Habe ich immernoch Viren?

EvelynW · 23.04.2014, 08:00

Hallo,
Ich habe gestern und heute jeweils einen Virenscan machen lassen, ist aber mittendrin abgestürtzt. Ich lasse gerade einen Festplatten scan machen.
Jedenfalls, gestern gab mir Norton den bericht, das Viren gefunden worden sind. Bei den meisten, sagte es sie wurden isoliert. Bei manchem stand behoben und bei anderen stand entfernt. Norton meint, ich muss nicht mehr eingreifen aber jeder Monat, beim Monatlichen scan, findet er etwas. Ich mache mir unglaubliche Sorgen, dass ich noch was hab. Ausserdem meint mein Vater, dass diese Viren sich vielleicht durchs Netz geschlichen haben... Das hoffe ich ernsthaft nicht.
Heute bei meinem Scan (bevor mein PC abgestürtzt ist) hat Norton völlig durch meine appdata durch geschaut aber nichts mehr gefunden. Heißt das, dass die Viren dort entfernt sind?

Ach ja, und eine Vire fing mit Evelyn\appdata\sun\java an. Heißt das, Java hat en Virus? Wenn ich an meinem PC bin, kann ich vielleicht mehr info geben. Kenn mich damit nicht wirklich aus.
Ich weiß nicht, ob ich das ins Falsche forum gepostet hab. Wenn Ja, dann tut mir das leid. Ich hab angst...

schrauber · 23.04.2014, 08:06

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

EvelynW · 23.04.2014, 08:35

Zitat:

Zitat von schrauber

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Okay, einen Moment. Die Festplatte wir immoment gescannt, da habe ich keinen Zugriff auf meinen PC.

schrauber · 24.04.2014, 07:03

ok

EvelynW · 24.04.2014, 07:37

Okay, ich hoffe ich hab dass hier richtig gemacht.
Nun gut!
(Ach ja, sorry das es so lange gedauert hat, ich hatte gestern noch einen Termin. Nun gut, hier bin ich jetzt).

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by Evelyn (administrator) on CYGNET-PC on 24-04-2014 08:33:23
Running from C:\Users\Evelyn\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_63b9aeb0b2db5e8b\STacSV.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
() C:\Windows\jwpen.exe
() C:\Windows\Jwpen.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Symantec Corporation) C:\Program Files\Norton Family\Engine\2.9.5.29\NF.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Data Perceptions / PowerProgrammer) C:\Windows\system32\WebUpdateSvc.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Symantec Corporation) C:\Program Files\Norton Family\Engine\2.9.5.29\NF.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\ProgramData\Codec\Codec.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Google) C:\Program Files\Google\Google Talk\googletalk.exe
() C:\Windows\System32\HWKeyPlus.exe
() C:\Windows\System32\HWTabTray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(汉王科技股份有限公司) C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files\HTC\HTC Sync 3.0\adb.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495715 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [593920 2011-04-26] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [HWTablet KeyPlus] => C:\Windows\system32\HWKeyPlus.exe [53248 2008-06-03] ()
HKLM\...\Run: [HWTablet Service] => C:\Windows\system32\HWTabTray.exe [184320 2009-03-05] ()
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*TampMon] - C:\Program Files\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Evelyn\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3588952 2014-03-08] (Electronic Arts)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [Google Update] => C:\Users\Evelyn\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-04] (Google Inc.)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-11-16] (AMD)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\MountPoints2: {69daf7a3-915a-11e3-bd4a-806e6f6e6963} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\MountPoints2: {cc1fe0b6-72b3-11e3-b00a-485b39373aac} - E:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hanvon Soft.lnk
ShortcutTarget: Hanvon Soft.lnk -> C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe (汉王科技股份有限公司)
Startup: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files\simplitec\simplicheck\simplicheck.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/moy00362/tb_v1?searchsource=10&cc=&mi=b4d5cb370000000000001c4bd68c86f9
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE986A1197733CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCchr999&ptnrS=ZCchr999&ptb=5VItzzZNCqsKNj6K8Uyy1A&ind=2012101210&n=77ee3a5a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.soft-quick.info/?l=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {485F8EB4-05D9-478B-A02D-1BBD7A0620D3} URL = hxxp://search.softonic.com/MOY00362/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=b4d5cb370000000000001c4bd68c86f9&r=431
SearchScopes: HKCU - {485F8EB4-05D9-478B-A02D-1BBD7A0620D3} URL = hxxp://search.softonic.com/MOY00362/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=b4d5cb370000000000001c4bd68c86f9&r=431
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCchr999&ptnrS=ZCchr999&ptb=5VItzzZNCqsKNj6K8Uyy1A&ind=2012012209&n=77ecdeb1&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.soft-quick.info/?l=1&q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.223.1 192.168.239.1

FireFox:
========
FF ProfilePath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default
FF user.js: detected! => C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\user.js
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files\Roblox\Versions\version-77cb13cdf4414374\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Evelyn\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Evelyn\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Evelyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Evelyn\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Evelyn\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\searchplugins\WebSearch.xml
FF Extension: Codecv - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\Extensions\501cf8456ffa3@501cf8456ffdd.info [2012-09-29]
FF Extension: continuetosave - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\Extensions\50fc4b96aa0e9@50fc4b96aa122.com [2013-06-23]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-05-12]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.14\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.14\coFFFw\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-10-31]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-15]
CHR Extension: (Google Drive) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-15]
CHR Extension: (YouTube) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-15]
CHR Extension: (Google-Suche) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-15]
CHR Extension: (AdBlock Premium) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-01-02]
CHR Extension: (AdBlock) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-15]
CHR Extension: (Norton Identity Protection) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-19]
CHR Extension: (Norton™ Family) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2013-09-19]
CHR Extension: (Google Wallet) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Google Mail) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files\Norton Family\Engine\2.9.5.29\Extensions\Chrome.crx [2014-02-12]
CHR HKLM\...\Chrome\Extension: [oclcjojjnkeionnajdimfdldkbbjifmf] - C:\ProgramData\Codecv\oclcjojjnkeionnajdimfdldkbbjifmf.crx [2012-08-04]
CHR StartMenuInternet: Google Chrome - C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-11-09] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [18432 2011-05-05] ()
R2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-05-28] ()
S2 gupdate1cb055562ebb685; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-06-06] (Google Inc.)
R2 HWSuperPowerTablet; C:\Windows\jwpen.exe [66560 2008-06-03] ()
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 NSM; C:\Program Files\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_63b9aeb0b2db5e8b\STacSV.exe [229465 2009-11-27] (IDT, Inc.)
R2 WebUpdate; C:\Windows\system32\WebUpdateSvc.exe [266240 2005-08-03] (Data Perceptions / PowerProgrammer)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV05; C:\Windows\system32\drivers\ACEDRV05.sys [97792 2012-01-20] (Protect Software GmbH)
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2011-03-26] (Protect Software GmbH)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2009-08-21] (Alcor Micro, Corp.)
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-01-16] ()
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [1098968 2014-03-19] (Symantec Corporation)
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1502000.026\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSM\0209050.01D\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140422.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140423.003\NAVENG.SYS [93272 2013-10-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140423.003\NAVEX15.SYS [1612376 2013-10-31] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2011-01-04] (CACE Technologies)
S3 QCPro; C:\Windows\System32\DRIVERS\p35u.sys [116480 2002-12-10] (Logitech Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759872 2009-08-12] ()
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1502000.026\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1502000.026\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1502000.026\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-10-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1502000.026\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1502000.026\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSM\0209050.01D\SymRdrS.SYS [203992 2013-12-18] (Symantec Corporation)
R3 VHWDrawing; C:\Windows\System32\DRIVERS\HWDrawing.sys [6400 2007-03-26] (Windows (R) Codename Longhorn DDK provider)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S2 HYRDBios; system32\DRIVERS\HYRDBios.sys [X]
U2 V2iMount; 
S3 XDva387; \??\C:\Windows\system32\XDva387.sys [X]
S3 XDva392; \??\C:\Windows\system32\XDva392.sys [X]
S3 XDva396; \??\C:\Windows\system32\XDva396.sys [X]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: ezGOSvc -> C:\Windows\system32\ezGOSvc.dll ()

