser" ins Netz.
Nachdem Avast eine komplette Systemüberprüfung nach Neustart durchführte war mein 232 GB Speicher plötzlich total überfüllt.
Nun versucht mein Computer ständig einen Neustart um Updates durchzuführen, ich habe immer noch Verknüpfungen auf meinem Desktop die dort nicht hingehören und traue mich kaum noch meinen Läppi zu benutzen.

Jemand spontan ne Idee was meinem Schatz fehlt? :lach::pfeiff:

Ich hoffe ihr könnt mir weiterhelfen.

Pjonga

PS: Avast gibt inzwischen keinen Virus mehr an, aber im Container sind locker noch 20-30 Viren.

schrauber 11.01.2015 17:45
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Pjonga 11.01.2015 18:45
Danke für die schnelle Antwort. Ich hoffe ich bekomme das jetzt auch hin... :glaskugel2::daumenhoc
Und danke dafür das es auch für einen ziemlichen Dau wie mich ziemlich klar war was ich zu tun hatte. :lach:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Bianca (administrator) on BIANCA-TOSH on 11-01-2015 18:29:06
Running from C:\Users\Bianca\Downloads
Loaded Profile: Bianca (Available profiles: Bianca)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Bobrowser)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.13\OptProReminder.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-06-10] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-15] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-14] (Samsung)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-03] (Google Inc.)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.13\OptProLauncher.exe [148048 2014-12-04] (PC Utilities Software Limited)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\MountPoints2: {0cfcf203-e6ba-11e0-a614-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\MountPoints2: {325a7b06-9099-11e1-82ca-e89a8fdfc463} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs-x32: _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.searchqu.com/406
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_52_ie&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0D0F0CyEyCtAtAyBzzzztN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAtA0FtByDzz0E0FtGyB0AtByDtG0CtBtBtBtGyByDyC0BtGtDyE0C0ByCyDtDyDzyzzyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0C0EtDzztBzztGyE0ByB0FtGyEyB0CyCtG0B0DtDyEtG0AyDyCtDtB0DyByDtDzzyC0A2Q&cr=122638340&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_52_ie&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0D0F0CyEyCtAtAyBzzzztN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAtA0FtByDzz0E0FtGyB0AtByDtG0CtBtBtBtGyByDyC0BtGtDyE0C0ByCyDtDyDzyzzyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0C0EtDzztBzztGyE0ByB0FtGyEyB0CyCtG0B0DtDyEtG0AyDyCtDtB0DyByDtDzzyC0A2Q&cr=122638340&ir=
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0D0F0CyEyCtAtAyBzzzztN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1508864022
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D121614-AB747CC590BEC44CD91F&form=CONBDF&conlogo=CT3330962&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D121614-AB747CC590BEC44CD91F&form=CONBDF&conlogo=CT3330962&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: No Name -> {09F58E74-42B4-4D70-BA26-35FC954E7A17} ->  No File
BHO: No Name -> {84c104ae-2ef1-4e7c-bfe6-5b2fcbecccb0} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\webde-suche.xml
FF Extension: WEB.DE MailCheck - C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\Extensions\toolbar@web.de [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-10]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-15]
FF HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Firefox\Extensions: [{934DDF3A-F55B-438F-B805-4C0403660F1E}] - C:\Program Files (x86)\ver3BlockAndSurf\184.xpi

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Bitdefender 2014) - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Profile: C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BlockAndSurf) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjhadegcbgjbgkidapllmhdfncbkpli [2014-12-29]
CHR Extension: (Avast Online Security) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-18]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-08-01]
CHR Extension: (Color My Twitter) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk [2014-12-22]
CHR Extension: (DVDvideoSoft 2.0) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf [2013-08-01]
CHR HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Chrome\Extension: [kppnoegbbaphhibbpdojjiehofchhdgk] - C:\Users\Bianca\AppData\Local\CRE\kppnoegbbaphhibbpdojjiehofchhdgk.crx [2012-08-13]
CHR HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Bianca\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-10]
CHR HKLM-x32\...\Chrome\Extension: [kppnoegbbaphhibbpdojjiehofchhdgk] - C:\Users\Bianca\AppData\Local\CRE\kppnoegbbaphhibbpdojjiehofchhdgk.crx [2012-08-13]
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Bianca\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx [2013-04-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-15] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-15] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-08-16] (Intel Corporation)
S3 Tosrfcom; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 18:29 - 2015-01-11 18:30 - 00032436 _____ () C:\Users\Bianca\Downloads\FRST.txt
2015-01-11 18:28 - 2015-01-11 18:29 - 00000000 ____D () C:\FRST
2015-01-11 18:28 - 2015-01-11 18:28 - 02124288 _____ (Farbar) C:\Users\Bianca\Downloads\FRST64.exe
2015-01-11 18:27 - 2015-01-11 18:27 - 01115648 _____ (Farbar) C:\Users\Bianca\Downloads\FRST.exe
2015-01-11 16:52 - 2015-01-11 16:52 - 00003348 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2661352464-3399069233-14347418-1001
2015-01-06 00:20 - 2015-01-06 00:20 - 00000000 _____ () C:\Windows\SysWOW64\shoF930.tmp
2015-01-06 00:19 - 2015-01-06 00:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-05 23:33 - 2015-01-11 18:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 23:32 - 2015-01-05 23:32 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 23:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 23:32 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 23:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 23:30 - 2015-01-05 23:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bianca\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-05 23:30 - 2015-01-05 23:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bianca\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 23:20 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-05 23:20 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-05 23:20 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-05 23:20 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-05 23:20 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-05 23:20 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-05 23:20 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-05 23:20 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-05 23:20 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-05 23:20 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-04 15:56 - 2015-01-04 15:56 - 00002282 _____ () C:\Users\Bianca\Desktop\Wikipedia.lnk
2015-01-04 15:56 - 2015-01-04 15:56 - 00002282 _____ () C:\Users\Bianca\Desktop\Facebook.lnk
2015-01-04 15:56 - 2015-01-04 15:56 - 00002276 _____ () C:\Users\Bianca\Desktop\Youtube.lnk
2015-01-04 15:56 - 2015-01-04 15:56 - 00002276 _____ () C:\Users\Bianca\Desktop\Hotmail.lnk
2015-01-04 15:56 - 2015-01-04 15:56 - 00002270 _____ () C:\Users\Bianca\Desktop\Amazon.lnk
2015-01-04 15:56 - 2015-01-04 15:56 - 00002232 _____ () C:\Users\Bianca\Desktop\BoBrowser.lnk
2014-12-29 17:34 - 2014-12-29 17:45 - 00003282 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2661352464-3399069233-14347418-1001
2014-12-29 17:22 - 2015-01-04 15:54 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-12-22 17:39 - 2014-12-22 17:39 - 00022528 _____ () C:\Users\Bianca\AppData\Local\dsisetup40544032.exe
2014-12-22 17:39 - 2014-12-22 17:39 - 00000001 _____ () C:\Users\Bianca\AppData\Local\DSI.DAT
2014-12-22 17:21 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-22 17:21 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-22 17:21 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-22 17:21 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-22 17:21 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-22 17:21 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-22 17:21 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-22 17:21 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-22 17:21 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-22 17:21 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-22 17:21 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-22 17:20 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-22 17:20 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-22 17:20 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-22 17:20 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-22 17:20 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-22 17:20 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-22 17:20 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-22 17:20 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-22 17:19 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-22 17:18 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-22 17:18 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-22 17:17 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-22 17:17 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-22 17:17 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-22 17:17 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-22 17:17 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-22 17:17 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-22 17:17 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-22 17:17 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-22 17:17 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-22 17:17 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-22 17:17 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-22 17:17 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-22 17:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-22 17:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-22 17:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-22 17:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-22 17:17 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-22 17:17 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-22 17:16 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-22 17:16 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-22 17:16 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-22 17:16 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-22 17:16 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-22 17:16 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-22 17:16 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-22 17:16 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-22 17:16 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-22 17:16 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-22 17:16 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-22 17:16 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-22 17:16 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-22 17:14 - 2014-12-22 17:14 - 00000000 ____D () C:\Program Files (x86)\predm
2014-12-22 17:14 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-22 17:14 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-22 17:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-22 17:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-22 16:52 - 2014-12-22 16:54 - 00000000 ____D () C:\ProgramData\fa71065cd11074ce
2014-12-22 16:51 - 2014-12-22 16:51 - 00001936 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-12-22 16:51 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bianca\Documents\SelfMV
2014-12-22 16:50 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-12-22 16:50 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-12-22 16:39 - 2014-12-22 16:39 - 00000000 ___HD () C:\Users\Bianca\AppData\Roaming\GoldenGate
2014-12-22 16:38 - 2014-12-22 16:45 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Gameo
2014-12-22 16:38 - 2014-12-22 16:38 - 00000172 _____ () C:\Users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-12-22 16:37 - 2014-12-29 17:17 - 00001101 _____ () C:\Users\Bianca\Desktop\Continue Live Installation.lnk
2014-12-22 16:36 - 2014-12-22 16:36 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-22 16:25 - 2014-12-22 16:25 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-12-22 16:24 - 2014-12-22 16:24 - 00001969 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-12-22 16:21 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-12-22 16:21 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-12-22 16:12 - 2014-12-22 16:14 - 00000000 _____ () C:\END
2014-12-16 09:00 - 2014-12-29 08:56 - 00003264 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-12-16 09:00 - 2014-12-16 09:00 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Optimizer Pro
2014-12-16 08:59 - 2014-12-16 08:59 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\dlg
2014-12-16 08:55 - 2015-01-06 00:10 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\InetStat
2014-12-16 08:54 - 2015-01-06 00:21 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.13
2014-12-16 08:54 - 2014-12-16 08:54 - 00001066 _____ () C:\Users\Bianca\Desktop\Optimizer Pro.lnk
2014-12-16 08:54 - 2014-12-16 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-12-16 08:53 - 2014-12-16 08:53 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-16 08:53 - 2014-12-16 08:53 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-16 08:53 - 2014-12-16 08:53 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-16 08:53 - 2014-12-15 12:51 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-16 08:53 - 2014-12-15 12:51 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 17:45 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 17:45 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 17:44 - 2011-08-03 11:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 17:37 - 2013-07-30 20:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 17:24 - 2011-09-24 15:29 - 01881717 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 16:52 - 2014-10-15 19:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-11 16:52 - 2014-10-02 16:04 - 00003216 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2661352464-3399069233-14347418-1001
2015-01-11 16:51 - 2011-08-03 11:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 16:50 - 2012-10-23 11:25 - 01441168 _____ () C:\Windows\PFRO.log
2015-01-11 16:50 - 2012-08-31 15:45 - 00105134 _____ () C:\Windows\setupact.log
2015-01-11 16:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 00:22 - 2009-07-14 05:45 - 00267816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 00:21 - 2014-07-01 21:26 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-01-06 00:21 - 2013-07-30 09:52 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\BabSolution
2015-01-06 00:19 - 2014-05-10 20:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-06 00:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-06 00:10 - 2012-11-23 21:25 - 00000000 ____D () C:\Users\Bianca\Spiele
2015-01-05 23:29 - 2014-10-31 16:29 - 00000166 _____ () C:\Users\Bianca\AppData\Roaming\WB.CFG
2015-01-04 15:58 - 2011-02-11 09:21 - 06870524 _____ () C:\Windows\system32\perfh007.dat
2015-01-04 15:58 - 2011-02-11 09:21 - 02126726 _____ () C:\Windows\system32\perfc007.dat
2015-01-04 15:58 - 2009-07-14 06:13 - 00006484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 15:56 - 2014-05-10 16:27 - 00002272 _____ () C:\Users\Bianca\Desktop\Search.lnk
2015-01-04 15:55 - 2014-07-01 22:19 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-04 15:54 - 2012-08-05 18:25 - 00000000 ____D () C:\Program Files (x86)\OXXOGames
2014-12-29 18:15 - 2014-11-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-29 17:48 - 2013-07-30 09:52 - 00001142 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-29 17:48 - 2013-07-30 09:52 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-29 17:22 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-29 17:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-22 16:56 - 2012-02-13 17:23 - 00000000 ____D () C:\Users\Bianca\Documents\samsung
2014-12-22 16:51 - 2012-02-13 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-22 16:49 - 2012-02-13 17:19 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Samsung
2014-12-22 16:49 - 2011-08-03 10:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 16:48 - 2012-02-13 17:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-22 16:25 - 2012-02-13 17:23 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Samsung
2014-12-22 16:24 - 2012-02-13 17:22 - 00001959 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-12-22 16:20 - 2012-02-13 17:19 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-22 16:17 - 2012-02-13 17:17 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Downloaded Installations
2014-12-22 16:08 - 2013-07-30 20:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-22 16:08 - 2013-07-30 20:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-22 16:08 - 2013-07-30 20:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\3snJjsU.dat


