Win 8.1, 32bit: Trackid=sp-006 in jeder Google-Suche

ico0okie · 23.02.2015, 22:26

Liebes Forum,

wie im Titel erwähnt, ergänzt mein Browser jeden Text, den ich in Google suche, um trackid=sp-006. Bereits versucht habe ich den Browser neu zu installieren, die Synchronisation abzuschalten und die Browserdaten zu löschen.

Des Weiteren ist der PC langsam und egal was ich tue, die Startseite aller Browser ist folgende:
hxxp://www.delta-homes.com/?type=hp&ts=1419432629&from=wpm12233&uid=WDCXWD3200BEVT-22A23T0_WD-WX11E81JA075JA075

Auch das lässt sich durch o.g. Versuche nicht ändern.
Ich verwende avast! und WinPatrol, beide Programme haben in den vergangenen Wochen, soweit ich weiß, keinen Alarm geschlagen.

Im Vorwege habe ich FRST und Malwarebytes durchlaufen lassen, logs hier:

MWB:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.02.2015
Suchlauf-Zeit: 18:11:10
Logdatei: logmwb.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.23.04
Rootkit Datenbank: v2015.02.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x86
Dateisystem: NTFS
Benutzer: Tina

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 342660
Verstrichene Zeit: 48 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 2
Backdoor.Bot, C:\Users\Tina\Downloads\anki-2.0.26 - CHIP-Installer.exe, , [df0122ff2565b383aa5b3e2f2ed2ad53], 
PUP.Optional.Downloader, C:\Users\Tina\Downloads\Sony PC Companion - CHIP-Installer.exe, , [2fb133eed8b2043291efa87b748e8b75], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Tina (administrator) on BABY-LAPTOP on 23-02-2015 19:29:10
Running from C:\Users\Tina\Downloads
Loaded Profiles: Tina (Available profiles: Tina)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Atheros) C:\Program Files\Qualcomm Atheros\Ath_WlanAgent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Dropbox, Inc.) C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-28] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\...\MountPoints2: {e2a5f21e-b706-11e4-afe3-dc0ea153367b} - "E:\Startme.exe" 
Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://es.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1348099943-322414606-2026873492-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1348099943-322414606-2026873492-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://es.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1348099943-322414606-2026873492-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.4.9.29 10.4.9.30