==================== One Month Created Files and Folders ========

2014-04-24 08:33 - 2014-04-24 08:34 - 00027585 _____ () C:\Users\Evelyn\Desktop\FRST.txt
2014-04-24 08:33 - 2014-04-24 08:33 - 00000000 ____D () C:\FRST
2014-04-24 08:32 - 2014-04-24 08:32 - 01048576 _____ (Farbar) C:\Users\Evelyn\Desktop\FRST.exe
2014-04-23 16:18 - 2014-04-23 16:18 - 03081712 ____N (Symantec Corporation) C:\Users\Evelyn\Desktop\NPE.exe
2014-04-23 12:46 - 2014-04-23 12:46 - 00003664 ____N () C:\bootsqm.dat
2014-04-23 07:24 - 2014-04-23 07:24 - 00001285 _____ () C:\Users\Evelyn\Desktop\ROBLOX Player.lnk
2014-04-23 07:23 - 2014-04-23 07:24 - 00001104 _____ () C:\Users\Evelyn\Desktop\ROBLOX Studio 2013.lnk
2014-04-22 21:41 - 2014-04-22 21:41 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 21:09 - 2014-04-22 21:09 - 00253952 _____ () C:\Users\Evelyn\Desktop\New Canvas.sai
2014-04-13 16:27 - 2013-03-25 20:27 - 00000042 _____ () C:\Users\Evelyn\Documents\aionmemo_8f d76 7.bak
2014-04-09 12:47 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 12:47 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 12:47 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 12:47 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 12:47 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 12:47 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 12:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 12:47 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-05 09:41 - 2014-04-05 10:13 - 00002692 _____ () C:\shared.log
2014-03-30 14:35 - 2014-03-30 14:35 - 00000000 ____D () C:\Users\Evelyn\Documents\The Movies

==================== One Month Modified Files and Folders =======

2014-04-24 08:34 - 2014-04-24 08:33 - 00027585 _____ () C:\Users\Evelyn\Desktop\FRST.txt
2014-04-24 08:33 - 2014-04-24 08:33 - 00000000 ____D () C:\FRST
2014-04-24 08:32 - 2014-04-24 08:32 - 01048576 _____ (Farbar) C:\Users\Evelyn\Desktop\FRST.exe
2014-04-24 08:32 - 2010-05-14 14:01 - 01343568 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 08:28 - 2010-06-06 10:51 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Skype
2014-04-24 08:27 - 2010-10-18 20:32 - 00000000 ____D () C:\ProgramData\Origin
2014-04-24 08:26 - 2011-07-27 07:15 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\Htc
2014-04-24 08:26 - 2010-06-06 16:45 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 08:25 - 2012-08-04 12:25 - 00000334 ____H () C:\Windows\Tasks\CodecUpdaterTask{021B7108-D364-46A2-8F39-6B2ED6A0EBE3}.job
2014-04-24 08:25 - 2011-06-04 16:37 - 00000000 ____D () C:\Program Files\Origin
2014-04-24 08:25 - 2010-06-06 16:45 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 08:24 - 2013-11-03 21:35 - 00003116 _____ () C:\Windows\HWTablet.bin
2014-04-24 08:24 - 2012-06-23 20:23 - 00024169 _____ () C:\Windows\setupact.log
2014-04-24 08:24 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 23:37 - 2011-06-14 20:26 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001UA.job
2014-04-23 22:11 - 2011-02-13 21:07 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\CrashDumps
2014-04-23 21:24 - 2009-07-14 04:04 - 00000430 _____ () C:\Windows\win.ini
2014-04-23 20:53 - 2011-02-12 17:46 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\.minecraft
2014-04-23 20:44 - 2011-05-01 20:00 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\NPE
2014-04-23 20:39 - 2009-07-14 06:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 20:39 - 2009-07-14 06:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 16:18 - 2014-04-23 16:18 - 03081712 ____N (Symantec Corporation) C:\Users\Evelyn\Desktop\NPE.exe
2014-04-23 13:40 - 2010-06-05 07:59 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Mozilla
2014-04-23 12:46 - 2014-04-23 12:46 - 00003664 ____N () C:\bootsqm.dat
2014-04-23 08:42 - 2010-07-14 16:04 - 01740460 _____ () C:\Windows\PFRO.log
2014-04-23 08:07 - 2010-06-05 07:48 - 00000000 ____D () C:\Users\Evelyn
2014-04-23 08:05 - 2011-02-09 17:33 - 00000000 ____D () C:\ProgramData\Sony
2014-04-23 07:58 - 2010-05-14 14:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-23 07:50 - 2012-01-20 21:24 - 00035328 ___SH () C:\Users\Evelyn\Thumbs.db
2014-04-23 07:24 - 2014-04-23 07:24 - 00001285 _____ () C:\Users\Evelyn\Desktop\ROBLOX Player.lnk
2014-04-23 07:24 - 2014-04-23 07:23 - 00001104 _____ () C:\Users\Evelyn\Desktop\ROBLOX Studio 2013.lnk
2014-04-23 07:24 - 2011-11-21 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2014-04-22 21:41 - 2014-04-22 21:41 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 21:09 - 2014-04-22 21:09 - 00253952 _____ () C:\Users\Evelyn\Desktop\New Canvas.sai
2014-04-22 17:48 - 2010-10-11 19:07 - 00000476 ____H () C:\Windows\Tasks\Norton Security Scan for Evelyn.job
2014-04-22 16:42 - 2010-06-06 10:49 - 00000000 ___RD () C:\Program Files\Skype
2014-04-22 12:54 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-22 10:35 - 2010-07-25 11:27 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\Adobe
2014-04-20 17:37 - 2011-06-14 20:26 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001Core.job
2014-04-18 23:36 - 2010-06-19 13:25 - 00000000 ____D () C:\Program Files\Steam
2014-04-18 07:41 - 2011-06-14 20:26 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-18 07:30 - 2014-02-11 00:23 - 00000000 ____D () C:\Users\Evelyn\Desktop\To be Sorted
2014-04-17 11:29 - 2010-07-05 13:50 - 00000000 ____D () C:\Users\Evelyn\.gimp-2.6
2014-04-17 09:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-17 08:44 - 2010-11-28 15:46 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\gtk-2.0
2014-04-12 15:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-10 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-09 21:26 - 2013-08-09 23:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:22 - 2010-06-05 07:40 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-05 10:13 - 2014-04-05 09:41 - 00002692 _____ () C:\shared.log
2014-04-02 17:10 - 2010-05-14 14:09 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 17:04 - 2013-10-31 15:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-04-02 17:04 - 2011-02-12 14:54 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-03-31 02:13 - 2014-04-09 12:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 12:47 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 14:35 - 2014-03-30 14:35 - 00000000 ____D () C:\Users\Evelyn\Documents\The Movies
2014-03-30 14:35 - 2012-01-14 13:28 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Lionhead Studios
2014-03-29 20:24 - 2011-03-06 10:48 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Audacity

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\sysqcl1129139270.dat


Some content of TEMP:
====================
C:\Users\Cygnet\AppData\Local\Temp\_is513B.exe
C:\Users\Evelyn\AppData\Local\Temp\AutoRun.exe
C:\Users\Evelyn\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Evelyn\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Evelyn\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Evelyn\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Evelyn\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Evelyn\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Evelyn\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Evelyn\AppData\Local\Temp\First15.exe
C:\Users\Evelyn\AppData\Local\Temp\rootsupd.exe
C:\Users\Evelyn\AppData\Local\Temp\ubi6A29.tmp.exe
C:\Users\Evelyn\AppData\Local\Temp\ubi9DA7.tmp.exe
C:\Users\Evelyn\AppData\Local\Temp\ubiA1FD.tmp.exe
C:\Users\Evelyn\AppData\Local\Temp\VP6Install.exe
C:\Users\Evelyn\AppData\Local\Temp\VP6VFW.dll
C:\Users\Evelyn\AppData\Local\Temp\_is7213.exe
C:\Users\Evelyn\AppData\Local\Temp\_is9397.exe
C:\Users\Evelyn\AppData\Local\Temp\_isA58E.exe
C:\Users\Evelyn\AppData\Local\Temp\_isDA48.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 19:58

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-04-2014
Ran by Evelyn at 2014-04-24 08:35:17
Running from C:\Users\Evelyn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