Some content of TEMP:
====================
C:\Users\Bianca\AppData\Local\Temp\2ynfod8r.dll
C:\Users\Bianca\AppData\Local\Temp\8604AEB9-7ACE-C7E1-18D8-A7F7BFA6EBE9.dll
C:\Users\Bianca\AppData\Local\Temp\95D122E2-64E8-715F-2D6D-A09575793B9B.dll
C:\Users\Bianca\AppData\Local\Temp\96073C9C-5B68-9B85-5D5B-937FC9B2712C.exe
C:\Users\Bianca\AppData\Local\Temp\AskSLib.dll
C:\Users\Bianca\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnyqnag.dll
C:\Users\Bianca\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Bianca\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Bianca\AppData\Local\Temp\dwiahoiq.dll
C:\Users\Bianca\AppData\Local\Temp\Execute2App.exe
C:\Users\Bianca\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Bianca\AppData\Local\Temp\htmlayout.dll
C:\Users\Bianca\AppData\Local\Temp\i4jdel0.exe
C:\Users\Bianca\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Bianca\AppData\Local\Temp\KUIU.EXE
C:\Users\Bianca\AppData\Local\Temp\msvcp90.dll
C:\Users\Bianca\AppData\Local\Temp\msvcr90.dll
C:\Users\Bianca\AppData\Local\Temp\muzaf1.dll
C:\Users\Bianca\AppData\Local\Temp\muzapp.exe
C:\Users\Bianca\AppData\Local\Temp\muzwmts.dll
C:\Users\Bianca\AppData\Local\Temp\optprosetup.exe
C:\Users\Bianca\AppData\Local\Temp\PCSChecker.exe
C:\Users\Bianca\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Bianca\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Bianca\AppData\Local\Temp\SHSetup.exe
C:\Users\Bianca\AppData\Local\Temp\SpOrder.dll
C:\Users\Bianca\AppData\Local\Temp\t5kmqkgs.dll
C:\Users\Bianca\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 04:09