FireFox:
========
FF ProfilePath: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default
FF DefaultSearchUrl: https://es.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: https://es.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1348099943-322414606-2026873492-1001: @phonostar.de/phonostar -> C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKU\S-1-5-21-1348099943-322414606-2026873492-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default\searchplugins\yahoo-avast.xml
FF Extension: Security Protection - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default\Extensions\detgdp@gmail.com [2014-12-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-15]
FF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default\extensions\detgdp@gmail.com
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1419432629&from=wpm12233&uid=WDCXWD3200BEVT-22A23T0_WD-WX11E81JA075JA075"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-12]
CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-12]
CHR Extension: (Google Search) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-12]
CHR Extension: (AdBlock) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-14]
CHR Extension: (Avast Online Security) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-15]
CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [174080 2012-08-29] (Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-12] (Elex do Brasil Participações Ltda)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2013-08-22] (The OpenVPN Project)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1222144 2014-09-24] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-09-10] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-19] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-19] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [91496 2014-11-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-19] ()
R3 athr; C:\WINDOWS\system32\DRIVERS\athw8.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-09-24] (Microsoft Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [480256 2012-08-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-09-24] (Microsoft Corporation)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [242240 2013-08-08] (DT Soft Ltd)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-12] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [110792 2013-06-18] (Qualcomm Atheros Co., Ltd.)
R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-09-24] (Microsoft Corporation)
S3 WUDFWpdComp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 19:29 - 2015-02-23 19:30 - 00016505 _____ () C:\Users\Tina\Downloads\FRST.txt
2015-02-23 19:28 - 2015-02-23 19:29 - 00000000 ____D () C:\FRST
2015-02-23 19:26 - 2015-02-23 19:26 - 00380416 _____ () C:\Users\Tina\Downloads\Gmer-19357.exe
2015-02-23 19:22 - 2015-02-23 19:23 - 00000470 _____ () C:\Users\Tina\Downloads\defogger_disable.log
2015-02-23 19:22 - 2015-02-23 19:22 - 00000000 _____ () C:\Users\Tina\defogger_reenable
2015-02-23 18:21 - 2015-02-23 18:21 - 00050477 _____ () C:\Users\Tina\Downloads\Defogger.exe
2015-02-23 18:17 - 2015-02-23 18:17 - 01126912 _____ (Farbar) C:\Users\Tina\Downloads\FRST.exe
2015-02-19 18:56 - 2015-02-19 18:56 - 00002060 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-02-19 18:21 - 2015-02-19 18:21 - 01203488 _____ () C:\Users\Tina\Downloads\Sony PC Companion - CHIP-Installer.exe
2015-02-19 16:40 - 2015-02-19 17:02 - 00000000 ____D () C:\Users\Tina\Desktop\phone
2015-02-18 09:47 - 2015-02-18 09:47 - 00031744 _____ () C:\Users\Tina\Downloads\TP.02-15. L.A (2).1xls
2015-02-18 09:46 - 2015-02-18 09:46 - 00031744 _____ () C:\Users\Tina\Downloads\TP.02-15. L.A (1).1xls
2015-02-18 09:45 - 2015-02-18 09:45 - 00031744 _____ () C:\Users\Tina\Downloads\TP.02-15. L.A.1xls
2015-02-18 02:24 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-18 02:19 - 2015-01-19 19:36 - 01192552 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-18 02:19 - 2014-12-09 00:11 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 01:59 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 01:59 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 01:59 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 01:59 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 01:59 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 01:59 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 01:59 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 01:59 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-11 01:59 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 01:59 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 01:59 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 01:59 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 01:59 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 01:59 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 01:59 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 01:59 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 01:59 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 01:59 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 01:59 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 01:58 - 2015-01-10 09:28 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 01:58 - 2015-01-10 09:28 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 01:58 - 2015-01-10 08:38 - 03550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 01:57 - 2015-01-15 23:37 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 01:57 - 2015-01-15 23:37 - 00148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 01:57 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 01:57 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 01:57 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 01:57 - 2014-10-29 02:03 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-01 17:12 - 2015-02-23 18:10 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 17:11 - 2015-02-01 17:11 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 17:11 - 2015-02-01 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-01 17:10 - 2015-02-01 17:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-01 17:10 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-01 17:10 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-01 01:28 - 2015-02-01 01:28 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-31 00:25 - 2015-01-31 00:25 - 00122888 _____ () C:\Users\Tina\Downloads\MARPRAC.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 19:30 - 2014-10-06 16:01 - 00000000 ____D () C:\Users\Tina\Desktop\Fotos
2015-02-23 19:30 - 2014-09-18 09:26 - 00000000 ____D () C:\Users\Tina\Desktop\Psicología
2015-02-23 19:22 - 2014-10-25 22:18 - 00000000 ____D () C:\Users\Tina
2015-02-23 19:08 - 2013-08-06 19:06 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-23 19:05 - 2015-01-08 23:41 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 19:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-23 18:13 - 2014-10-25 22:05 - 01759151 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-23 17:25 - 2014-10-12 22:20 - 00000948 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1348099943-322414606-2026873492-1001UA.job
2015-02-23 16:58 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-23 16:11 - 2015-01-09 00:09 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-23 15:35 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-23 15:18 - 2013-08-06 19:09 - 00000000 ___RD () C:\Users\Tina\Dropbox
2015-02-23 15:03 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-19 18:58 - 2013-09-23 20:15 - 00844108 _____ () C:\WINDOWS\DPINST.LOG
2015-02-19 18:56 - 2014-08-29 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-02-19 18:55 - 2013-08-09 16:17 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-19 17:30 - 2013-08-22 08:23 - 00303126 _____ () C:\WINDOWS\setupact.log
2015-02-18 10:43 - 2014-06-17 22:17 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-18 06:12 - 2012-07-26 07:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-18 06:11 - 2013-08-15 18:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-18 05:59 - 2013-08-10 14:45 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-18 02:17 - 2013-08-06 19:07 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-18 02:17 - 2013-08-06 19:03 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Dropbox
2015-02-18 02:12 - 2015-01-08 23:41 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 01:46 - 2014-12-24 15:51 - 00000000 ____D () C:\Program Files\WinZipper
2015-02-18 01:43 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-18 01:43 - 2013-08-22 08:22 - 00473968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-18 01:41 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-18 01:40 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-02-08 23:25 - 2014-10-12 22:20 - 00000926 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1348099943-322414606-2026873492-1001Core.job
2015-02-08 00:29 - 2014-09-24 04:38 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-08 00:23 - 2014-09-23 19:27 - 00019994 _____ () C:\WINDOWS\PFRO.log
2015-02-03 20:31 - 2014-10-29 15:28 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-10-29 15:28 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-01 18:28 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Web
2015-02-01 17:11 - 2013-08-10 12:24 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Malwarebytes
2015-02-01 17:10 - 2013-08-10 12:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 17:10 - 2013-08-10 12:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-01 01:37 - 2014-10-10 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-01 01:37 - 2014-10-10 14:04 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-01 01:36 - 2013-09-30 10:06 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\DVDVideoSoft
2015-02-01 01:36 - 2013-09-30 10:06 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