2weistein-Training (HKLM\...\{0AA0EF07-5F55-47CA-B790-8AFB7BFEE159}_is1) (Version:  - Brainmonster Studios)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CC (HKLM\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Professional CS6 (HKLM\...\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader 9.4.0 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AION Free-To-Play (HKLM\...\InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}) (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (Version: 2.70.0000 - Gameforge) Hidden
Alice Madness Returns (HKLM\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
Alter Ego DE (HKLM\...\Alter Ego DE_is1) (Version:  - Future Games)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E43B4909-141E-DFF3-8C58-62B5E4D66BBA}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed IV Black Flag (HKLM\...\Uplay Install 273) (Version:  - Ubisoft)
Assassin's Creed Liberation HD (HKLM\...\Uplay Install 625) (Version:  - Ubisoft)
Assassin's Creed Revelations 1.02 (HKLM\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.02 - Ubisoft)
Assassin's Creed(R) III v1.06 (HKLM\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ATI AVIVO Codecs (Version: 10.12.0.00122 - ATI Technologies Inc.) Hidden
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Audacity 1.3.12 (HKLM\...\Audacity 1.3 Beta_is1) (Version:  - Audacity Team)
Blender (HKLM\...\Blender) (Version: 2.64a-release - Blender Foundation)
CamStudio (HKLM\...\CamStudio) (Version:  - )
CamStudio OSS Desktop Recorder (HKLM\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Codec Updater (HKLM\...\Codec) (Version:  - )
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.2504 - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.2504 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM\...\DAZ Install Manager 1.0.1.108) (Version: 1.0.1.108 - DAZ 3D)
Die Sims 2 (HKLM\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Family Fun - Accessoires (HKLM\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )
Die Sims 2: Nightlife (HKLM\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
Die Sims 2: Open For Business (HKLM\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
Die Sims 2: Wilde Campus-Jahre (HKLM\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version:  - )
Die Sims™ 2 Apartment-Leben (HKLM\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
Die Sims™ 2 Haustiere (HKLM\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
Die Sims™ 2 IKEA® Home-Accessoires (HKLM\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
Die Sims™ 2 Teen Style-Accessoires (HKLM\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version:  - Electronic Arts)
Die Sims™ 2 Vier Jahreszeiten (HKLM\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
Die Sims™ 2 Villen- und Garten-Accessoires (HKLM\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version:  - Electronic Arts)
Die Sims™ 2: Glamour-Accessoires (HKLM\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ffdshow [rev 3055] [2009-08-16] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Forte 3 - Free Edition (HKLM\...\Forte 3 Free) (Version: 3 - Lugert Verlag)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.6.9 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.9 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM\...\{6080787C-8D8A-3334-B79E-FFDC020FA0A1}) (Version: 5.3.0.18358 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Hanvon Soft 3.0 (HKLM\...\{73BD1CE5-F278-4540-B667-7F7D86488236}) (Version: 3.00.2100 - Hanwang Technology Co.,Ltd )
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM\...\{DD8D87E5-C372-462F-B168-94612B1D9451}) (Version: 3.0.5551 - HTC Corporation)
HydraVision (Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
ISScript (Version: 3.00.185 - InstallShield Software Corp.) Hidden
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Kingdoms of Amalur: Reckoning (HKLM\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LEGO MARVEL Super Heroes (HKLM\...\Steam App 249130) (Version:  - Traveller's Tales)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MySims™ (HKLM\...\{68DC42FA-962C-4973-A306-D595D861FA1E}) (Version: 1.00.0000 - Electronic Arts)
NC Launcher (GameForge) (HKLM\...\NCLauncher_GameForge) (Version:  - NCsoft)
Norton Family (HKLM\...\NSM) (Version: 2.9.5.29 - Symantec Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 2.7.3.34 - Symantec Corporation)
NVIDIA GAME System Software 2.8.1 (HKLM\...\{4F0C7CCF-5666-474B-B02E-AC514A95EC93}) (Version: 2.8.1 - NVIDIA Corporation)
openCanvas 5.1.04 (HKLM\...\{E00F999C-80D1-460F-BCE1-CD0140215CBC}}_is1) (Version: 5.1.04 - portalgraphics.net)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pflanzen gegen Zombies (HKLM\...\Pflanzen gegen Zombies) (Version:  - PopCap Games)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
Poser 10 (HKLM\...\Poser 10 English_is1) (Version: 10.0.0 - Smith Micro Software, Inc.)
PoserContent2014 (HKLM\...\Poser Pro 2014_is1) (Version: 10.0.0 - Smith Micro Software, Inc.)
PrimoPDF (HKLM\...\PrimoPDF4.0.2.5) (Version: 4.0.2.5 - activePDF)
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
QuickTime (HKLM\...\QuickTime) (Version:  - )
ROBLOX Player (HKLM\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 (HKLM\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
SimCity™ (HKLM\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
simplitec simplicheck (HKLM\...\{F04F6CE6-ABEC-4B12-81CA-87EB238E0C6D}) (Version: 1.2.2.0 - simplitec GmbH)
Sims 3 UIC (HKLM\...\{5726F077-5643-4B62-8E50-C40BC97275F1}) (Version: 2.0 - Zindas Golden Sims)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smith Micro Download Manager version 1.0 (HKLM\...\{89816111-4490-46FB-B141-63EA77077A94}_is1) (Version: 1.0 - Smith Micro Software, Inc.)
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.02.0000 - Electronic Arts)
SPORE™ Süß & Schrecklich Ergänzungs-Pack (HKLM\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tablet Driver (HKLM\...\{ACD21A44-4EF9-4461-B1F3-45786E395032}) (Version: 2.05.0000 - Hanwang technolgy)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TI Connect 1.6 (HKLM\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Web Update Wizard Version 3.00 (HKLM\...\Web Update Wizard_is1) (Version:  - Power Programmer / Data Perceptions)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4038.0 - Microsoft Corporation)
Zipeg (HKCU\...\Zipeg) (Version: 2.9.3.1253 - hxxp://zipeg.com)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-08-10 09:13 - 00000950 ____N C:\Windows\system32\Drivers\etc\hosts
216.98.48.18 127.0.0.1
216.98.48.53 127.0.0.1
216.98.48.57 127.0.0.1
216.98.48.133 127.0.0.1
216.98.48.134 127.0.0.1


==================== Scheduled Tasks (whitelisted) =============

Task: {003ED7F7-B4FA-4AE2-BC5C-F81E8AE1BA74} - System32\Tasks\{553A252D-CB84-4865-8256-9F7740C9141B} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3.exe
Task: {0A8789F7-FFDB-4AF3-A10F-D4E4331BDFF9} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
Task: {114DF27B-E83E-449D-8532-CB20722586B0} - System32\Tasks\AdobeAAMUpdater-1.0-Cygnet-PC-Cygnet => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {22FAA7E3-4E88-4903-9030-EFC34DBE4493} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-06] (Google Inc.)
Task: {2A2D6C00-7D5E-4FEA-9861-AB5E4331D41C} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files\Norton Family\Engine\2.9.5.29\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {32436105-DC56-47B4-8EFF-A1CDDC150136} - System32\Tasks\{69022D20-9A44-4FEB-A412-E4CDA802E7D0} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3.exe
Task: {38E2738E-8A2C-4189-BDE2-17FDB4295864} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {3F1D3A8D-455F-45C8-9359-C7AB34502B22} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files\Norton Family\Engine\2.9.5.29\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4804EB47-21B9-4FCB-BF8C-8CD1240DDDBC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5083188F-0A25-477D-BE6F-0E5CA3630617} - System32\Tasks\{105502DC-2BE3-47AF-AF9A-B8526AC5E5B7} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3.exe
Task: {5573935E-5C5A-4212-A1D3-09FD87A4E482} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {5C0AD8A4-8C6C-486B-BB3E-A1D56DC2B386} - System32\Tasks\AdobeAAMUpdater-1.0-Cygnet-PC-Evelyn => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {626E0A79-E1C9-4D6B-B05F-2A48BE69848D} - System32\Tasks\{0ECC387D-0889-405C-9FA8-8B40A7B4184C} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3.exe
Task: {6BCB1F78-94C1-45C4-8AA3-11F5F17300EB} - System32\Tasks\Norton Security Scan for Evelyn => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28] (Symantec Corporation)
Task: {8A210395-C8A5-42EA-8061-58893FCF2436} - System32\Tasks\{5F0CB38C-E975-42EE-B3B3-BA641946C72F} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3.exe
Task: {9D12A1D1-391D-4319-8D24-0EE459A24FD8} - System32\Tasks\wp_update => C:\Users\Evelyn\AppData\Roaming\~yvlbqot.exe <==== ATTENTION
Task: {AA54ECF9-44B1-4B25-BF31-FE5048846BE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-06] (Google Inc.)
Task: {AB24BAB5-2974-4C8B-BA99-D258900AD9FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001UA => C:\Users\Evelyn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04] (Google Inc.)
Task: {ACE94F79-EF00-4F7A-B283-5FA7EAC03F9B} - System32\Tasks\{E601A75A-C41E-45B2-8350-D96D40CC5D2A} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3.exe
Task: {B929F191-4B68-4AB6-8A40-94940809039E} - System32\Tasks\{1173B09B-A561-408D-B1F9-0D7341C35FF9} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3.old..exe
Task: {BAE8AC42-5369-43CF-BC44-FDC2FEAEB67E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26] ()
Task: {CAF27052-BC28-4D6D-88BF-2035A0E0EA91} - System32\Tasks\CodecUpdaterTask{021B7108-D364-46A2-8F39-6B2ED6A0EBE3} => C:\ProgramData\Codec\Codec.exe [2012-08-04] ()
Task: {CF55CD86-4170-46AA-9562-17B7F8D1329C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001Core => C:\Users\Evelyn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04] (Google Inc.)
Task: {D4161478-3966-4374-B4EE-8FC9BEF644F0} - System32\Tasks\{9FB0FA46-AAE8-4EB3-9A55-99479BCEF7A3} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3.exe
Task: {D9E41400-5BC6-4149-BDE7-A3B640C78FD5} - System32\Tasks\{A0DCB95C-34C8-4C95-B339-E905A16DCDA0} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {DD54B0C3-E9B4-415E-BD3F-4ACE2A0AC285} - System32\Tasks\{9C13D0E7-CAF7-4C47-95BD-477A51E6398F} => C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3.exe
Task: {DDC9A13A-F0B2-4621-A8A5-E13203D3806B} - System32\Tasks\{1212E8A9-F391-45DA-8BB8-A23EB3EDA20B} => D:\Autorun.exe
Task: {F0C3D0E5-B2A3-40B6-BE79-CC861D52674A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\CodecUpdaterTask{021B7108-D364-46A2-8F39-6B2ED6A0EBE3}.job => C:\ProgramData\Codec\Codec.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001Core.job => C:\Users\Evelyn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001UA.job => C:\Users\Evelyn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Evelyn.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe

==================== Loaded Modules (whitelisted) =============

2013-12-17 17:42 - 2006-12-11 23:12 - 00176235 _____ () C:\Windows\System32\Primomonnt.dll
2013-12-06 21:14 - 2011-05-05 22:36 - 00018432 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2013-12-06 21:14 - 2011-05-05 22:36 - 01221120 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace.dll
2013-12-06 21:14 - 2011-05-05 22:36 - 00791040 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x86.dll
2013-12-06 21:14 - 2011-05-05 22:36 - 00838656 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl.dll
2013-12-06 21:14 - 2011-05-05 22:36 - 00129536 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp.dll
2011-05-29 12:22 - 2011-05-28 06:34 - 00073600 _____ () c:\windows\system32\ezgosvc.dll
2013-11-03 21:35 - 2008-06-03 17:18 - 00066560 _____ () C:\Windows\jwpen.exe
2013-11-03 21:35 - 2008-06-03 17:18 - 00066560 _____ () C:\Windows\Jwpen.exe
2013-11-03 21:35 - 2010-04-07 16:43 - 00029184 _____ () C:\Windows\system32\JWPEN.dll
2014-02-12 10:57 - 2012-05-29 21:21 - 00699280 ____R () C:\Program Files\Norton Family\Engine\2.9.5.29\wincfi39.dll
2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2014-02-11 04:20 - 2014-02-11 04:20 - 00597360 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
2011-03-06 14:28 - 2010-08-19 18:43 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2012-08-04 12:25 - 2012-08-04 12:25 - 00210944 _____ () C:\ProgramData\Codec\Codec.exe
2011-04-26 17:22 - 2011-04-26 17:22 - 00593920 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2011-04-26 17:22 - 2011-04-26 17:22 - 00516599 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
2011-04-26 17:22 - 2011-04-26 17:22 - 00094208 _____ () C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
2011-04-26 17:22 - 2011-04-26 17:22 - 00385024 _____ () C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll
2011-04-26 17:22 - 2011-04-26 17:22 - 00139264 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
2011-04-26 17:22 - 2011-04-26 17:22 - 00139264 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
2011-04-26 17:22 - 2011-04-26 17:22 - 00559244 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
2011-04-26 17:22 - 2011-04-26 17:22 - 01515520 _____ () C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
2013-11-03 21:35 - 2008-06-03 17:16 - 00053248 _____ () C:\Windows\System32\HWKeyPlus.exe
2013-11-03 21:35 - 2009-02-26 16:22 - 00073728 _____ () C:\Windows\System32\JWkey.dll
2013-11-03 21:35 - 2009-03-05 15:54 - 00184320 _____ () C:\Windows\System32\HWTabTray.exe
2014-02-11 16:09 - 2014-02-11 16:09 - 32733080 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-01-29 17:34 - 2014-03-08 11:35 - 00962560 _____ () C:\Program Files\Origin\platforms\qwindows.dll
2014-01-29 17:34 - 2014-03-08 11:35 - 00024064 _____ () C:\Program Files\Origin\imageformats\qgif.dll
2014-01-29 17:34 - 2014-03-08 11:35 - 00025088 _____ () C:\Program Files\Origin\imageformats\qico.dll
2014-01-29 17:34 - 2014-03-08 11:35 - 00217088 _____ () C:\Program Files\Origin\imageformats\qjpeg.dll
2014-01-29 17:34 - 2014-03-08 11:35 - 00261632 _____ () C:\Program Files\Origin\imageformats\qmng.dll
2014-01-29 17:34 - 2014-03-08 11:35 - 00019968 _____ () C:\Program Files\Origin\imageformats\qtga.dll
2014-01-29 17:34 - 2014-03-08 11:35 - 00302592 _____ () C:\Program Files\Origin\imageformats\qtiff.dll
2014-01-29 17:34 - 2014-03-08 11:35 - 00018944 _____ () C:\Program Files\Origin\imageformats\qwbmp.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2011-04-26 17:22 - 2011-04-26 17:22 - 02530671 _____ () C:\Program Files\HTC\HTC Sync 3.0\adb.exe
2013-06-18 16:49 - 2013-06-18 16:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-30 00:08 - 2013-04-30 00:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-11 17:41 - 2014-04-02 03:57 - 00065352 _____ () C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-11 17:41 - 2014-04-02 03:57 - 00674632 _____ () C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-11 17:41 - 2014-04-02 03:57 - 00093000 _____ () C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-11 17:41 - 2014-04-02 03:57 - 04081480 _____ () C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-11 17:41 - 2014-04-02 03:58 - 00390472 _____ () C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-11 17:41 - 2014-04-02 03:57 - 01647432 _____ () C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-11 17:41 - 2014-04-02 03:58 - 13691720 _____ () C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Generic Mount Control Device
Description: Generic Mount Control Device
Class Guid: {d27c1f2e-cf2d-4fdc-ad2a-0dddbeab92f0}
Manufacturer: Symantec Corporation
Service: GenericMount
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2014 10:11:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Sims2Launcher.exe, Version: 1.0.0.1, Zeitstempel: 0x48f12e72
Name des fehlerhaften Moduls: Sims2Launcher.exe, Version: 1.0.0.1, Zeitstempel: 0x48f12e72
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002167
ID des fehlerhaften Prozesses: 0x19dc
Startzeit der fehlerhaften Anwendung: 0xSims2Launcher.exe0
Pfad der fehlerhaften Anwendung: Sims2Launcher.exe1
Pfad des fehlerhaften Moduls: Sims2Launcher.exe2
Berichtskennung: Sims2Launcher.exe3

Error: (04/23/2014 01:45:16 PM) (Source: Application Hang) (User: )
Description: Programm RobloxPlayerBeta.exe, Version 0.146.0.45615 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1890

Startzeit: 01cf5ee4b91b99fb

Endzeit: 143

Anwendungspfad: C:\Program Files\Roblox\Versions\version-77cb13cdf4414374\RobloxPlayerBeta.exe

Berichts-ID: a3b1f155-cadc-11e3-ba14-485b39373aac

Error: (04/23/2014 07:21:45 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {3e061357-3148-4373-870d-b2e147ad5a02}

Error: (04/21/2014 01:56:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 01:55:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/20/2014 08:00:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/20/2014 07:59:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/18/2014 09:31:02 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/18/2014 09:30:03 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/17/2014 01:54:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/24/2014 08:29:43 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.