==================== End Of Log ============================
--- --- ---

--- --- ---


Oh man ist das lang.... :balla:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by Bianca at 2015-01-11 18:43:02
Running from C:\Users\Bianca\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
AllDup 3.4.8 (HKLM-x32\...\AllDup_is1) (Version: 3.4.8 - Michael Thummerer Software Design)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EPSON XP-102 103 Series Printer Uninstall (HKLM\...\EPSON XP-102 103 Series) (Version:  - SEIKO EPSON Corporation)
Firefox Packages (HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Firefox Packages) (Version:  - ) <==== ATTENTION
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
reaConverter 7 Standard (HKLM-x32\...\{659727C6-7267-4076-803B-351A467F6CAF}_is1) (Version:  - Reasoft)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Snap.Do Engine (HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\{c184fa3c-3649-4626-bc3d-6c8fe5ff3d1c}) (Version: 11.71.1.16545 - ReSoft Ltd.) <==== ATTENTION
Studie zur Verbesserung von HP ENVY 4500 series (HKLM\...\{36E08FE6-D9FF-44EE-8AD3-EC723390DE00}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WindowsMangerProtect20.0.0.1013 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION
Zipeg (HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Zipeg) (Version: 2.9.3.1316 - hxxp://zipeg.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bianca\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661352464-3399069233-14347418-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04CF55ED-BABD-4D3D-A36F-1F6D1B413968} - System32\Tasks\{F4C2FF38-2BFB-464A-9899-38A016667F04} => pcalua.exe -a E:\MSETUP.EXE -d E:\
Task: {0B0F2729-94A5-46F4-A8B2-418464118E51} - System32\Tasks\{A5696BF1-17C9-4562-AC13-9701D54B45DF} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-05-31] (Apple Inc.)
Task: {118F75EA-8D07-4410-9085-40214EFD92A5} - System32\Tasks\{1A566CB7-4E5C-4BC0-8AE2-F9D1E692B6C9} => C:\Games\Afraid of Monsters Director's Cut\hl.exe [2003-12-11] (Valve)
Task: {18CB0FB5-A820-4AC8-9250-84C7246AA4C0} - System32\Tasks\{F3C37408-A07C-4E37-8F6C-3D36EDF1F2A6} => C:\Games\Unmechanical\Binaries\Win32\game.exe
Task: {1B5E15F8-CA5B-41F4-9E3D-C7C83F25CD83} - System32\Tasks\{0970FD28-73AE-4401-8D00-E6E4CEDBD9FA} => Chrome.exe
Task: {20B88411-DCD1-479E-9CAA-FDC4D94FD14C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {21A6477E-06A0-4D7C-ACA0-8B64F1C21B82} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {2401DAC2-6D7C-4BBE-89B2-6A1901A42A6E} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => c:\program files (x86)\real\realplayer\Update\realsched.exe [2012-06-10] (RealNetworks, Inc.)
Task: {24B22D70-529A-4524-A3BA-6F595B82D487} - System32\Tasks\{76AE8438-5EF9-4301-AE5C-08D94557D84A} => C:\Games\Afraid of Monsters Director's Cut\hl.exe [2003-12-11] (Valve)
Task: {2A332216-4EEA-4B03-BB2E-58E54E9E0381} - System32\Tasks\{ED0873DD-49BD-4E4A-B949-C90AC274C112} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-05-31] (Apple Inc.)
Task: {2CEB0EE7-6218-4B6D-B79A-BDE800025435} - System32\Tasks\{2F74FE5C-C123-4673-86FC-35204125FD67} => C:\Users\Bianca\Desktop\SCP_-_Containment_Breach_v0.5.1\SCP - Containment Breach v0.5.1\SCP - Containment Breach v0.5.1.exe
Task: {48EDEDFF-FC44-4D87-B85E-05DB5E007CEA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2661352464-3399069233-14347418-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {4E5A8788-3550-4FBA-A578-3CEC96783C76} - System32\Tasks\{A2C2B00D-14C3-45B2-9207-5517DE474379} => C:\Games\Unmechanical\Binaries\Win32\game.exe
Task: {607A6C44-C79A-41D1-9C33-4574A96C6F27} - System32\Tasks\{2C328F5B-2579-4B1E-A11B-171368583BFE} => Chrome.exe
Task: {6932B2EF-1747-4E1A-9EE6-FF4107F68CFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6984F62E-9231-4D4B-947C-DA84917B3CA1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2661352464-3399069233-14347418-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {7AC8406D-95DE-4852-8E9A-43884037977C} - System32\Tasks\{CDBE4517-23C1-4299-B6D3-521E1F9C4CEF} => C:\Games\Unmechanical\Binaries\Win32\game.exe
Task: {8173F1A6-841F-4FA1-BA89-3FFE4C01B1BF} - System32\Tasks\{67C5F90A-CE18-4465-9507-C6F4C46FFBAA} => C:\Games\LIMBO\limbo.exe [2011-08-02] (Playdead)
Task: {8249FEEA-51BE-41C5-B48F-8BC000365261} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.13\OptProLauncher.exe [2014-12-04] (PC Utilities Software Limited) <==== ATTENTION
Task: {8B429BA8-1BD5-4320-8EC5-D9299F814457} - System32\Tasks\{316F50F4-F1DC-481F-AF4B-AFC1D0BBB7C9} => C:\Games\Afraid of Monsters Director's Cut\hl.exe [2003-12-11] (Valve)
Task: {9330566C-3F87-46BC-99D0-FDD92A59247D} - System32\Tasks\HP AR Program Upload - fc55248e890642c9ad2b45eb954ee1e908a4513dfaa842ec9237ea229b5ffb3d => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {96EE1D5B-C75D-4A11-98B9-475C74070D45} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-22] (Adobe Systems Incorporated)
Task: {9804D058-3CED-490A-97B6-2EE31B66DB10} - System32\Tasks\{CC5ABD39-C11A-486E-A20B-BDA0AFC293CA} => C:\Program Files (x86)\Paranormal\Binaries\Win32\UDK.exe
Task: {997FCA89-F386-4852-8B3B-4A6AD96479DA} - System32\Tasks\{233D133A-D47D-4426-9D65-9180EA0B81C9} => Chrome.exe
Task: {A2CC6441-C17B-45B9-87FC-77B42E850AE1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-15] (AVAST Software)
Task: {A392D211-5240-49F5-A0C5-DD65ACEFF97D} - System32\Tasks\{4144B2A5-995A-40C6-B502-522D50CDEB73} => C:\Games\Unmechanical\Binaries\Win32\game.exe
Task: {A9C408FE-B65E-41A9-8AE3-4B7F25366D23} - \Voo Update No Task File <==== ATTENTION
Task: {AD1F8F54-FDB5-4D67-A700-E9DBE9E12EA4} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {BB38FA64-4113-4920-BBD8-38DFC89069A6} - System32\Tasks\{B0C698F1-FD27-4343-803C-8CAEA08E99C4} => pcalua.exe -a C:\Valve\Steam\Steamapps\Youraccount\Half-Life\Uninstal.exe
Task: {BDB2B3A3-7F16-4428-8709-1A73BCFAEAD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {CB8F430B-5E4D-47AC-ADAB-67C7A223755F} - System32\Tasks\{26313F8D-072A-45F7-8614-E2253A81B6D7} => C:\Users\Bianca\Desktop\SCP_-_Containment_Breach_v0.5.1\SCP - Containment Breach v0.5.1\SCP - Containment Breach v0.5.1.exe
Task: {D4B5BAB8-08C7-4096-8F14-BA4BDEA9B5F4} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {DCFB83EE-4DD0-4F3C-8D3C-9B98BCAC56B0} - System32\Tasks\{B3142005-9976-4D11-8EF5-FB729AD05474} => C:\Games\Afraid of Monsters Director's Cut\hl.exe [2003-12-11] (Valve)
Task: {DE88743F-230D-46E2-8BFA-817697F55363} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {E0338BED-5703-4F1A-83B2-CBDFC2B3B18E} - System32\Tasks\{AD858636-16E5-429A-B34E-7AB7AC3E437B} => C:\Games\Afraid of Monsters Director's Cut\hl.exe [2003-12-11] (Valve)
Task: {E454965B-405B-41F6-B938-3BB48CE69D89} - System32\Tasks\{268CDE60-DF08-4708-AF51-82ECB648175C} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-05-31] (Apple Inc.)
Task: {EBE4B2D4-C542-48E7-99A2-CA64253600B1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {ECE3440B-5CA5-4C4D-9DF4-6496BCE244AE} - System32\Tasks\{99AC71CC-D528-4480-8A0D-995B5F463265} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-05-31] (Apple Inc.)
Task: {ED7A8FA1-B426-432A-8E6A-B6B9F760A7D5} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {EFD7C268-E0D0-43BB-8686-F29DEB431392} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {FC945539-B3E5-404E-8E98-84437BF7DF54} - System32\Tasks\avastBCLRestartS-1-5-21-2661352464-3399069233-14347418-1001 => Chrome.exe
Task: {FD84F675-7203-4D41-A242-0A771D605BC1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-28 17:23 - 2014-09-04 14:46 - 01787392 _____ () C:\Program Files (x86)\reaConverter 7 Standard\newcontext64.dll
2011-03-02 14:36 - 2011-03-02 14:36 - 00591800 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2011-03-03 22:21 - 2011-03-03 22:21 - 03420584 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2011-04-04 18:18 - 2011-04-04 18:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 16:18 - 2010-11-18 16:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 14:19 - 2010-12-15 14:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2009-01-30 17:11 - 2009-01-30 17:11 - 01091072 _____ () C:\Program Files\Toshiba\SmartFaceV\SmartFaceVCtrl.dll
2009-01-30 17:10 - 2009-01-30 17:10 - 01043456 _____ () C:\Program Files\Toshiba\SmartFaceV\FaceRec.dll
2009-01-30 17:11 - 2009-01-30 17:11 - 07861248 _____ () C:\Program Files\Toshiba\SmartFaceV\FaceHI.dll
2014-10-15 19:42 - 2014-10-15 19:42 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-09 14:02 - 2015-01-09 14:02 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010900\algo.dll
2015-01-11 16:51 - 2015-01-11 16:51 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011100\algo.dll
2015-01-11 18:32 - 2015-01-11 18:32 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011101\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-15 19:42 - 2014-10-15 19:42 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-03 19:24 - 2014-11-03 19:24 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:363E775E
AlternateDataStreams: C:\ProgramData\TEMP:44712999
AlternateDataStreams: C:\ProgramData\TEMP:5133A494
AlternateDataStreams: C:\ProgramData\TEMP:5A2E8BBF
AlternateDataStreams: C:\ProgramData\TEMP:7254CF01
AlternateDataStreams: C:\ProgramData\TEMP:9524D821
AlternateDataStreams: C:\ProgramData\TEMP:A73595DE
AlternateDataStreams: C:\ProgramData\TEMP:BD50071F
AlternateDataStreams: C:\ProgramData\TEMP:BE6B5FC3
AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30
AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56
AlternateDataStreams: C:\ProgramData\TEMP:EBF0842B
AlternateDataStreams: C:\Users\Bianca\Downloads\mseinstall.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2661352464-3399069233-14347418-500 - Administrator - Disabled)
Bianca (S-1-5-21-2661352464-3399069233-14347418-1001 - Administrator - Enabled) => C:\Users\Bianca
Gast (S-1-5-21-2661352464-3399069233-14347418-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2661352464-3399069233-14347418-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2015 04:52:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TOPI.exe, Version: 4.1.0.0, Zeitstempel: 0x4dd0ba7a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x13b0
Startzeit der fehlerhaften Anwendung: 0xTOPI.exe0
Pfad der fehlerhaften Anwendung: TOPI.exe1
Pfad des fehlerhaften Moduls: TOPI.exe2
Berichtskennung: TOPI.exe3

Error: (01/11/2015 04:52:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOPI.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
  at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
  at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
  at System.Configuration.ConfigurationManager.GetSection(System.String)
  at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
  at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
  at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
  at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
  at System.Configuration.SettingsBase.get_Item(System.String)
  at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
  at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
  at Humphrey.Core.createUpdateTimer(Int32)
  at Humphrey.Core..ctor(Humphrey.App)
  at Humphrey.App.Main(System.String[])

Error: (01/11/2015 04:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 02:00:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TOPI.exe, Version: 4.1.0.0, Zeitstempel: 0x4dd0ba7a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x13ec
Startzeit der fehlerhaften Anwendung: 0xTOPI.exe0
Pfad der fehlerhaften Anwendung: TOPI.exe1
Pfad des fehlerhaften Moduls: TOPI.exe2
Berichtskennung: TOPI.exe3

Error: (01/09/2015 02:00:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOPI.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
  at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
  at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
  at System.Configuration.ConfigurationManager.GetSection(System.String)
  at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
  at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
  at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
  at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
  at System.Configuration.SettingsBase.get_Item(System.String)
  at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
  at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
  at Humphrey.Core.createUpdateTimer(Int32)
  at Humphrey.Core..ctor(Humphrey.App)
  at Humphrey.App.Main(System.String[])

Error: (01/06/2015 00:23:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 00:20:30 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070013, Das Medium ist schreibgeschützt.
.