Some content of TEMP:
====================
C:\Users\Tina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthdopb.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 15:30

==================== End Of Log ============================

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015
Ran by Tina at 2015-02-23 19:32:07
Running from C:\Users\Tina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anki (HKLM\...\Anki) (Version:  - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artweaver Free 4 (HKLM\...\{6567E404-A019-4D0C-BD18-10564126A579}_is1) (Version: 4.0 - Boris Eyrich Software)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Balabolka (HKLM\...\Balabolka) (Version: 2.9.0.560 - Ilya Morozov)
Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
dradio-Recorder Version 3.02.6 (HKLM\...\dradio-Recorder_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-1348099943-322414606-2026873492-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EPSON BX305 Series Printer Uninstall (HKLM\...\EPSON BX305 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version:  - SEIKO EPSON Corporation)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Studio version 6.4.3.128 (HKLM\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
Google Books Downloader version 2.3 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
OpenVPN 2.3.2-I003  (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.13 - Qualcomm Atheros)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.245 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZipper (HKLM\...\WinZipper) (Version: 1.5.83 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Tina\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Tina\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Tina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1348099943-322414606-2026873492-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

05-02-2015 22:49:05 Geplanter Prüfpunkt
11-02-2015 02:09:54 Windows Update
18-02-2015 02:25:36 Windows Update
19-02-2015 18:57:10 Sony PC Companion