Error: (04/24/2014 08:27:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (04/24/2014 08:27:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (04/24/2014 08:27:29 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/24/2014 08:27:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (04/24/2014 08:27:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (04/24/2014 08:27:27 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/24/2014 08:27:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (04/24/2014 08:27:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (04/24/2014 08:27:18 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801


Microsoft Office Sessions:
=========================
Error: (04/23/2014 10:11:50 PM) (Source: Application Error)(User: )
Description: Sims2Launcher.exe1.0.0.148f12e72Sims2Launcher.exe1.0.0.148f12e72c00000050000216719dc01cf5f302aeaf201C:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2Launcher.exeC:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2Launcher.exe809d3155-cb23-11e3-99a6-485b39373aac

Error: (04/23/2014 01:45:16 PM) (Source: Application Hang)(User: )
Description: RobloxPlayerBeta.exe0.146.0.45615189001cf5ee4b91b99fb143C:\Program Files\Roblox\Versions\version-77cb13cdf4414374\RobloxPlayerBeta.exea3b1f155-cadc-11e3-ba14-485b39373aac

Error: (04/23/2014 07:21:45 AM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {3e061357-3148-4373-870d-b2e147ad5a02}

Error: (04/21/2014 01:56:52 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cyberlink\powerdirector\muitransfer\MUIStartMenuX64.exe

Error: (04/21/2014 01:55:58 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe

Error: (04/20/2014 08:00:41 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cyberlink\powerdirector\muitransfer\MUIStartMenuX64.exe

Error: (04/20/2014 07:59:44 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe

Error: (04/18/2014 09:31:02 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cyberlink\powerdirector\muitransfer\MUIStartMenuX64.exe

Error: (04/18/2014 09:30:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe

Error: (04/17/2014 01:54:43 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cyberlink\powerdirector\muitransfer\MUIStartMenuX64.exe


==================== Memory info =========================== 

Percentage of memory in use: 77%
Total physical RAM: 3052.54 MB
Available physical RAM: 689.76 MB
Total Pagefile: 6103.38 MB
Available Pagefile: 2982.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:138.5 GB) NTFS
Drive e: (HTC Sync Manager) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 76692CA8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Okay :P
Hier.
Glaube das war richtig :P

schrauber · 24.04.2014, 12:53

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

EvelynW · 24.04.2014, 15:11

So, hallo!

Es hat etwas länger gedauert als ich dachte aber das ist schon okay. Ich bin jetzt fertig.

Hier ist der MBAM Scan:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.04.2014
Suchlauf-Zeit: 15:31:53
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.24.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Evelyn

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 307881
Verstrichene Zeit: 1 Std, 29 Min, 1 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
Trojan.Dropper, C:\ProgramData\Codec\Codec.exe, 3856, Löschen bei Neustart, [6b958b75c63a9967277b389ac73ae818]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 18
Trojan.Dropper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Codec, In Quarantäne, [6b958b75c63a9967277b389ac73ae818], 
Trojan.Vundo, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, In Quarantäne, [03fd23dd13ed8080ac3ea7a0946ebc44], 
Trojan.Vundo, HKU\S-1-5-21-698156655-3041474433-3874372325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, In Quarantäne, [03fd23dd13ed8080ac3ea7a0946ebc44], 
Trojan.Vundo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, In Quarantäne, [03fd23dd13ed8080ac3ea7a0946ebc44], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [50b0de224cb4be428e83252911f1fe02], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [50b0de224cb4be428e83252911f1fe02], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00A6FAF6-072E-44CF-8957-5838F569A31D}, In Quarantäne, [58a8e61ae719cd331272ca87aa589868], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00A6FAF6-072E-44CF-8957-5838F569A31D}, In Quarantäne, [58a8e61ae719cd331272ca87aa589868], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [8a76d12f44bc12ee126d2826b44e51af], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [8a76d12f44bc12ee126d2826b44e51af], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [5aa64fb157a916ea509b6ae49a68867a], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB}, In Quarantäne, [49b7be4218e85aa6a15a86c98979ec14], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [d8289769b74942bec7616d1733cf7e82], 
PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\VITTALIA\AxtanInstaller, In Quarantäne, [f20e976921dfed13fbbb0080d032669a], 
PUP.Optional.Iminent, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}, In Quarantäne, [a759f40c6799778962f6c8e70003d32d], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [c23edf216b9599672affb0d49969f10f], 
PUP.Optional.SProtector.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, In Quarantäne, [f30d36ca79871ae6f6efbbe0a26108f8], 
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-698156655-3041474433-3874372325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [768a07f9c9379769b9045d4a877c06fa], 

Registrierungswerte: 4
PUP.Optional.MindSpark.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00A6FAF6-072E-44CF-8957-5838F569A31D}, In Quarantäne, [58a8e61ae719cd331272ca87aa589868], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [8a76d12f44bc12ee126d2826b44e51af], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [de22f70910f02ed2c3bc024c28da817f], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-698156655-3041474433-3874372325-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{00A6FAF6-072E-44cf-8957-5838F569A31D}, In Quarantäne, [6c9429d7a7595aa60a7a500135cdf010], 

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 4
Adware.InstallBrain, C:\ProgramData\IBUpdaterService, In Quarantäne, [cb35629e6e92fe02fa2b551ef90a29d7], 
PUP.Optional.OpenCandy, C:\Users\Evelyn\AppData\Roaming\OpenCandy, In Quarantäne, [42beea16d62aa45c0d8a3130fe04619f], 
PUP.Optional.OpenCandy, C:\Users\Evelyn\AppData\Roaming\OpenCandy\60219E13A6B043BD9EF3EC6F96BDC78C, In Quarantäne, [42beea16d62aa45c0d8a3130fe04619f], 
PUP.Optional.OpenCandy, C:\Users\Evelyn\AppData\Roaming\OpenCandy\C643125E2A5D4FBF8925DC17A8B4E2DC, In Quarantäne, [42beea16d62aa45c0d8a3130fe04619f], 

Dateien: 7
Trojan.Dropper, C:\ProgramData\Codec\Codec.exe, Löschen bei Neustart, [6b958b75c63a9967277b389ac73ae818], 
PUP.Optional.Amonetize, C:\Users\Evelyn\AppData\Roaming\OpenCandy\C643125E2A5D4FBF8925DC17A8B4E2DC\WS_p4v2_2CB2.exe, In Quarantäne, [3fc13fc1ff018a7625194ab62fd50ef2], 
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, In Quarantäne, [ed13847c2dd340c0b317f52bf40c6c94], 
PUP.Optional.Softonic.A, C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\searchplugins\softonic.xml, In Quarantäne, [e719ab55f90702fe97093b39b052ff01], 
PUP.Optional.WebSearch.A, C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\searchplugins\WebSearch.xml, In Quarantäne, [a0606b9519e7a060806d76023cc6cc34], 
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [cb35629e6e92fe02fa2b551ef90a29d7], 
PUP.Optional.OpenCandy, C:\Users\Evelyn\AppData\Roaming\OpenCandy\60219E13A6B043BD9EF3EC6F96BDC78C\TuneUpUtilities2013_2200212_de-DE.exe, In Quarantäne, [42beea16d62aa45c0d8a3130fe04619f], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Der ADWCleaner Scan:

Code:

ATTFilter

# AdwCleaner v3.202 - Bericht erstellt am 24/04/2014 um 15:50:21
# Aktualisiert 23/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Evelyn - CYGNET-PC
# Gestartet von : C:\Users\Evelyn\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\clsoft ltd
Ordner Gelöscht : C:\ProgramData\Codecv
Ordner Gelöscht : C:\ProgramData\continuetosave
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\AlawarWrapper
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
Ordner Gelöscht : C:\Windows\system32\AI_RecycleBin
Ordner Gelöscht : C:\Users\Evelyn\AppData\Local\apn
Ordner Gelöscht : C:\Users\Evelyn\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Evelyn\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Evelyn\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\Evelyn\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Evelyn\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\Extensions\50fc4b96aa0e9@50fc4b96aa122.com
Datei Gelöscht : C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
Datei Gelöscht : C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader48987_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader48987_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_camtasia-studio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_camtasia-studio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_comic-life_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_comic-life_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_particleillusion_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_particleillusion_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_collagemaker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_collagemaker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_manga-studio-debut_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_manga-studio-debut_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_manycam_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_manycam_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pflanzen-gegen-zombies_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pflanzen-gegen-zombies_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ulead-videostudio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ulead-videostudio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas(2)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas(2)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Cheat Engine\OpenCandy
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\simplitec
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.soft-quick.info/?l=1&q=");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Zeile gelöscht : user_pref("extensions.501cf84570052.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent100", "1308633695711");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1307560938291");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1307560938290");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1307560938293");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1308739683544");