Error: (01/06/2015 00:20:30 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070013, Das Medium ist schreibgeschützt.
]

Error: (01/06/2015 00:20:29 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x800705aa, Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.
]

Error: (01/05/2015 11:28:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/11/2015 05:47:04 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (01/11/2015 05:24:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.191.1866.0)

Error: (01/11/2015 05:13:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}

Error: (01/11/2015 05:12:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3013126)

Error: (01/11/2015 05:12:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2993958)

Error: (01/09/2015 02:09:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/09/2015 02:00:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (01/09/2015 01:58:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (01/08/2015 07:25:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (01/06/2015 00:20:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (01/11/2015 04:52:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TOPI.exe4.1.0.04dd0ba7aKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d13b001d02db68a42ed90C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exeC:\Windows\system32\KERNELBASE.dlle4cd8f1f-99a9-11e4-99e7-e89a8fdfc463

Error: (01/11/2015 04:52:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOPI.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
  at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
  at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
  at System.Configuration.ConfigurationManager.GetSection(System.String)
  at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
  at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
  at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
  at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
  at System.Configuration.SettingsBase.get_Item(System.String)
  at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
  at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
  at Humphrey.Core.createUpdateTimer(Int32)
  at Humphrey.Core..ctor(Humphrey.App)
  at Humphrey.App.Main(System.String[])

Error: (01/11/2015 04:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 02:00:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TOPI.exe4.1.0.04dd0ba7aKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d13ec01d02c0c1905aa41C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exeC:\Windows\system32\KERNELBASE.dll851b0ea4-97ff-11e4-bd80-e89a8fdfc463

Error: (01/09/2015 02:00:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOPI.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
  at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
  at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
  at System.Configuration.ConfigurationManager.GetSection(System.String)
  at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
  at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
  at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
  at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
  at System.Configuration.SettingsBase.get_Item(System.String)
  at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
  at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
  at Humphrey.Core.createUpdateTimer(Int32)
  at Humphrey.Core..ctor(Humphrey.App)
  at Humphrey.App.Main(System.String[])

Error: (01/06/2015 00:23:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 00:20:30 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070013, Das Medium ist schreibgeschützt.

Error: (01/06/2015 00:20:30 AM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, Das Medium ist schreibgeschützt.

Error: (01/06/2015 00:20:29 AM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800705aa, Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Error: (01/05/2015 11:28:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-06-22 18:55:22.551
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-22 18:55:22.549
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-22 18:55:22.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-22 18:55:22.534
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-22 18:54:26.634
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-22 18:54:26.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-27 18:05:30.924
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-27 18:05:30.920
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-27 18:05:30.887
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-27 18:05:30.883
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 59%
Total physical RAM: 4043.86 MB
Available physical RAM: 1645.49 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 5389.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.34 GB) (Free:4.74 GB) NTFS
Drive d: (Data) (Fixed) (Total:233.03 GB) (Free:207.99 GB) NTFS
Drive e: (HP EN4500) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:3.7 GB) (Free:3.4 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3C96D6C9)
Partition 1: (Active) - (Size=399 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Ich hoffe das stimmt jetzt so.

Avast läuft übrigens grade durch und hat schon wieder was gefunden.. -.-

schrauber 11.01.2015 20:58
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Firefox Packages

    Optimizer Pro v3.2

    Snap.Do Engine

    WindowsMangerProtect20.0.0.1013 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Pjonga 12.01.2015 09:03
Gut, bisher hat alles super geklappt, du bist mein Held.:applaus:
Jetzt hat der Dau aber ne Frage...

Wie deaktiviere ich Avast?

Pjonga

PS: Der Uninstaller hat übrigens bei dem WindowsManager gemotzt, es dann aber doch deinstalliert.. *mmmh*

Hab es jetzt für den Moment einfach deinstalliert.

Code:
ComboFix 15-01-08.01 - Bianca 11.01.2015  22:18:28.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4044.1689 [GMT 1:00]
ausgeführt von:: c:\users\Bianca\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\programdata\1375169169.bdinstall.bin
c:\programdata\1391168905.bdinstall.bin
c:\programdata\1391169297.bdinstall.bin
c:\programdata\1412964702.bdinstall.bin
c:\programdata\53iR3BfO.exe.b
c:\programdata\53iR3BfO.exe_.b
c:\users\Bianca\AppData\Local\dsisetup40544032.exe
c:\users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk
c:\users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk\233\background.html
c:\users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk\233\content.js
c:\users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk\233\lsdb.js
c:\users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk\233\manifest.json
c:\users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk\233\puE.js
c:\users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmbdmchmkmjamopihbpmnknbkflciolk_0.localstorage-journal
c:\users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmbdmchmkmjamopihbpmnknbkflciolk_0.localstorage
c:\users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-11 bis 2015-01-11  ))))))))))))))))))))))))))))))
.
.
2015-01-11 21:28 . 2015-01-11 21:28        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-11 21:16 . 2015-01-11 21:16        --------        d-sh--w-        c:\users\Bianca\AppData\Local\EmieBrowserModeList
2015-01-11 21:06 . 2015-01-11 21:06        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1908F15-D097-4C50-8619-C097746B3409}\offreg.dll
2015-01-11 20:58 . 2015-01-11 20:58        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-01-11 17:28 . 2015-01-11 17:44        --------        d-----w-        C:\FRST
2015-01-11 16:35 . 2014-12-15 03:13        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1908F15-D097-4C50-8619-C097746B3409}\mpengine.dll
2015-01-05 23:20 . 2015-01-05 23:20        0        ----a-w-        c:\windows\SysWow64\shoF930.tmp
2015-01-05 23:19 . 2015-01-05 23:19        --------        d-----w-        c:\windows\system32\appraiser
2015-01-05 22:33 . 2015-01-11 21:10        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-05 22:32 . 2015-01-05 22:32        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-05 22:32 . 2015-01-05 22:32        --------        d-----w-        c:\programdata\Malwarebytes
2015-01-05 22:32 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-01-05 22:32 . 2014-11-21 05:14        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-01-05 22:32 . 2014-11-21 05:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-01-05 22:20 . 2014-07-07 02:06        24576        ----a-w-        c:\windows\system32\mfpmp.exe
2015-01-05 22:20 . 2014-07-07 02:02        2048        ----a-w-        c:\windows\system32\mferror.dll
2015-01-05 22:20 . 2014-07-07 01:37        2048        ----a-w-        c:\windows\SysWow64\mferror.dll
2015-01-05 22:20 . 2014-07-07 02:06        55808        ----a-w-        c:\windows\system32\rrinstaller.exe
2015-01-05 22:20 . 2014-07-07 01:39        23040        ----a-w-        c:\windows\SysWow64\mfpmp.exe
2015-01-05 22:20 . 2014-10-18 01:33        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2015-01-05 22:20 . 2014-07-07 02:06        206848        ----a-w-        c:\windows\system32\mfps.dll
2015-01-05 22:20 . 2014-07-07 01:40        103424        ----a-w-        c:\windows\SysWow64\mfps.dll
2015-01-05 22:20 . 2014-07-07 01:39        50176        ----a-w-        c:\windows\SysWow64\rrinstaller.exe
2015-01-05 22:20 . 2014-10-18 02:05        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-12-22 16:21 . 2014-07-17 02:07        3722240        ----a-w-        c:\windows\system32\mstscax.dll
2014-12-22 16:21 . 2014-07-17 01:39        3221504        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-12-22 16:21 . 2014-07-17 02:07        1118720        ----a-w-        c:\windows\system32\mstsc.exe
2014-12-22 16:21 . 2014-07-17 02:07        235520        ----a-w-        c:\windows\system32\winsta.dll
2014-12-22 16:21 . 2014-07-17 02:07        150528        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2014-12-22 16:21 . 2014-07-17 02:07        455168        ----a-w-        c:\windows\system32\winlogon.exe
2014-12-22 16:21 . 2014-07-17 01:40        157696        ----a-w-        c:\windows\SysWow64\winsta.dll
2014-12-22 16:21 . 2014-07-17 01:39        131584        ----a-w-        c:\windows\SysWow64\aaclient.dll
2014-12-22 16:21 . 2014-07-17 01:39        1051136        ----a-w-        c:\windows\SysWow64\mstsc.exe
2014-12-22 16:21 . 2014-07-17 01:21        212480        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2014-12-22 16:21 . 2014-07-17 01:21        39936        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2014-12-22 16:19 . 2014-11-11 01:46        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-12-22 16:18 . 2014-11-22 02:41        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-12-22 16:17 . 2014-10-14 02:12        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-12-22 16:16 . 2014-10-03 02:12        2020352        ----a-w-        c:\windows\system32\WsmSvc.dll
2014-12-22 16:16 . 2014-10-03 01:45        1177088        ----a-w-        c:\windows\SysWow64\WsmSvc.dll
2014-12-22 16:16 . 2014-10-03 02:12        310272        ----a-w-        c:\windows\system32\WsmWmiPl.dll
2014-12-22 16:16 . 2014-10-03 02:12        346624        ----a-w-        c:\windows\system32\WSManMigrationPlugin.dll
2014-12-22 16:16 . 2014-10-03 02:11        266240        ----a-w-        c:\windows\system32\WSManHTTPConfig.exe
2014-12-22 16:16 . 2014-10-03 02:12        181248        ----a-w-        c:\windows\system32\WsmAuto.dll
2014-12-22 16:16 . 2014-10-03 01:45        248832        ----a-w-        c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-22 16:16 . 2014-10-03 01:45        214016        ----a-w-        c:\windows\SysWow64\WsmWmiPl.dll
2014-12-22 16:16 . 2014-10-03 01:45        145920        ----a-w-        c:\windows\SysWow64\WsmAuto.dll
2014-12-22 16:16 . 2014-10-03 01:44        198656        ----a-w-        c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-22 16:16 . 2014-10-25 01:57        77824        ----a-w-        c:\windows\system32\packager.dll
2014-12-22 16:16 . 2014-10-25 01:32        67584        ----a-w-        c:\windows\SysWow64\packager.dll
2014-12-22 16:16 . 2014-10-10 00:57        3198976        ----a-w-        c:\windows\system32\win32k.sys
2014-12-22 16:14 . 2014-10-14 02:13        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-12-22 16:14 . 2014-10-14 01:50        2363904        ----a-w-        c:\windows\SysWow64\msi.dll
2014-12-22 16:14 . 2014-12-22 16:14        --------        d-----w-        c:\program files (x86)\predm
2014-12-22 16:13 . 2014-10-18 02:05        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-12-22 16:13 . 2014-10-18 01:33        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-12-22 15:52 . 2014-12-22 15:54        --------        d-----w-        c:\programdata\fa71065cd11074ce
2014-12-22 15:50 . 2014-10-13 05:57        206080        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2014-12-22 15:50 . 2014-10-13 05:57        110336        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2014-12-22 15:39 . 2014-12-22 15:39        --------        d--h--w-        c:\users\Bianca\AppData\Roaming\GoldenGate
2014-12-22 15:38 . 2014-12-22 15:45        --------        d-----w-        c:\users\Bianca\AppData\Roaming\Gameo
2014-12-22 15:21 . 2014-04-30 18:43        144664        ----a-w-        c:\windows\SysWow64\secman.dll
2014-12-22 15:21 . 2014-04-30 18:43        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll
2014-12-16 07:59 . 2014-12-16 07:59        --------        d-----w-        c:\users\Bianca\AppData\Roaming\dlg
2014-12-16 07:55 . 2015-01-05 23:10        --------        d-----w-        c:\users\Bianca\AppData\Roaming\InetStat
2014-12-16 07:53 . 2014-12-15 11:51        358736        ----a-w-        c:\windows\system32\LavasoftTcpService64.dll
2014-12-16 07:53 . 2014-12-15 11:51        312424        ----a-w-        c:\windows\SysWow64\LavasoftTcpService.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 03:36 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-22 15:08 . 2013-07-30 19:30        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 15:08 . 2013-07-30 19:30        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-15 18:42 . 2014-10-15 18:42        43152        ----a-w-        c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-25 05:51        220632        ----a-w-        c:\users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-25 05:51        220632        ----a-w-        c:\users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-25 05:51        220632        ----a-w-        c:\users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-06-14 843568]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]
"HP ENVY 4500 series (NET)"="c:\program files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" [2014-03-06 3487240]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-06-14 310064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-10 296056]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-06-14 310064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - aswHwid
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-14 08:45        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-30 15:08]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 19:33]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 19:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-25 05:51        244696        ----a-w-        c:\users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-25 05:51        244696        ----a-w-        c:\users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-25 05:51        244696        ----a-w-        c:\users\Bianca\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-03 150992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = www.google.com
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-pdiface - c:\program files\Bitdefender\60-Second Virus Scanner\pdiface.exe
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{84c104ae-2ef1-4e7c-bfe6-5b2fcbecccb0} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
AddRemove-Free Audio CD to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-11  22:32:23
ComboFix-quarantined-files.txt  2015-01-11 21:32
.
Vor Suchlauf: 1.089.126.400 Bytes frei
Nach Suchlauf: 6.623.813.632 Bytes frei
.
- - End Of File - - 7B4A6EA74A963AACF832F61AB9AACC02
So, hoffe das hilft dir weiter.