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EEB93EE-2CAE-401B-9B23-1A2BC1CE8BF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-08] (Google Inc.)
Task: {31A4A9BE-F558-4F76-9AC8-46AC61B7B000} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {5555C504-10E6-4A50-90AB-CFEA39C73E63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-08] (Google Inc.)
Task: {58A41D34-FD0C-4ED1-8A36-5CBD88F9B660} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-19] (AVAST Software)
Task: {7442890F-4C0F-47AC-B5BF-0432787BDC4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8458D391-01CF-45AD-BF77-62484280DC84} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1348099943-322414606-2026873492-1001Core => C:\Users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-12] (Facebook Inc.)
Task: {9EB22EBD-B03B-40BB-93B3-E81E745CCF3B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-18] (Microsoft Corporation)
Task: {AFF61CF2-8E3D-401B-B032-5B66794F0B84} - System32\Tasks\avastBCLRestartS-1-5-21-1348099943-322414606-2026873492-1001 => Chrome.exe 
Task: {D76803ED-3E05-4F91-8312-EDA3A5EE0B6F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E9A1E647-AF82-4836-9E8E-2AC640D92111} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1348099943-322414606-2026873492-1001UA => C:\Users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-12] (Facebook Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1348099943-322414606-2026873492-1001Core.job => C:\Users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1348099943-322414606-2026873492-1001UA.job => C:\Users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-18 01:40 - 2015-02-18 01:40 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021702\algo.dll
2015-02-23 15:33 - 2015-02-23 15:33 - 02911232 _____ () C:\Program Files\AVAST Software\Avast\defs\15022300\algo.dll
2014-12-24 15:51 - 2014-12-17 03:43 - 00612528 _____ () C:\Program Files\WinZipper\sqlite3.dll
2014-07-04 20:33 - 2014-07-04 20:33 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-12 15:43 - 2015-01-12 13:31 - 00185656 _____ () C:\Program Files\Elex-tech\YAC\libpng.dll
2015-01-12 15:44 - 2015-01-12 13:31 - 00065696 _____ () C:\Program Files\Elex-tech\YAC\zlib1.dll
2014-11-19 13:49 - 2014-11-19 13:49 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-18 02:17 - 2015-02-18 02:17 - 00043008 _____ () c:\users\tina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthdopb.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Tina\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-30 00:06 - 2014-10-30 00:06 - 00232960 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\ebe7d3f58b50058f3cda2650d5d3cbe3\ASF_cSharpAPI.ni.dll
2013-12-30 09:54 - 2013-12-30 09:54 - 00720896 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll
2013-12-30 09:54 - 2013-12-30 09:54 - 00712704 _____ () C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll
2013-12-30 09:54 - 2013-12-30 09:54 - 00237568 _____ () C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll
2014-10-30 00:06 - 2014-10-30 00:06 - 00479744 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.SQLite\f1f3909ce63c4d662f918ec8f704d3cd\System.Data.SQLite.ni.dll
2013-12-30 09:54 - 2013-12-30 09:54 - 00839680 _____ () C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll
2014-10-30 00:04 - 2014-10-30 00:04 - 00081408 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ZipStore\1ae895f4475ae5c1a0157b68aecab52f\ZipStore.ni.dll
2013-12-30 09:54 - 2013-12-30 09:54 - 00126976 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\DNSe.dll
2013-08-22 00:55 - 2013-06-18 13:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
2014-08-29 10:54 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2014-08-29 10:54 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2014-08-29 10:54 - 2010-05-26 16:09 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\BtPlatform.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2014-08-29 10:54 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2014-08-29 10:54 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2014-08-29 10:54 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-02-23 16:10 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-23 16:10 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-23 16:11 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1348099943-322414606-2026873492-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tina\Pictures\Others\Pusteblume_im_Morgentau1.jpg
DNS Servers: 10.4.9.29 - 10.4.9.30

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1348099943-322414606-2026873492-500 - Administrator - Disabled)
Gast (S-1-5-21-1348099943-322414606-2026873492-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1348099943-322414606-2026873492-1003 - Limited - Enabled)
Tina (S-1-5-21-1348099943-322414606-2026873492-1001 - Administrator - Enabled) => C:\Users\Tina

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2015 07:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.3.9600.16384, Zeitstempel: 0x52157bbc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1b58
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Vollständiger Name des fehlerhaften Pakets: DllHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DllHost.exe5

Error: (02/23/2015 04:49:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/18/2015 02:06:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/09/2015 02:25:10 PM) (Source: Google Update) (EventID: 20) (User: Baby-Laptop)
Description: Network Request Error.
Error: 0x80072efe. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http s

Error: (02/08/2015 02:30:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/08/2015 02:25:07 AM) (Source: Google Update) (EventID: 20) (User: Baby-Laptop)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http s

Error: (02/05/2015 11:03:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/04/2015 08:10:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/01/2015 01:39:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (02/01/2015 01:39:15 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 


System errors:
=============
Error: (02/23/2015 05:40:05 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/23/2015 05:24:05 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.

Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.

Error: (02/23/2015 05:23:25 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.

