Hallo, danke für die Antwort.
Wenn ich Rechtsklick -> Eigenschaften auf regfix.reg mache, steht da schon bei Dateityp "Registrierungseinträge (.reg)", also scheint schon eine .reg-Datei zu sein. Das Icon passt auch.
Hier die Logdatei von FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by vb93 (administrator) on DELL-LAPTOP-VB on 19-01-2015 16:33:19
Running from C:\Users\vb93\Desktop
Loaded Profiles: vb93 (Available profiles: vb93)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft) C:\Dell\DBRM\Reminder\DbrmTrayicon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Spotify Ltd) C:\Users\vb93\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(Spotify Ltd) C:\Users\vb93\AppData\Roaming\Spotify\spotify.exe
(ICQ) C:\Users\vb93\AppData\Roaming\ICQM\icq.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dropbox, Inc.) C:\Users\vb93\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\vb93\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\vb93\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\vb93\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\vb93\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
() C:\Users\vb93\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-15] ()
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-09-10] (Microsoft)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-09-10] (Microsoft)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3943100138-2756375604-3755048534-1001\...\Run: [Spotify Web Helper] => C:\Users\vb93\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-3943100138-2756375604-3755048534-1001\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-3943100138-2756375604-3755048534-1001\...\Run: [Spotify] => C:\Users\vb93\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-3943100138-2756375604-3755048534-1001\...\Run: [icq] => C:\Users\vb93\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-27] (ICQ)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\vb93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\vb93\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3943100138-2756375604-3755048534-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/?aff=p
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/?aff=p
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3943100138-2756375604-3755048534-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/?aff=p
HKU\S-1-5-21-3943100138-2756375604-3755048534-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3943100138-2756375604-3755048534-1001 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPA461A140-F417-4527-BD4D-4E367BE6C278&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3943100138-2756375604-3755048534-1001 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 88.209.32.12 88.209.32.38
FireFox:
========
FF ProfilePath: C:\Users\vb93\AppData\Roaming\Mozilla\Firefox\Profiles\66gc1vqo.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\vb93\AppData\Roaming\Mozilla\Firefox\Profiles\66gc1vqo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-17]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-12-12]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe" [X]
S3 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe" [X]
S2 dc9f343e; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\toolorange\ClipandBuy.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-15] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MpKsl3ef43ab7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4176C543-EB80-463F-983F-E2391A7207FC}\MpKsl3ef43ab7.sys [X]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 16:19 - 2015-01-19 16:20 - 00065536 ___HT () C:\Users\vb93\Documents\~braunvanessa93@gmx.de.pst.tmp
2015-01-18 02:31 - 2015-01-18 02:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 15:57 - 2015-01-17 16:01 - 00000133 _____ () C:\Users\vb93\Desktop\regfix.reg
2015-01-13 21:26 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 21:26 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 21:26 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 21:26 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-13 21:26 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-13 21:26 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-13 21:26 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:26 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-13 21:26 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 21:26 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 21:26 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 21:26 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 21:26 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-11 01:41 - 2015-01-11 01:41 - 00012260 _____ () C:\Users\vb93\Downloads\SystemLook.txt
2015-01-11 01:40 - 2015-01-11 01:40 - 00165376 _____ () C:\Users\vb93\Downloads\SystemLook_x64.exe
2014-12-31 15:02 - 2014-12-31 15:02 - 00000000 ____D () C:\Users\vb93\AppData\Roaming\IDT
2014-12-22 21:09 - 2014-12-22 21:10 - 00000375 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-12-20 22:28 - 2014-12-20 22:28 - 00852505 _____ () C:\Users\vb93\Desktop\SecurityCheck.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 16:33 - 2014-12-15 18:40 - 00000000 ____D () C:\Users\vb93\Desktop\FRST-OlderVersion
2015-01-19 16:33 - 2014-12-13 00:56 - 00019409 _____ () C:\Users\vb93\Desktop\FRST.txt
2015-01-19 16:33 - 2014-12-13 00:56 - 00000000 ____D () C:\FRST
2015-01-19 16:33 - 2014-12-13 00:55 - 02126848 _____ (Farbar) C:\Users\vb93\Desktop\FRST64.exe
2015-01-19 16:30 - 2012-10-11 18:57 - 00000000 ____D () C:\Users\vb93\AppData\Roaming\Spotify
2015-01-19 16:22 - 2014-07-29 20:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 16:20 - 2013-06-28 21:31 - 00271360 _____ () C:\Users\vb93\Documents\braunvanessa93@gmx.de.pst
2015-01-19 16:19 - 2012-01-03 00:43 - 00000000 ____D () C:\Users\vb93\Documents\Outlook-Dateien
2015-01-19 15:25 - 2011-12-12 02:55 - 01989599 _____ () C:\windows\WindowsUpdate.log
2015-01-19 12:39 - 2012-10-11 18:57 - 00000000 ____D () C:\Users\vb93\AppData\Local\Spotify
2015-01-19 11:25 - 2011-12-12 04:45 - 00714310 _____ () C:\windows\system32\perfh007.dat
2015-01-19 11:25 - 2011-12-12 04:45 - 00154406 _____ () C:\windows\system32\perfc007.dat
2015-01-19 11:25 - 2009-07-14 06:13 - 01659204 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-19 11:01 - 2012-01-02 00:41 - 00000422 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2015-01-19 11:00 - 2012-01-05 20:02 - 00003488 _____ () C:\windows\System32\Tasks\PCDEventLauncher
2015-01-18 12:24 - 2012-05-08 00:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 06:50 - 2009-07-14 05:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 06:50 - 2009-07-14 05:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 10:09 - 2012-10-30 19:14 - 00000000 ___RD () C:\Users\vb93\Dropbox
2015-01-14 10:09 - 2012-10-30 19:11 - 00000000 ____D () C:\Users\vb93\AppData\Roaming\Dropbox
2015-01-14 03:23 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-14 03:23 - 2009-07-14 05:51 - 00094931 _____ () C:\windows\setupact.log
2015-01-14 03:22 - 2014-07-29 20:40 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 03:22 - 2012-04-09 08:40 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 03:22 - 2011-12-12 03:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 03:05 - 2013-07-21 02:00 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 03:01 - 2012-01-02 17:51 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-10 22:39 - 2014-12-13 00:57 - 00031734 _____ () C:\Users\vb93\Desktop\Addition.txt
2015-01-09 02:30 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-03 18:51 - 2012-01-02 00:41 - 00000564 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-29 12:58 - 2010-11-21 04:47 - 00296014 _____ () C:\windows\PFRO.log
2014-12-22 21:49 - 2012-01-02 00:42 - 00000000 ____D () C:\Users\vb93\Documents\Bluetooth Folder
==================== Files in the root of some directories =======
2012-01-02 23:19 - 2012-01-02 23:19 - 0017408 _____ () C:\Users\vb93\AppData\Local\WebpageIcons.db
Some content of TEMP:
====================
C:\Users\vb93\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgoqf73.dll
C:\Users\vb93\AppData\Local\Temp\javagiac0.8800260133790858.dll
C:\Users\vb93\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\vb93\AppData\Local\Temp\Quarantine.exe
C:\Users\vb93\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 01:57
==================== End Of Log ============================ --- --- --- |