Danke Pjonga

Gute Nacht

Morgen!

Gestern hatte ich noch etwas über 6GB Speicher, nachdem ich die Anwendungen deinstalliert habe und nun sind es wieder nur 5,77... *seufz*

schrauber 12.01.2015 09:41
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Pjonga 12.01.2015 19:03
Oh man, da hat mein Läppi sich ja was eingefangen. Speicher übrigens bis auf 5,72 GB runter..
Und nun die Logs für dich lieber Schrauber.

MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 12.01.2015
Suchlauf-Zeit: 18:03:26
Logdatei: Log MBAM 12.01.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.11.11
Rootkit Datenbank: v2015.01.07.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Bianca

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 359160
Verstrichene Zeit: 28 Min, 28 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner
Code:
# AdwCleaner v4.107 - Bericht erstellt am 12/01/2015 um 18:37:13
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-11.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Bianca - BIANCA-TOSH
# Gestartet von : C:\Users\Bianca\Downloads\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\SearchProtect
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\fa71065cd11074ce
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Fortunitas
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Bianca\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Bianca\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Bianca\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Bianca\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Bianca\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Bianca\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Bianca\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Bianca\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Bianca\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Bianca\AppData\Roaming\Gameo
Ordner Gelöscht : C:\Users\Bianca\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Bianca\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Bianca\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Bianca\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\Extensions\toolbar@web.de
Ordner Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjhadegcbgjbgkidapllmhdfncbkpli
Ordner Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Ordner Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf
[/!\] Nicht Gelöscht ( Junction ) : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjhadegcbgjbgkidapllmhdfncbkpli
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Bianca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BoBrowser.lnk
Datei Gelöscht : C:\Users\Bianca\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\Bianca\Desktop\Facebook.lnk
Datei Gelöscht : C:\Users\Bianca\Desktop\Youtube.lnk
Datei Gelöscht : C:\Users\Bianca\Desktop\BoBrowser.lnk
Datei Gelöscht : C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deutsch.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_sb.scorecardresearch.com_0.localstorage
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
Datei Gelöscht : C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage

***** [ Tasks ] *****

Task Gelöscht : Run_Bobby_Browser
Task Gelöscht : Voo Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{934DDF3A-F55B-438F-B805-4C0403660F1E}]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\kppnoegbbaphhibbpdojjiehofchhdgk
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kppnoegbbaphhibbpdojjiehofchhdgk
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\oolkekjjhnaeaahibbnfebmogackofpf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oolkekjjhnaeaahibbnfebmogackofpf
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\e4dad0b73be449
Schlüssel Gelöscht : HKLM\SOFTWARE\e4dad0b73be449
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3279453
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Blabbers     
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\PennyBee
Schlüssel Gelöscht : HKCU\Software\Tbccint_HKLM
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\gameo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]

-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[nbxita3o.default\prefs.js] - Zeile gelöscht : user_pref("extensions.aOGIFYCBT57386220PWWPF86744com62050.62050.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A[...]
[nbxita3o.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[nbxita3o.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);

-\\ Google Chrome v39.0.2171.95

[C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=DE&userid=6f25a4b2-bebc-182e-a4b7-9bf17233b0c0&searchtype=ds&q={searchTerms}&installDate=08/02/2014
[C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322197&octid=EB_ORIGINAL_CTID&ISID=M45DF419D-2A64-4A47-B21D-FD6A4D2E78ED&SearchSource=58&CUI=&UM=8&UP=SPA795086A-524E-40DA-A18E-D169CEA86106&q={searchTerms}&SSPV=
[C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322197&octid=EB_ORIGINAL_CTID&ISID=M45DF419D-2A64-4A47-B21D-FD6A4D2E78ED&SearchSource=58&CUI=&UM=8&UP=SPA795086A-524E-40DA-A18E-D169CEA86106&q={searchTerms}&SSPV=
[C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=DE&userid=6f25a4b2-bebc-182e-a4b7-9bf17233b0c0&searchtype=ds&q={searchTerms}&installDate=08/02/2014
[C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_52_ie&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0D0F0CyEyCtAtAyBzzzztN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAtA0FtByDzz0E0FtGyB0AtByDtG0CtBtBtBtGyByDyC0BtGtDyE0C0ByCyDtDyDzyzzyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0C0EtDzztBzztGyE0ByB0FtGyEyB0CyCtG0B0DtDyEtG0AyDyCtDtB0DyByDtDzzyC0A2Q&cr=122638340&ir=
[C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_52_ie&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0D0F0CyEyCtAtAyBzzzztN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAtA0FtByDzz0E0FtGyB0AtByDtG0CtBtBtBtGyByDyC0BtGtDyE0C0ByCyDtDyDzyzzyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0C0EtDzztBzztGyE0ByB0FtGyEyB0CyCtG0B0DtDyEtG0AyDyCtDtB0DyByDtDzzyC0A2Q&cr=122638340&ir=

*************************

AdwCleaner[R0].txt - [16869 octets] - [12/01/2015 18:34:57]
AdwCleaner[S0].txt - [15782 octets] - [12/01/2015 18:37:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15843 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bianca on 12.01.2015 at 18:43:01,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}



~~~ Files

Successfully deleted: [File] "C:\Users\Bianca\appdata\local\google\chrome\user data\default\local storage\http_client.conduit-storage.com_0.localstorage"
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Bianca\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Bianca\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Bianca\appdata\local\{0E73C217-5A48-4A5A-9566-030D295A5542}
Successfully deleted: [Empty Folder] C:\Users\Bianca\appdata\local\{9387F1F7-609E-4215-A10E-AC528D702EFB}
Successfully deleted: [Empty Folder] C:\Users\Bianca\appdata\local\{C14B8F7F-1ED4-422D-9FA2-88CC537248DF}