In einer Indexstruktur des Dateisystems wurde eine Beschädigung gefunden. Die Dateireferenznummer ist 0x5000000031a02. Der Name der Datei ist "\Windows\System32\DriverStore\FileRepository". Das Attribut des beschädigten Indexes ist ":$I30:$INDEX_ALLOCATION".

Error: (02/23/2015 05:23:21 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x5000000031479. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (02/23/2015 05:23:20 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.

Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.

Error: (02/23/2015 05:23:20 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.

Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.

Error: (02/23/2015 05:23:20 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.

Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.

Error: (02/23/2015 05:23:20 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.

Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.

Error: (02/23/2015 05:23:20 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "??" wurde eine Beschädigung erkannt.

Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden.

Error: (02/23/2015 03:30:29 PM) (Source: DCOM) (EventID: 10010) (User: Baby-Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (02/23/2015 07:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1638452157bbcunknown0.0.0.000000000c0000005000000001b5801d04f96b70167faC:\WINDOWS\system32\DllHost.exeunknownfaf242a3-bb89-11e4-afe3-dc0ea153367b

Error: (02/23/2015 04:49:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Sony\Sony PC Companion\Drivers\DPInst64.exe

Error: (02/18/2015 02:06:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (02/09/2015 02:25:10 PM) (Source: Google Update) (EventID: 20) (User: Baby-Laptop)
Description: Network Request Error.
Error: 0x80072efe. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http s

Error: (02/08/2015 02:30:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (02/08/2015 02:25:07 AM) (Source: Google Update) (EventID: 20) (User: Baby-Laptop)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http s

Error: (02/05/2015 11:03:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (02/04/2015 08:10:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (02/01/2015 01:39:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (02/01/2015 01:39:15 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2015-02-23 15:02:11.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-19 19:14:49.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-19 17:57:25.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-19 17:36:47.204
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-19 17:25:19.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-19 00:03:42.962
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-18 11:30:07.751
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-18 11:08:47.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-18 09:46:22.582
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-18 08:58:07.851
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

Processor: AMD C-60 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 39%
Total physical RAM: 3578.9 MB
Available physical RAM: 2166.43 MB
Total Pagefile: 4218.9 MB
Available Pagefile: 2423.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1862.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.75 GB) (Free:184.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 000BF567)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Als Nächstes habe ich versucht, Gmer durchzuführen, dabei ist der PC allerdings abgestürzt und ich habe folgende Meldung erhalten:

UNEXPECTED_KERNEL_MODE_TRAP

Vielen Dank im Voraus für eure Hilfe!!
LG Tina

schrauber · 24.02.2015, 06:14

hi,

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

WinZipper

YAC
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

ico0okie · 24.02.2015, 17:07

Also, hier alles, was ich durchgeführt habe.

ADWCleaner:
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.012 - Bericht erstellt am 20/11/2013 um 11:20:49
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (32 bits)
# Benutzername : Tina - BABY-LAPTOP
# Gestartet von : C:\Users\Tina\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\Program Files\Searchprotect
Ordner Gelöscht : C:\Users\Tina\AppData\Roaming\Searchprotect
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default\invalidprefs.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
Datei Gelöscht : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\a53ded1e76eef12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\SearchProtect
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\SearchProtect

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default\prefs.js ]

Zeile gelöscht : user_pref("CT3281675_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376042043135,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN83446091819505886&UM=2&UP=SP1824F63F-2107-448A-826F-3386DC35B359");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3281675");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "entrusted Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN83446091819505886&UM=2&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "ae08cb3c0000000000007627375e7844");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15978");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.611:07:33");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121565&tsp=5021");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("smartbar.machineId", "GHJDHJ8TAFQ3ANYPTADE5VHLYXG/ZZK/UXJ9LX6FXQTHVVC1FHLQQEXQZU40REJI14NFWZ7XWG4LULKRXGV/5A");

-\\ Google Chrome v31.0.1650.57

[ Datei : C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4967 octets] - [20/11/2013 11:17:59]
AdwCleaner[S0].txt - [4896 octets] - [20/11/2013 11:20:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4956 octets] ##########