-\\ Google Chrome v

[ Datei : C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=sb&qsrc=2869

*************************

AdwCleaner[R0].txt - [10095 octets] - [24/04/2014 15:45:05]
AdwCleaner[S0].txt - [9910 octets] - [24/04/2014 15:50:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9970 octets] ##########

Der JRT Scan:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Evelyn on 24.04.2014 at 16:03:12,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{485F8EB4-05D9-478B-A02D-1BBD7A0620D3}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{0010089D-9273-4426-ACD1-9F86E057DDAB}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{04013B98-D06E-4D79-B5B7-8E3A7873F507}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{15B0C490-AB3D-4ECA-B6F3-489A2864381B}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{17E2253C-72D4-44A7-95BD-8AB29993C8D5}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{1BB8394F-9BF6-4395-81A5-FEC7658FA1E0}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{1BF50C9E-74BA-48A8-B7C1-38180EDE3B20}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{1EE90DD4-10BD-4825-B6B4-1C3C0B9A8F2A}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{1F604C07-CCA6-45D4-97B3-E94CF521760E}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{23770C73-E714-4ECC-A63E-B92020FB391B}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{23A957F5-FA4C-491A-9F42-CC7DE3A348D9}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{305B067B-9579-4FD4-956A-5C537362CE6B}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{31D7BCC2-30E0-4742-A65B-E6D06FF2FBAF}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{326684BA-605C-47C8-B028-97DDF1E21E8E}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{3CA157FA-4FF4-446C-98C5-4EB9A3B7910E}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{40B6D3E5-88AB-49B0-B8FF-7649D0DEE4E7}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{42656E4B-9837-49A9-AB68-63CEEE5E11CF}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{43B26E5F-D8A0-4579-B802-03C0B2ABE8E7}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{45BE9ED8-45B7-42FB-B8C4-BBCDE9E26FE4}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{4AE6BCF3-CDC8-480A-9969-051AAD5466C9}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{55FCE609-90C2-4B8D-B979-1402F0758C61}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{5855B267-148B-4EE7-A6A4-F5F668334E77}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{664FEA27-7B00-4275-BD79-4D25BB3DB6F0}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{6B499D27-427C-4EB9-8C78-2DF69C399FDD}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{6B97060F-E53E-45CB-9C4B-80CEF616DA82}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{76DFDC22-7585-47D0-A563-77AF97119BC2}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{77511E84-F5FF-47E9-AC82-FBCF0244DCE1}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{77D79EDF-1EDB-4D4A-8781-967EF705BEA6}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{78AEE91B-8B3A-4546-91FD-FB5748B8121E}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{7BD40CCE-D447-43A7-BE55-511B75EB7860}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{7C98EC4B-043B-41D3-AA95-5494425B4DF5}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{7D32106B-038F-41C0-A6E2-EDFF4255489C}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{7E3D7F92-299C-44CF-9182-FF642B832041}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{7E5988EC-E6F1-419A-A1B5-047E8A87BB9B}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{7F981470-26F4-4045-85DD-560942D36B8E}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{80206D8D-773F-42EE-9617-286F9ECC8F92}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{80D29170-D840-4131-BDBC-CDC58345C4DE}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{874757F1-A347-4734-83D6-9F0AFE570B4C}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{8CA5BB74-B72F-4007-B27D-7014FDABED0D}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{8E6444C5-B1A7-4F65-B363-CDB7DF940012}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{90A62D41-828D-47C9-BF02-4A62A95E29A3}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{91D996B4-6A0F-4B10-8AA9-EB3BF5957A1F}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{920065E3-2451-4DF0-B8E3-83769891B2DF}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{952777B9-45D4-4769-A8FE-EABDED553850}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{96C2C78B-CBC4-41DC-8127-6F159FAA5C10}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{974AC957-56DB-4F1A-991D-418312507A32}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{9F5AB365-95CC-4B17-B132-7F3D509C1185}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{A1928271-B1D4-4DD6-87ED-82BC1AE10964}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{A53CBA55-2022-465D-AA3A-465404D7E571}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{A5D20CB2-9A64-453F-8798-8F58464860F9}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{A92FCE45-8537-434B-A0EA-C8F3B3860DC5}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{AC384DB8-D3F1-4ABF-9960-E6AF84650F04}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{AF8F3380-51E2-470A-83CF-9BEA328E2727}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{B179487B-14A6-488A-948A-9AB329963A3E}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{B1A97A52-0706-4994-8048-78356A9BC2F1}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{B3D2BB54-CEA4-403A-9BDD-D427F0EDA02D}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{BF57CCBD-59CF-4E4D-95A7-C870B4F07860}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{C4498C2A-3FEF-4A2A-9A36-1CD4E5F430AC}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{C4D39E33-CA3A-4647-AB3D-CC63EB29AD9B}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{C51AFE34-C68C-4E5D-9211-0359FECEB6E9}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{CC87604B-080B-4D39-A0B9-D6A9CD9A1C80}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{CC9498A3-2BBB-4FB4-996D-A45CF0BB3A29}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{CD8B1567-3229-4C61-8E04-D2E3C2EF6B4B}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{CF3E8675-70A6-4571-88D5-410A4C6E838B}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{D9083155-D9FC-4D82-963B-DF9C37BBD9F2}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{D96068D1-43BF-4F77-952B-B9CF19565AA5}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{DBE4667E-871A-4C28-A704-DEA38BDC3BFE}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{E1E2393F-1999-46FE-9ED6-3B5B8794D53D}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{E5CA0094-7F07-46C0-8BF3-6B30F8030E3E}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{EC7F0785-4E24-4FA7-9E89-5B4659967A4F}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{ED1D3644-3335-4B04-8BEB-185E15E9D182}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{F0F81844-2EC8-451E-AE01-943F302C24DD}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{F7F7D6A3-E774-4E8B-A873-CC57F945F001}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{F86749F0-ACDE-40D1-8F51-93B15DB834D0}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{F882F721-258E-4497-AB32-C9BB659D9B3A}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{F9737B4A-1153-42D0-BC28-DEBBEC543BBE}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{FA3C4AEB-7DCA-490D-B6F4-5A6A05B5D5CD}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{FBCB11EF-3C1D-4E07-96FC-006DFFCEFEE6}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{FCD1CBD7-2E28-406A-8B15-D2D8408BD66D}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{FE46F2AE-BD50-4862-9EEB-9F84686F6CF5}
Successfully deleted: [Empty Folder] C:\Users\Evelyn\appdata\local\{FF5FBB43-7F6F-4910-82AB-8F81E7DB4B20}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2014 at 16:06:59,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und hier ist der FRST Scan:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by Evelyn (administrator) on CYGNET-PC on 24-04-2014 16:07:46
Running from C:\Users\Evelyn\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_63b9aeb0b2db5e8b\STacSV.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
() C:\Windows\jwpen.exe
() C:\Windows\Jwpen.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.2.0.38\NIS.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Data Perceptions / PowerProgrammer) C:\Windows\system32\WebUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Google) C:\Program Files\Google\Google Talk\googletalk.exe
() C:\Windows\System32\HWKeyPlus.exe
() C:\Windows\System32\HWTabTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(汉王科技股份有限公司) C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files\Norton Family\Engine\2.9.5.29\NF.exe
(Symantec Corporation) C:\Program Files\Norton Family\Engine\2.9.5.29\NF.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495715 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [593920 2011-04-26] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [HWTablet KeyPlus] => C:\Windows\system32\HWKeyPlus.exe [53248 2008-06-03] ()
HKLM\...\Run: [HWTablet Service] => C:\Windows\system32\HWTabTray.exe [184320 2009-03-05] ()
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*TampMon] - C:\Program Files\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Evelyn\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3588952 2014-03-08] (Electronic Arts)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [Google Update] => C:\Users\Evelyn\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-04] (Google Inc.)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-11-16] (AMD)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\MountPoints2: {69daf7a3-915a-11e3-bd4a-806e6f6e6963} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\MountPoints2: {cc1fe0b6-72b3-11e3-b00a-485b39373aac} - E:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hanvon Soft.lnk
ShortcutTarget: Hanvon Soft.lnk -> C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe (汉王科技股份有限公司)
Startup: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE986A1197733CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.223.1 192.168.239.1