~~~ FireFox

Emptied folder: C:\Users\Bianca\AppData\Roaming\mozilla\firefox\profiles\nbxita3o.default\minidumps [97 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.01.2015 at 18:48:27,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

uuuund den neusten Log des FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Bianca (administrator) on BIANCA-TOSH on 12-01-2015 18:57:04
Running from C:\Users\Bianca\Downloads
Loaded Profile: Bianca (Available profiles: Bianca)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-06-10] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-14] (Samsung)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-03] (Google Inc.)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2661352464-3399069233-14347418-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: No Name -> {09F58E74-42B4-4D70-BA26-35FC954E7A17} ->  No File
BHO: No Name -> {84c104ae-2ef1-4e7c-bfe6-5b2fcbecccb0} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\webde-suche.xml
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-10]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-08-01]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-08-16] (Intel Corporation)
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 18:48 - 2015-01-12 18:48 - 00002376 _____ () C:\Users\Bianca\Desktop\JRT.txt
2015-01-12 18:42 - 2015-01-12 18:42 - 01707939 _____ (Thisisu) C:\Users\Bianca\Downloads\JRT.exe
2015-01-12 18:42 - 2015-01-12 18:42 - 00000000 ____D () C:\Windows\ERUNT
2015-01-12 18:34 - 2015-01-12 18:37 - 00000000 ____D () C:\AdwCleaner
2015-01-12 18:33 - 2015-01-12 18:50 - 00000000 ____D () C:\Users\Bianca\Documents\Trojaner Board
2015-01-12 18:05 - 2015-01-12 18:05 - 02191360 _____ () C:\Users\Bianca\Downloads\AdwCleaner_4.107.exe
2015-01-11 22:32 - 2015-01-11 22:32 - 00027678 _____ () C:\ComboFix.txt
2015-01-11 22:16 - 2015-01-11 22:16 - 00000000 __SHD () C:\Users\Bianca\AppData\Local\EmieBrowserModeList
2015-01-11 22:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-11 22:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-11 22:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-11 22:13 - 2015-01-11 22:32 - 00000000 ____D () C:\Qoobox
2015-01-11 22:12 - 2015-01-11 22:30 - 00000000 ____D () C:\Windows\erdnt
2015-01-11 22:07 - 2015-01-11 22:07 - 05609736 ____R (Swearware) C:\Users\Bianca\Downloads\ComboFix.exe
2015-01-11 21:58 - 2015-01-11 21:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bianca\Downloads\revosetup95.exe
2015-01-11 21:58 - 2015-01-11 21:58 - 00001231 _____ () C:\Users\Bianca\Desktop\Revo Uninstaller.lnk
2015-01-11 21:58 - 2015-01-11 21:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-11 18:31 - 2015-01-11 18:44 - 00044446 _____ () C:\Users\Bianca\Downloads\Addition.txt
2015-01-11 18:29 - 2015-01-12 18:57 - 00022498 _____ () C:\Users\Bianca\Downloads\FRST.txt
2015-01-11 18:28 - 2015-01-12 18:57 - 00000000 ____D () C:\FRST
2015-01-11 18:28 - 2015-01-11 18:28 - 02124288 _____ (Farbar) C:\Users\Bianca\Downloads\FRST64.exe
2015-01-11 18:27 - 2015-01-11 18:27 - 01115648 _____ (Farbar) C:\Users\Bianca\Downloads\FRST.exe
2015-01-11 16:52 - 2015-01-12 18:39 - 00003348 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2661352464-3399069233-14347418-1001
2015-01-06 00:20 - 2015-01-06 00:20 - 00000000 _____ () C:\Windows\SysWOW64\shoF930.tmp
2015-01-06 00:19 - 2015-01-06 00:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-05 23:33 - 2015-01-12 18:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 23:32 - 2015-01-05 23:32 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 23:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 23:32 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 23:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 23:30 - 2015-01-05 23:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bianca\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-05 23:30 - 2015-01-05 23:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bianca\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 23:20 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-05 23:20 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-05 23:20 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-05 23:20 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-05 23:20 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-05 23:20 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-05 23:20 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-05 23:20 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-05 23:20 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-05 23:20 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-04 15:56 - 2015-01-04 15:56 - 00002282 _____ () C:\Users\Bianca\Desktop\Wikipedia.lnk
2015-01-04 15:56 - 2015-01-04 15:56 - 00002276 _____ () C:\Users\Bianca\Desktop\Hotmail.lnk
2015-01-04 15:56 - 2015-01-04 15:56 - 00002270 _____ () C:\Users\Bianca\Desktop\Amazon.lnk
2014-12-29 17:34 - 2014-12-29 17:45 - 00003282 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2661352464-3399069233-14347418-1001
2014-12-29 17:22 - 2015-01-12 17:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-12-22 17:39 - 2014-12-22 17:39 - 00000001 _____ () C:\Users\Bianca\AppData\Local\DSI.DAT
2014-12-22 17:21 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-22 17:21 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-22 17:21 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-22 17:21 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-22 17:21 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-22 17:21 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-22 17:21 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-22 17:21 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-22 17:21 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-22 17:21 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-22 17:21 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-22 17:20 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-22 17:20 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-22 17:20 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-22 17:20 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-22 17:20 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-22 17:20 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-22 17:20 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-22 17:20 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-22 17:19 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-22 17:19 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-22 17:19 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-22 17:19 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-22 17:19 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-22 17:19 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-22 17:19 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-22 17:19 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-22 17:19 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-22 17:19 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-22 17:19 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-22 17:19 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-22 17:19 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-22 17:19 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-22 17:19 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-22 17:19 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-22 17:19 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-22 17:19 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-22 17:19 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-22 17:19 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-22 17:19 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-22 17:19 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-22 17:19 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-22 17:19 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-22 17:19 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-22 17:19 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-22 17:19 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-22 17:19 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-22 17:19 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-22 17:19 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-22 17:19 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-22 17:19 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-22 17:19 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-22 17:19 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-22 17:19 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-22 17:19 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-22 17:19 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-22 17:19 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-22 17:19 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-22 17:19 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-22 17:19 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-22 17:19 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-22 17:19 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-22 17:19 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-22 17:19 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-22 17:19 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-22 17:18 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-22 17:18 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-22 17:18 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-22 17:18 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-22 17:18 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-22 17:18 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 17:18 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-22 17:18 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-22 17:18 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-22 17:18 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-22 17:18 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-22 17:18 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-22 17:18 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-22 17:18 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-22 17:18 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-22 17:18 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-22 17:18 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-22 17:18 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-22 17:18 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-22 17:17 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-22 17:17 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-22 17:17 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-22 17:17 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-22 17:17 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-22 17:17 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-22 17:17 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-22 17:17 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-22 17:17 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-22 17:17 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-22 17:17 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-22 17:17 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-22 17:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-22 17:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-22 17:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-22 17:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-22 17:17 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-22 17:17 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-22 17:16 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-22 17:16 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-22 17:16 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-22 17:16 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-22 17:16 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-22 17:16 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-22 17:16 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-22 17:16 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-22 17:16 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-22 17:16 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-22 17:16 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-22 17:16 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-22 17:16 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-22 17:14 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-22 17:14 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-22 17:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-22 17:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-22 16:51 - 2014-12-22 16:51 - 00001936 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-12-22 16:51 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bianca\Documents\SelfMV
2014-12-22 16:50 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-12-22 16:50 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-12-22 16:39 - 2014-12-22 16:39 - 00000000 ___HD () C:\Users\Bianca\AppData\Roaming\GoldenGate
2014-12-22 16:38 - 2014-12-22 16:38 - 00000172 _____ () C:\Users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-12-22 16:36 - 2014-12-22 16:36 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-22 16:25 - 2014-12-22 16:25 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-12-22 16:24 - 2014-12-22 16:24 - 00001969 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-12-22 16:21 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-12-22 16:21 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-12-16 08:59 - 2014-12-16 08:59 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\dlg
2014-12-16 08:53 - 2014-12-16 08:53 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-16 08:53 - 2014-12-16 08:53 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-16 08:53 - 2014-12-16 08:53 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-16 08:53 - 2014-12-15 12:51 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-16 08:53 - 2014-12-15 12:51 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 18:48 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 18:48 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 18:44 - 2011-08-03 11:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 18:39 - 2014-10-02 16:04 - 00003216 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2661352464-3399069233-14347418-1001
2015-01-12 18:38 - 2012-10-23 11:25 - 01441482 _____ () C:\Windows\PFRO.log
2015-01-12 18:38 - 2012-08-31 15:45 - 00105414 _____ () C:\Windows\setupact.log
2015-01-12 18:38 - 2011-08-03 11:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 18:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 18:37 - 2013-07-30 20:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 18:37 - 2011-09-24 15:29 - 02011734 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 22:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-11 22:02 - 2013-07-30 09:51 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C
2015-01-11 19:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-11 19:09 - 2014-09-28 17:22 - 00000000 ____D () C:\Program Files (x86)\reaConverter 7 Standard
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 00:22 - 2009-07-14 05:45 - 00267816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 00:21 - 2014-07-01 21:26 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-01-06 00:19 - 2014-05-10 20:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-06 00:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-06 00:10 - 2012-11-23 21:25 - 00000000 ____D () C:\Users\Bianca\Spiele
2015-01-05 23:29 - 2014-10-31 16:29 - 00000166 _____ () C:\Users\Bianca\AppData\Roaming\WB.CFG
2015-01-04 15:58 - 2011-02-11 09:21 - 06870524 _____ () C:\Windows\system32\perfh007.dat
2015-01-04 15:58 - 2011-02-11 09:21 - 02126726 _____ () C:\Windows\system32\perfc007.dat
2015-01-04 15:58 - 2009-07-14 06:13 - 00006484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 15:56 - 2014-05-10 16:27 - 00002272 _____ () C:\Users\Bianca\Desktop\Search.lnk
2015-01-04 15:55 - 2014-07-01 22:19 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-04 15:54 - 2012-08-05 18:25 - 00000000 ____D () C:\Program Files (x86)\OXXOGames
2014-12-29 18:15 - 2014-11-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-29 17:48 - 2013-07-30 09:52 - 00001142 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-29 17:48 - 2013-07-30 09:52 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-29 17:22 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-29 17:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-22 16:56 - 2012-02-13 17:23 - 00000000 ____D () C:\Users\Bianca\Documents\samsung
2014-12-22 16:51 - 2012-02-13 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-22 16:49 - 2012-02-13 17:19 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Samsung
2014-12-22 16:49 - 2011-08-03 10:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 16:48 - 2012-02-13 17:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-22 16:25 - 2012-02-13 17:23 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Samsung
2014-12-22 16:24 - 2012-02-13 17:22 - 00001959 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-12-22 16:20 - 2012-02-13 17:19 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-22 16:17 - 2012-02-13 17:17 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Downloaded Installations
2014-12-22 16:08 - 2013-07-30 20:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-22 16:08 - 2013-07-30 20:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-22 16:08 - 2013-07-30 20:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\3snJjsU.dat