--- --- ---
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.111 - Bericht erstellt 24/02/2015 um 12:02:00
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 8.1 Pro  (x86)
# Benutzername : Tina - BABY-LAPTOP
# Gestarted von : C:\Users\Tina\Downloads\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : iSafeKrnl
Dienst Gelöscht : iSafeKrnlBoot
Dienst Gelöscht : iSafeKrnlKit
Dienst Gelöscht : iSafeKrnlR3
Dienst Gelöscht : iSafeNetFilter
[#] Dienst Gelöscht : iSafeService
Dienst Gelöscht : iSafeKrnlMon

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\WinZipper
[!] Ordner Gelöscht : C:\Program Files\Elex-tech
Ordner Gelöscht : C:\Users\Tina\AppData\Roaming\WinZipper
[!] Ordner Gelöscht : C:\Users\Tina\AppData\Roaming\Elex-tech
Ordner Gelöscht : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default\Extensions\detgdp@gmail.com
Datei Gelöscht : C:\WINDOWS\system32\drivers\iSafeKrnlBoot.sys
Datei Gelöscht : C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Tina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [detgdp@gmail.com]
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Elex-tech
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [7517 Bytes] - [20/11/2013 11:17:59]
AdwCleaner[S0].txt - [7715 Bytes] - [20/11/2013 11:20:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7774  Bytes] ##########

--- --- ---

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro x86
Ran by Tina on 24.02.2015 at 15:49:46,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] isafekrnl 
Failed to stop: [Service] isafekrnlkit 
Successfully stopped: [Service] isafekrnlr3 
Successfully deleted: [Service] isafekrnlr3 
Failed to stop: [Service] isafenetfilter 
Failed to stop: [Service] isafeservice 



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1348099943-322414606-2026873492-1001



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Tina\AppData\Roaming\elex-tech"
Failed to delete: [Folder] "C:\Program Files\elex-tech"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.02.2015 at 16:01:41,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und der zweite FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Tina (administrator) on BABY-LAPTOP on 24-02-2015 16:02:06
Running from C:\Users\Tina\Desktop
Loaded Profiles: Tina (Available profiles: Tina)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Atheros) C:\Program Files\Qualcomm Atheros\Ath_WlanAgent.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-28] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\...\MountPoints2: {e2a5f21e-b706-11e4-afe3-dc0ea153367b} - "E:\Startme.exe" 
Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1348099943-322414606-2026873492-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://es.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1348099943-322414606-2026873492-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://es.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1348099943-322414606-2026873492-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.4.9.29 10.4.9.30