FireFox:
========
FF ProfilePath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files\Roblox\Versions\version-77cb13cdf4414374\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Evelyn\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Evelyn\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Evelyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Evelyn\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Evelyn\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Codecv - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\Extensions\501cf8456ffa3@501cf8456ffdd.info [2012-09-29]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-05-12]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.14\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.14\coFFFw\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-10-31]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-15]
CHR Extension: (Google Drive) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-15]
CHR Extension: (YouTube) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-15]
CHR Extension: (Google-Suche) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-15]
CHR Extension: (AdBlock Premium) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-01-02]
CHR Extension: (AdBlock) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-15]
CHR Extension: (Norton Identity Protection) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-19]
CHR Extension: (Norton™ Family) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2013-09-19]
CHR Extension: (Google Wallet) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Google Mail) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files\Norton Family\Engine\2.9.5.29\Extensions\Chrome.crx [2014-02-12]
CHR HKLM\...\Chrome\Extension: [oclcjojjnkeionnajdimfdldkbbjifmf] - C:\ProgramData\Codecv\oclcjojjnkeionnajdimfdldkbbjifmf.crx [2014-02-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-11-09] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [18432 2011-05-05] ()
R2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-05-28] ()
S2 gupdate1cb055562ebb685; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-06-06] (Google Inc.)
R2 HWSuperPowerTablet; C:\Windows\jwpen.exe [66560 2008-06-03] ()
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 NSM; C:\Program Files\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_63b9aeb0b2db5e8b\STacSV.exe [229465 2009-11-27] (IDT, Inc.)
R2 WebUpdate; C:\Windows\system32\WebUpdateSvc.exe [266240 2005-08-03] (Data Perceptions / PowerProgrammer)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV05; C:\Windows\system32\drivers\ACEDRV05.sys [97792 2012-01-20] (Protect Software GmbH)
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2011-03-26] (Protect Software GmbH)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2009-08-21] (Alcor Micro, Corp.)
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-01-16] ()
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [1098968 2014-03-19] (Symantec Corporation)
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1502000.026\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSM\0209050.01D\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140423.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140423.034\NAVENG.SYS [93272 2013-10-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140423.034\NAVEX15.SYS [1612376 2013-10-31] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2011-01-04] (CACE Technologies)
S3 QCPro; C:\Windows\System32\DRIVERS\p35u.sys [116480 2002-12-10] (Logitech Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759872 2009-08-12] ()
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1502000.026\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1502000.026\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1502000.026\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-10-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1502000.026\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1502000.026\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSM\0209050.01D\SymRdrS.SYS [203992 2013-12-18] (Symantec Corporation)
R3 VHWDrawing; C:\Windows\System32\DRIVERS\HWDrawing.sys [6400 2007-03-26] (Windows (R) Codename Longhorn DDK provider)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S2 HYRDBios; system32\DRIVERS\HYRDBios.sys [X]
U2 V2iMount; 
S3 XDva387; \??\C:\Windows\system32\XDva387.sys [X]
S3 XDva392; \??\C:\Windows\system32\XDva392.sys [X]
S3 XDva396; \??\C:\Windows\system32\XDva396.sys [X]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: ezGOSvc -> C:\Windows\system32\ezGOSvc.dll ()

==================== One Month Created Files and Folders ========

2014-04-24 16:06 - 2014-04-24 16:06 - 00009595 _____ () C:\Users\Evelyn\Desktop\JRT.txt
2014-04-24 16:03 - 2014-04-24 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-04-24 16:00 - 2014-04-24 16:00 - 01016261 _____ (Thisisu) C:\Users\Evelyn\Desktop\JRT.exe
2014-04-24 15:57 - 2014-04-24 15:58 - 00010050 _____ () C:\Users\Evelyn\Desktop\Neues Textdokument.txt
2014-04-24 15:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-04-24 15:45 - 2014-04-24 15:53 - 00000000 ____D () C:\AdwCleaner
2014-04-24 15:43 - 2014-04-24 15:43 - 01365865 _____ () C:\Users\Evelyn\Desktop\adwcleaner.exe
2014-04-24 15:41 - 2014-04-24 15:41 - 00007619 _____ () C:\Users\Evelyn\Desktop\mbam.txt
2014-04-24 14:01 - 2014-04-24 15:38 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 14:01 - 2014-04-24 14:01 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-24 14:01 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-24 14:01 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-24 14:01 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-24 13:59 - 2014-04-24 13:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Evelyn\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-24 08:35 - 2014-04-24 08:36 - 00045773 _____ () C:\Users\Evelyn\Desktop\Addition.txt
2014-04-24 08:33 - 2014-04-24 16:07 - 00024991 _____ () C:\Users\Evelyn\Desktop\FRST.txt
2014-04-24 08:33 - 2014-04-24 16:07 - 00000000 ____D () C:\FRST
2014-04-24 08:32 - 2014-04-24 08:32 - 01048576 _____ (Farbar) C:\Users\Evelyn\Desktop\FRST.exe
2014-04-23 16:18 - 2014-04-23 16:18 - 03081712 ____N (Symantec Corporation) C:\Users\Evelyn\Desktop\NPE.exe
2014-04-23 07:24 - 2014-04-23 07:24 - 00001285 _____ () C:\Users\Evelyn\Desktop\ROBLOX Player.lnk
2014-04-23 07:23 - 2014-04-23 07:24 - 00001104 _____ () C:\Users\Evelyn\Desktop\ROBLOX Studio 2013.lnk
2014-04-22 21:41 - 2014-04-22 21:41 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 21:09 - 2014-04-22 21:09 - 00253952 _____ () C:\Users\Evelyn\Desktop\New Canvas.sai
2014-04-13 16:27 - 2013-03-25 20:27 - 00000042 _____ () C:\Users\Evelyn\Documents\aionmemo_8f d76 7.bak
2014-04-09 12:47 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 12:47 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 12:47 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 12:47 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 12:47 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 12:47 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 12:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 12:47 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-30 14:35 - 2014-03-30 14:35 - 00000000 ____D () C:\Users\Evelyn\Documents\The Movies