Some content of TEMP:
====================
C:\Users\Bianca\AppData\Local\Temp\Quarantine.exe
C:\Users\Bianca\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 04:09

==================== End Of Log ============================
--- --- ---


Danke dir.

Pjonga

schrauber 12.01.2015 20:40

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Pjonga 12.01.2015 23:19
Öhm.. warum soll ich andere Wechseldatenträger anschließen?
(Mal blöd frage)
:wtf::blabla:

Ich habe ein wenig Angst. Eset ist nun seit 47 Minuten dran, hat schon 9 Bedrohungen gefunden und ist erst bei 28%.. *schluck*

Ich verstehe ja nicht viel von dem was du tust, aber eins weiß ich. Was der Security Check mir da sagt ist NICHT gut... :heulen::heulen::heulen::heulen::heulen::heulen:

Wie gewünscht nun die Logs.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b43589c10a56754e8689afa35832ff1a
# engine=21932
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-12 10:01:50
# local_time=2015-01-12 11:01:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 15901 172729960 0 0
# scanned=224894
# found=9
# cleaned=0
# scan_time=6704
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk\233\lsdb.js.vir"
sh=EF41C121F571860B7F54573B659747EEF7E0E70F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk\233\puE.js.vir"
sh=15779A83152DB723FC94C3A9C1D054CC55E88414 ft=1 fh=68ba20b51425ebf1 vn="Variante von Win32/Toolbar.Funmoods.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bianca\Downloads\agsetup183se.exe"
sh=7E2D6ECE2E74BF74BDE2D7D0D66EA9FA0EFB65C5 ft=1 fh=d8b24a2eee5b8eea vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bianca\Downloads\dffsetup-d3dx9_43.exe"
sh=F7C72C5EC5334C58465B8A4257978531B19C4098 ft=1 fh=0ab1d01b6bb0271d vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bianca\Downloads\FreeYouTubeDownload_3.2.1.320.exe"