FireFox:
========
FF ProfilePath: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default
FF DefaultSearchUrl: https://es.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: https://es.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1348099943-322414606-2026873492-1001: @phonostar.de/phonostar -> C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKU\S-1-5-21-1348099943-322414606-2026873492-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\9pidy6z0.default\searchplugins\yahoo-avast.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1419432629&from=wpm12233&uid=WDCXWD3200BEVT-22A23T0_WD-WX11E81JA075JA075"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-12]
CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-12]
CHR Extension: (Google Search) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-12]
CHR Extension: (AdBlock) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-14]
CHR Extension: (Avast Online Security) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-15]
CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [174080 2012-08-29] (Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-12] (Elex do Brasil Participações Ltda)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2013-08-22] (The OpenVPN Project)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1222144 2014-09-24] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-09-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-19] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-19] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [91496 2014-11-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-19] ()
R3 athr; C:\WINDOWS\system32\DRIVERS\athw8.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-09-24] (Microsoft Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [480256 2012-08-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [186880 2014-09-24] (Microsoft Corporation)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [242240 2013-08-08] (DT Soft Ltd)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
U1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-12] (Elex do Brasil Participações Ltda)
U1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-12] (Elex do Brasil Participações Ltda)
U1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [110792 2013-06-18] (Qualcomm Atheros Co., Ltd.)
R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-09-24] (Microsoft Corporation)
S3 WUDFWpdComp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 16:01 - 2015-02-24 16:01 - 00001207 _____ () C:\Users\Tina\Desktop\JRT.txt
2015-02-24 15:48 - 2015-02-24 15:48 - 01388274 _____ (Thisisu) C:\Users\Tina\Downloads\JRT.exe
2015-02-24 15:47 - 2015-02-24 15:47 - 00007854 _____ () C:\Users\Tina\Desktop\AdwCleaner[S0].txt
2015-02-24 12:05 - 2015-01-03 09:56 - 00044712 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2015-02-24 11:43 - 2015-02-24 11:43 - 00001238 _____ () C:\Users\Tina\Desktop\Revo Uninstaller.lnk
2015-02-24 11:43 - 2015-02-24 11:43 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-24 11:33 - 2015-02-24 11:33 - 02126848 _____ () C:\Users\Tina\Downloads\AdwCleaner_4.111.exe
2015-02-24 11:32 - 2015-02-24 11:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tina\Downloads\revosetup95.exe
2015-02-24 00:30 - 2015-02-24 00:30 - 00529274 _____ () C:\Users\Tina\Desktop\Pedro Aguado.pptx
2015-02-23 20:05 - 2015-02-23 21:53 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-23 19:35 - 2015-02-24 16:02 - 00014628 _____ () C:\Users\Tina\Desktop\FRST.txt
2015-02-23 19:35 - 2015-02-23 19:35 - 00035251 _____ () C:\Users\Tina\Desktop\Addition.txt
2015-02-23 19:32 - 2015-02-23 19:34 - 00035251 _____ () C:\Users\Tina\Downloads\Addition.txt
2015-02-23 19:29 - 2015-02-23 19:34 - 00027348 _____ () C:\Users\Tina\Downloads\FRST.txt
2015-02-23 19:28 - 2015-02-24 16:02 - 00000000 ____D () C:\FRST
2015-02-23 19:26 - 2015-02-23 19:26 - 00380416 _____ () C:\Users\Tina\Desktop\Gmer-19357.exe
2015-02-23 19:22 - 2015-02-23 19:23 - 00000470 _____ () C:\Users\Tina\Downloads\defogger_disable.log
2015-02-23 19:22 - 2015-02-23 19:22 - 00000000 _____ () C:\Users\Tina\defogger_reenable
2015-02-23 18:21 - 2015-02-23 18:21 - 00050477 _____ () C:\Users\Tina\Desktop\Defogger.exe
2015-02-23 18:17 - 2015-02-23 18:17 - 01126912 _____ (Farbar) C:\Users\Tina\Desktop\FRST.exe
2015-02-19 18:56 - 2015-02-19 18:56 - 00002060 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-02-19 18:21 - 2015-02-19 18:21 - 01203488 _____ () C:\Users\Tina\Downloads\Sony PC Companion - CHIP-Installer.exe
2015-02-19 16:40 - 2015-02-19 17:02 - 00000000 ____D () C:\Users\Tina\Desktop\phone
2015-02-18 09:47 - 2015-02-18 09:47 - 00031744 _____ () C:\Users\Tina\Downloads\TP.02-15. L.A (2).1xls
2015-02-18 09:46 - 2015-02-18 09:46 - 00031744 _____ () C:\Users\Tina\Downloads\TP.02-15. L.A (1).1xls
2015-02-18 09:45 - 2015-02-18 09:45 - 00031744 _____ () C:\Users\Tina\Downloads\TP.02-15. L.A.1xls
2015-02-18 02:24 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-18 02:19 - 2015-01-19 19:36 - 01192552 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-18 02:19 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-18 02:19 - 2014-12-09 00:11 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 01:59 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 01:59 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 01:59 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 01:59 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 01:59 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 01:59 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 01:59 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 01:59 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-11 01:59 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 01:59 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 01:59 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 01:59 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 