Security Check
Code:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Bianca (administrator) on BIANCA-TOSH on 12-01-2015 18:57:04
Running from C:\Users\Bianca\Downloads
Loaded Profile: Bianca (Available profiles: Bianca)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-06-10] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-14] (Samsung)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-03] (Google Inc.)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bianca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2661352464-3399069233-14347418-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2661352464-3399069233-14347418-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: No Name -> {09F58E74-42B4-4D70-BA26-35FC954E7A17} ->  No File
BHO: No Name -> {84c104ae-2ef1-4e7c-bfe6-5b2fcbecccb0} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM-x32 - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2661352464-3399069233-14347418-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\nbxita3o.default\searchplugins\webde-suche.xml
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-10]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Bianca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-08-01]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-08-16] (Intel Corporation)
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 18:48 - 2015-01-12 18:48 - 00002376 _____ () C:\Users\Bianca\Desktop\JRT.txt
2015-01-12 18:42 - 2015-01-12 18:42 - 01707939 _____ (Thisisu) C:\Users\Bianca\Downloads\JRT.exe
2015-01-12 18:42 - 2015-01-12 18:42 - 00000000 ____D () C:\Windows\ERUNT
2015-01-12 18:34 - 2015-01-12 18:37 - 00000000 ____D () C:\AdwCleaner
2015-01-12 18:33 - 2015-01-12 18:50 - 00000000 ____D () C:\Users\Bianca\Documents\Trojaner Board
2015-01-12 18:05 - 2015-01-12 18:05 - 02191360 _____ () C:\Users\Bianca\Downloads\AdwCleaner_4.107.exe
2015-01-11 22:32 - 2015-01-11 22:32 - 00027678 _____ () C:\ComboFix.txt
2015-01-11 22:16 - 2015-01-11 22:16 - 00000000 __SHD () C:\Users\Bianca\AppData\Local\EmieBrowserModeList
2015-01-11 22:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-11 22:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-11 22:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-11 22:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-11 22:13 - 2015-01-11 22:32 - 00000000 ____D () C:\Qoobox
2015-01-11 22:12 - 2015-01-11 22:30 - 00000000 ____D () C:\Windows\erdnt
2015-01-11 22:07 - 2015-01-11 22:07 - 05609736 ____R (Swearware) C:\Users\Bianca\Downloads\ComboFix.exe
2015-01-11 21:58 - 2015-01-11 21:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bianca\Downloads\revosetup95.exe
2015-01-11 21:58 - 2015-01-11 21:58 - 00001231 _____ () C:\Users\Bianca\Desktop\Revo Uninstaller.lnk
2015-01-11 21:58 - 2015-01-11 21:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-11 18:31 - 2015-01-11 18:44 - 00044446 _____ () C:\Users\Bianca\Downloads\Addition.txt
2015-01-11 18:29 - 2015-01-12 18:57 - 00022498 _____ () C:\Users\Bianca\Downloads\FRST.txt
2015-01-11 18:28 - 2015-01-12 18:57 - 00000000 ____D () C:\FRST
2015-01-11 18:28 - 2015-01-11 18:28 - 02124288 _____ (Farbar) C:\Users\Bianca\Downloads\FRST64.exe
2015-01-11 18:27 - 2015-01-11 18:27 - 01115648 _____ (Farbar) C:\Users\Bianca\Downloads\FRST.exe
2015-01-11 16:52 - 2015-01-12 18:39 - 00003348 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2661352464-3399069233-14347418-1001
2015-01-06 00:20 - 2015-01-06 00:20 - 00000000 _____ () C:\Windows\SysWOW64\shoF930.tmp
2015-01-06 00:19 - 2015-01-06 00:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-05 23:33 - 2015-01-12 18:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 23:32 - 2015-01-05 23:32 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 23:32 - 2015-01-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 23:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 23:32 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 23:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 23:30 - 2015-01-05 23:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bianca\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-05 23:30 - 2015-01-05 23:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bianca\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 23:20 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-05 23:20 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-05 23:20 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-05 23:20 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-05 23:20 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-05 23:20 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-05 23:20 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-05 23:20 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-05 23:20 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-05 23:20 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-04 15:56 - 2015-01-04 15:56 - 00002282 _____ () C:\Users\Bianca\Desktop\Wikipedia.lnk
2015-01-04 15:56 - 2015-01-04 15:56 - 00002276 _____ () C:\Users\Bianca\Desktop\Hotmail.lnk
2015-01-04 15:56 - 2015-01-04 15:56 - 00002270 _____ () C:\Users\Bianca\Desktop\Amazon.lnk
2014-12-29 17:34 - 2014-12-29 17:45 - 00003282 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2661352464-3399069233-14347418-1001
2014-12-29 17:22 - 2015-01-12 17:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-12-22 17:39 - 2014-12-22 17:39 - 00000001 _____ () C:\Users\Bianca\AppData\Local\DSI.DAT
2014-12-22 17:21 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-22 17:21 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-22 17:21 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-22 17:21 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-22 17:21 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-22 17:21 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-22 17:21 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-22 17:21 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-22 17:21 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-22 17:21 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-22 17:21 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-22 17:20 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-22 17:20 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-22 17:20 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-22 17:20 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-22 17:20 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-22 17:20 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-22 17:20 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-22 17:20 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-22 17:20 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-22 17:20 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-22 17:20 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-22 17:20 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-22 17:19 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-22 17:19 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-22 17:19 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-22 17:19 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-22 17:19 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-22 17:19 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-22 17:19 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-22 17:19 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-22 17:19 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-22 17:19 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-22 17:19 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-22 17:19 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-22 17:19 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-22 17:19 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-22 17:19 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-22 17:19 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-22 17:19 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-22 17:19 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-22 17:19 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-22 17:19 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-22 17:19 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-22 17:19 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-22 17:19 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-22 17:19 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-22 17:19 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-22 17:19 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-22 17:19 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-22 17:19 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-22 17:19 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-22 17:19 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-22 17:19 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-22 17:19 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-22 17:19 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-22 17:19 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-22 17:19 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-22 17:19 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-22 17:19 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-22 17:19 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-22 17:19 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-22 17:19 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-22 17:19 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-22 17:19 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-22 17:19 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-22 17:19 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-22 17:19 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-22 17:19 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-22 17:18 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-22 17:18 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-22 17:18 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-22 17:18 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-22 17:18 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-22 17:18 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 17:18 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-22 17:18 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-22 17:18 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-22 17:18 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-22 17:18 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-22 17:18 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-22 17:18 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-22 17:18 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-22 17:18 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-22 17:18 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-22 17:18 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-22 17:18 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-22 17:18 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-22 17:17 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-22 17:17 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-22 17:17 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-22 17:17 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-22 17:17 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-22 17:17 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-22 17:17 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-22 17:17 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-22 17:17 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-22 17:17 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-22 17:17 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-22 17:17 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-22 17:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-22 17:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-22 17:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-22 17:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-22 17:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-22 17:17 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-22 17:17 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-22 17:16 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-22 17:16 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-22 17:16 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-22 17:16 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-22 17:16 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-22 17:16 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-22 17:16 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-22 17:16 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-22 17:16 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-22 17:16 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-22 17:16 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-22 17:16 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-22 17:16 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-22 17:14 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-22 17:14 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-22 17:13 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-22 17:13 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-22 16:51 - 2014-12-22 16:51 - 00001936 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-12-22 16:51 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bianca\Documents\SelfMV
2014-12-22 16:50 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-12-22 16:50 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-12-22 16:39 - 2014-12-22 16:39 - 00000000 ___HD () C:\Users\Bianca\AppData\Roaming\GoldenGate
2014-12-22 16:38 - 2014-12-22 16:38 - 00000172 _____ () C:\Users\Bianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-12-22 16:36 - 2014-12-22 16:36 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-22 16:25 - 2014-12-22 16:25 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-12-22 16:24 - 2014-12-22 16:24 - 00001969 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-12-22 16:21 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-12-22 16:21 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-12-16 08:59 - 2014-12-16 08:59 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\dlg
2014-12-16 08:53 - 2014-12-16 08:53 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-16 08:53 - 2014-12-16 08:53 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-16 08:53 - 2014-12-16 08:53 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-16 08:53 - 2014-12-15 12:51 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-16 08:53 - 2014-12-15 12:51 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 18:48 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 18:48 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 18:44 - 2011-08-03 11:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 18:39 - 2014-10-02 16:04 - 00003216 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2661352464-3399069233-14347418-1001
2015-01-12 18:38 - 2012-10-23 11:25 - 01441482 _____ () C:\Windows\PFRO.log
2015-01-12 18:38 - 2012-08-31 15:45 - 00105414 _____ () C:\Windows\setupact.log
2015-01-12 18:38 - 2011-08-03 11:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 18:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 18:37 - 2013-07-30 20:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 18:37 - 2011-09-24 15:29 - 02011734 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 22:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-11 22:02 - 2013-07-30 09:51 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C
2015-01-11 19:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-11 19:09 - 2014-09-28 17:22 - 00000000 ____D () C:\Program Files (x86)\reaConverter 7 Standard
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 00:22 - 2009-07-14 05:45 - 00267816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 00:21 - 2014-07-01 21:26 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-01-06 00:19 - 2014-05-10 20:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-06 00:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-06 00:10 - 2012-11-23 21:25 - 00000000 ____D () C:\Users\Bianca\Spiele
2015-01-05 23:29 - 2014-10-31 16:29 - 00000166 _____ () C:\Users\Bianca\AppData\Roaming\WB.CFG
2015-01-04 15:58 - 2011-02-11 09:21 - 06870524 _____ () C:\Windows\system32\perfh007.dat
2015-01-04 15:58 - 2011-02-11 09:21 - 02126726 _____ () C:\Windows\system32\perfc007.dat
2015-01-04 15:58 - 2009-07-14 06:13 - 00006484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 15:56 - 2014-05-10 16:27 - 00002272 _____ () C:\Users\Bianca\Desktop\Search.lnk
2015-01-04 15:55 - 2014-07-01 22:19 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-04 15:54 - 2012-08-05 18:25 - 00000000 ____D () C:\Program Files (x86)\OXXOGames
2014-12-29 18:15 - 2014-11-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-29 17:48 - 2013-07-30 09:52 - 00001142 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-29 17:48 - 2013-07-30 09:52 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-29 17:22 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-29 17:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-22 16:56 - 2012-02-13 17:23 - 00000000 ____D () C:\Users\Bianca\Documents\samsung
2014-12-22 16:51 - 2012-02-13 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-22 16:49 - 2012-02-13 17:19 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Samsung
2014-12-22 16:49 - 2011-08-03 10:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 16:48 - 2012-02-13 17:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-22 16:25 - 2012-02-13 17:23 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Samsung
2014-12-22 16:24 - 2012-02-13 17:22 - 00001959 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-12-22 16:20 - 2012-02-13 17:19 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-22 16:17 - 2012-02-13 17:17 - 00000000 ____D () C:\Users\Bianca\AppData\Local\Downloaded Installations
2014-12-22 16:08 - 2013-07-30 20:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-22 16:08 - 2013-07-30 20:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-22 16:08 - 2013-07-30 20:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\3snJjsU.dat


Some content of TEMP:
====================
C:\Users\Bianca\AppData\Local\Temp\Quarantine.exe
C:\Users\Bianca\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 04:09

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 13.01.2015 09:09
Die ESET Funde sind doch schon in Quarantäne. Download Ordner leeren.
Securitycheck ist ne Zicke, einfach ignorieren :)


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Noch probleme?

Pjonga 13.01.2015 09:40
So, lieber guter Schrauber. Mein Speicher ist immer noch VOLL..bis auf 6 GB und das ist der Log den du haben wolltest. Ich weiß ehrlich gesagt nicht ob ich noch Probleme habe. Wenn ich noch mal Eset oder Avast (oder was auch immer) anschmeißen würde und der mir wieder Viren angibt, sind die dann in Quarantäne oder nicht? Müssten die dann eigentlich NICHT mehr angezeigt werden? Bin ein wenig überfordert.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015
Ran by Bianca at 2015-01-13 09:28:35 Run:1
Running from C:\Users\Bianca\Downloads
Loaded Profile: Bianca (Available profiles: Bianca)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 377.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:29:12 ====
Danke aber schonmal für die ganze Mühe die ich hier mache. *seufz*

pjonga

schrauber 13.01.2015 11:00
TreeSize Free Download
TressSize installieren und starten. Warten bis fertig analysiert ist und einen Screenshot machen, diesen hier posten.
Screenshot unter Windows erstellen - so geht's - Anleitungen

Pjonga 13.01.2015 11:13
Öhhhhhmmm... erstens danke ich dir von ganzem Herzen, ich habe eben noch gedacht das ich gerne ein Programm hätte wie das auf meinem Samung, das mir anzeigt WO wie viel GB im Speicher verbraucht sind... ohne das ich das einzeln anklicken muss..

UND.. ich hatte das Gefühl ich könne NIE so viel GB verbrauchen, aber wenn der Vater einem ständig Filme zuschießt, kriegt man wohl auch ohne Probleme 200GB voll.. :eek::wtf:

Peinlich, peinlich. :pfeiff:

Danke dir für deine Hilfe und die Zeit die du jeden Tag in solche "Pfollpfosten" wie mich investierst. :lach::bussi:

:dankeschoen::dankeschoen::dankeschoen::dankeschoen:

Schöne Grüße aus Köln nach München

pjonga

schrauber 13.01.2015 16:10
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Pjonga 13.01.2015 18:21
Eine Nachsorge, besser als bei jedem Arzt.

Ich muss immer noch lachen, weil ICH unter meinen Freunden als "der Computercrack" gelte. :rofl: Das meiste bekomme ich auch ohne große Probleme hin, aber wenn ich lese was du schreibst und sehe aus welchen Infos du meinen Läppi analysierst, ist das in etwa vergleichbar mit jemanden der im tiefsten Urwald mal ne Paste auf nen Arm schmiert und den verbindet zu einem Chirugen in einem exklusiven Krankenhaus.

Ich verstehe nur die Hälfte von dem was du da schreibst. :rofl::rofl: Aber gut, es hat funktioniert. Virenscanner kommt die Tage Kaspersky drauf, MBAM ist schon drauf und wird nun öfter benutzt, versprochen. Ich lasse ab jetzt die Finger von den einschlägigen Seiten. :zunge: Ebenso versprochen.

Windows Vista aktualisiert sich selbst. WinPatrol wird installiert, ebenso wie Delfix.

Danke für alles. Du darfst gerne hiermit schließen und dich neuen Opfern des Internets zuwenden. :zunge:

Bianca


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:00 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131