01:59 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 01:59 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 01:59 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 01:59 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 01:59 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 01:59 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 01:59 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 01:58 - 2015-01-10 09:28 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 01:58 - 2015-01-10 09:28 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 01:58 - 2015-01-10 08:38 - 03550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 01:57 - 2015-01-15 23:37 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 01:57 - 2015-01-15 23:37 - 00148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 01:57 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 01:57 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 01:57 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 01:57 - 2014-10-29 02:03 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-01 17:12 - 2015-02-23 18:10 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 17:11 - 2015-02-01 17:11 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 17:11 - 2015-02-01 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-01 17:10 - 2015-02-01 17:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-01 17:10 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-01 17:10 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-01 01:28 - 2015-02-01 01:28 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-31 00:25 - 2015-01-31 00:25 - 00122888 _____ () C:\Users\Tina\Downloads\MARPRAC.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 15:53 - 2014-10-25 22:05 - 01922708 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-24 15:44 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-24 12:27 - 2013-08-06 19:09 - 00000000 ___RD () C:\Users\Tina\Dropbox
2015-02-24 12:26 - 2015-01-08 23:41 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 12:26 - 2013-08-06 19:03 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Dropbox
2015-02-24 12:09 - 2014-09-24 04:38 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-24 12:08 - 2013-08-06 19:06 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-24 12:05 - 2014-09-23 19:27 - 00423550 _____ () C:\WINDOWS\PFRO.log
2015-02-24 12:05 - 2013-08-22 08:23 - 00304152 _____ () C:\WINDOWS\setupact.log
2015-02-24 12:05 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-24 12:03 - 2014-10-26 12:21 - 00001158 _____ () C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-24 12:03 - 2013-11-20 11:17 - 00000000 ____D () C:\AdwCleaner
2015-02-24 00:05 - 2015-01-08 23:41 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 23:25 - 2014-10-12 22:20 - 00000948 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1348099943-322414606-2026873492-1001UA.job
2015-02-23 23:25 - 2014-10-12 22:20 - 00000926 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1348099943-322414606-2026873492-1001Core.job
2015-02-23 20:12 - 2014-10-25 22:18 - 00000000 ____D () C:\Users\Tina
2015-02-23 20:06 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-23 20:05 - 2014-01-16 08:30 - 410262540 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-23 19:30 - 2014-10-06 16:01 - 00000000 ____D () C:\Users\Tina\Desktop\Fotos
2015-02-23 19:30 - 2014-09-18 09:26 - 00000000 ____D () C:\Users\Tina\Desktop\Psicología
2015-02-23 16:58 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-23 16:11 - 2015-01-09 00:09 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-23 15:35 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-23 15:03 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-19 18:58 - 2013-09-23 20:15 - 00844108 _____ () C:\WINDOWS\DPINST.LOG
2015-02-19 18:56 - 2014-08-29 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-02-19 18:55 - 2013-08-09 16:17 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-18 10:43 - 2014-06-17 22:17 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-18 06:12 - 2012-07-26 07:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-18 06:11 - 2013-08-15 18:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-18 05:59 - 2013-08-10 14:45 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-18 02:17 - 2013-08-06 19:07 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-18 01:43 - 2013-08-22 08:22 - 00473968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-18 01:40 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-02-03 20:31 - 2014-10-29 15:28 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-10-29 15:28 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-01 18:28 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Web
2015-02-01 17:11 - 2013-08-10 12:24 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Malwarebytes
2015-02-01 17:10 - 2013-08-10 12:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 17:10 - 2013-08-10 12:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-01 01:37 - 2014-10-10 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-01 01:37 - 2014-10-10 14:04 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-01 01:36 - 2013-09-30 10:06 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\DVDVideoSoft
2015-02-01 01:36 - 2013-09-30 10:06 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

Some content of TEMP:
====================
C:\Users\Tina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsvtskw.dll
C:\Users\Tina\AppData\Local\Temp\Quarantine.exe
C:\Users\Tina\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 15:30

==================== End Of Log ============================

--- --- ---

Danke für die schnelle Antwort :-)

schrauber · 25.02.2015, 07:01

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Win 8.1, 32bit: Trackid=sp-006 in jeder Google-Suche

Plagegeister aller Art und deren Bekämpfung: Win 8.1, 32bit: Trackid=sp-006 in jeder Google-Suche