==================== One Month Modified Files and Folders =======

2014-04-24 16:08 - 2014-04-24 08:33 - 00024991 _____ () C:\Users\Evelyn\Desktop\FRST.txt
2014-04-24 16:07 - 2014-04-24 08:33 - 00000000 ____D () C:\FRST
2014-04-24 16:06 - 2014-04-24 16:06 - 00009595 _____ () C:\Users\Evelyn\Desktop\JRT.txt
2014-04-24 16:04 - 2009-07-14 06:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 16:04 - 2009-07-14 06:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 16:03 - 2014-04-24 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-04-24 16:00 - 2014-04-24 16:00 - 01016261 _____ (Thisisu) C:\Users\Evelyn\Desktop\JRT.exe
2014-04-24 15:58 - 2014-04-24 15:57 - 00010050 _____ () C:\Users\Evelyn\Desktop\Neues Textdokument.txt
2014-04-24 15:58 - 2010-06-06 10:51 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Skype
2014-04-24 15:55 - 2011-07-27 07:15 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\Htc
2014-04-24 15:55 - 2011-06-04 16:37 - 00000000 ____D () C:\Program Files\Origin
2014-04-24 15:54 - 2013-11-03 21:35 - 00003116 _____ () C:\Windows\HWTablet.bin
2014-04-24 15:54 - 2012-08-04 12:25 - 00000334 ____H () C:\Windows\Tasks\CodecUpdaterTask{021B7108-D364-46A2-8F39-6B2ED6A0EBE3}.job
2014-04-24 15:54 - 2012-06-23 20:23 - 00024281 _____ () C:\Windows\setupact.log
2014-04-24 15:54 - 2010-06-06 16:45 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 15:54 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 15:53 - 2014-04-24 15:45 - 00000000 ____D () C:\AdwCleaner
2014-04-24 15:53 - 2010-05-14 14:01 - 01372705 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 15:43 - 2014-04-24 15:43 - 01365865 _____ () C:\Users\Evelyn\Desktop\adwcleaner.exe
2014-04-24 15:41 - 2014-04-24 15:41 - 00007619 _____ () C:\Users\Evelyn\Desktop\mbam.txt
2014-04-24 15:38 - 2014-04-24 14:01 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 15:37 - 2011-06-14 20:26 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001UA.job
2014-04-24 15:36 - 2010-07-14 16:04 - 01743364 _____ () C:\Windows\PFRO.log
2014-04-24 15:26 - 2010-06-06 16:45 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 14:01 - 2014-04-24 14:01 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-24 13:59 - 2014-04-24 13:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Evelyn\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-24 08:36 - 2014-04-24 08:35 - 00045773 _____ () C:\Users\Evelyn\Desktop\Addition.txt
2014-04-24 08:36 - 2010-07-25 11:27 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\Adobe
2014-04-24 08:32 - 2014-04-24 08:32 - 01048576 _____ (Farbar) C:\Users\Evelyn\Desktop\FRST.exe
2014-04-24 08:27 - 2010-10-18 20:32 - 00000000 ____D () C:\ProgramData\Origin
2014-04-23 22:11 - 2011-02-13 21:07 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\CrashDumps
2014-04-23 21:24 - 2009-07-14 04:04 - 00000430 _____ () C:\Windows\win.ini
2014-04-23 20:53 - 2011-02-12 17:46 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\.minecraft
2014-04-23 20:44 - 2011-05-01 20:00 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\NPE
2014-04-23 16:18 - 2014-04-23 16:18 - 03081712 ____N (Symantec Corporation) C:\Users\Evelyn\Desktop\NPE.exe
2014-04-23 13:40 - 2010-06-05 07:59 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Mozilla
2014-04-23 08:07 - 2010-06-05 07:48 - 00000000 ____D () C:\Users\Evelyn
2014-04-23 08:05 - 2011-02-09 17:33 - 00000000 ____D () C:\ProgramData\Sony
2014-04-23 07:58 - 2010-05-14 14:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-23 07:50 - 2012-01-20 21:24 - 00035328 ___SH () C:\Users\Evelyn\Thumbs.db
2014-04-23 07:24 - 2014-04-23 07:24 - 00001285 _____ () C:\Users\Evelyn\Desktop\ROBLOX Player.lnk
2014-04-23 07:24 - 2014-04-23 07:23 - 00001104 _____ () C:\Users\Evelyn\Desktop\ROBLOX Studio 2013.lnk
2014-04-23 07:24 - 2011-11-21 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2014-04-22 21:41 - 2014-04-22 21:41 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 21:09 - 2014-04-22 21:09 - 00253952 _____ () C:\Users\Evelyn\Desktop\New Canvas.sai
2014-04-22 17:48 - 2010-10-11 19:07 - 00000476 ____H () C:\Windows\Tasks\Norton Security Scan for Evelyn.job
2014-04-22 16:42 - 2010-06-06 10:49 - 00000000 ___RD () C:\Program Files\Skype
2014-04-22 12:54 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-20 17:37 - 2011-06-14 20:26 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001Core.job
2014-04-18 23:36 - 2010-06-19 13:25 - 00000000 ____D () C:\Program Files\Steam
2014-04-18 07:41 - 2011-06-14 20:26 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-18 07:30 - 2014-02-11 00:23 - 00000000 ____D () C:\Users\Evelyn\Desktop\To be Sorted
2014-04-17 11:29 - 2010-07-05 13:50 - 00000000 ____D () C:\Users\Evelyn\.gimp-2.6
2014-04-17 09:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-17 08:44 - 2010-11-28 15:46 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\gtk-2.0
2014-04-12 15:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-10 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-09 21:26 - 2013-08-09 23:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:22 - 2010-06-05 07:40 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-03 09:51 - 2014-04-24 14:01 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-24 14:01 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-24 14:01 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 17:10 - 2010-05-14 14:09 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 17:04 - 2013-10-31 15:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-04-02 17:04 - 2011-02-12 14:54 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-03-31 02:13 - 2014-04-09 12:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 12:47 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 14:35 - 2014-03-30 14:35 - 00000000 ____D () C:\Users\Evelyn\Documents\The Movies
2014-03-30 14:35 - 2012-01-14 13:28 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Lionhead Studios
2014-03-29 20:24 - 2011-03-06 10:48 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Audacity

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\sysqcl1129139270.dat


Some content of TEMP:
====================
C:\Users\Cygnet\AppData\Local\Temp\_is513B.exe
C:\Users\Evelyn\AppData\Local\Temp\AutoRun.exe
C:\Users\Evelyn\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Evelyn\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Evelyn\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Evelyn\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Evelyn\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Evelyn\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Evelyn\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Evelyn\AppData\Local\Temp\First15.exe
C:\Users\Evelyn\AppData\Local\Temp\Quarantine.exe
C:\Users\Evelyn\AppData\Local\Temp\rootsupd.exe
C:\Users\Evelyn\AppData\Local\Temp\ubi6A29.tmp.exe
C:\Users\Evelyn\AppData\Local\Temp\ubi9DA7.tmp.exe
C:\Users\Evelyn\AppData\Local\Temp\ubiA1FD.tmp.exe
C:\Users\Evelyn\AppData\Local\Temp\VP6Install.exe
C:\Users\Evelyn\AppData\Local\Temp\VP6VFW.dll
C:\Users\Evelyn\AppData\Local\Temp\_is7213.exe
C:\Users\Evelyn\AppData\Local\Temp\_is9397.exe
C:\Users\Evelyn\AppData\Local\Temp\_isA58E.exe
C:\Users\Evelyn\AppData\Local\Temp\_isDA48.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 19:58

==================== End Of Log ============================

--- --- ---

So, ich hoffe das ist alles richtig

schrauber · 25.04.2014, 09:21

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

EvelynW · 25.04.2014, 19:38

Juuuuuut! Also, hier, endlich fertig! Der Scan hat sooo lange gedauert.

Hier ist der ESET Scan:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3b10dd8beb52eb4fa56a000322c5deb5
# engine=18033
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-25 06:03:43
# local_time=2014-04-25 08:03:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 90 16984 161045608 0 0
# compatibility_mode=5893 16776574 100 94 24838513 150080214 0 0
# scanned=525336
# found=3
# cleaned=0
# scan_time=14235
sh=8E842BF068B04F36475A3BF86C5EA6A9839BBB5E ft=1 fh=e5da1a6b62afb1d7 vn="Win32/Adware.MultiPlug application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Codecv\bhoclass.dll.vir"
sh=A696C5A0D50145AFDE3D3A71F70B1C3006AC2199 ft=1 fh=da0003b6601dbc17 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\continuetosave\50fc4b96aa27a.dll.vir"
sh=121C8E907FA3D8EF3AA580D774DAD5461AEAFF97 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\Extensions\50fc4b96aa0e9@50fc4b96aa122.com\content\bg.js.vir"

Der SECURITYCHECK Scan:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 29  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 	10.1.102.64 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und der FRST Scan:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by Evelyn (administrator) on CYGNET-PC on 25-04-2014 20:37:19
Running from C:\Users\Evelyn\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_63b9aeb0b2db5e8b\STacSV.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
() C:\Windows\jwpen.exe
() C:\Windows\Jwpen.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files\Norton Family\Engine\2.9.5.29\NF.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Data Perceptions / PowerProgrammer) C:\Windows\system32\WebUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Symantec Corporation) C:\Program Files\Norton Family\Engine\2.9.5.29\NF.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Google) C:\Program Files\Google\Google Talk\googletalk.exe
() C:\Windows\System32\HWKeyPlus.exe
() C:\Windows\System32\HWTabTray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(汉王科技股份有限公司) C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\HTC\HTC Sync 3.0\adb.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Evelyn\Desktop\SecurityCheck.exe
(Google Inc.) C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495715 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [593920 2011-04-26] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [HWTablet KeyPlus] => C:\Windows\system32\HWKeyPlus.exe [53248 2008-06-03] ()
HKLM\...\Run: [HWTablet Service] => C:\Windows\system32\HWTabTray.exe [184320 2009-03-05] ()
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*TampMon] - C:\Program Files\Norton Family\Engine\2.9.5.29\tampmon.exe [61792 2014-02-10] (Symantec Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Evelyn\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [Google Update] => C:\Users\Evelyn\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-04] (Google Inc.)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\MountPoints2: {69daf7a3-915a-11e3-bd4a-806e6f6e6963} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-698156655-3041474433-3874372325-1001\...\MountPoints2: {cc1fe0b6-72b3-11e3-b00a-485b39373aac} - E:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hanvon Soft.lnk
ShortcutTarget: Hanvon Soft.lnk -> C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe (汉王科技股份有限公司)
Startup: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE986A1197733CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Family\Engine\2.9.5.29\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.223.1 192.168.239.1

FireFox:
========
FF ProfilePath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files\Roblox\Versions\version-a21a1def88774149\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Evelyn\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Evelyn\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Evelyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Evelyn\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Evelyn\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Codecv - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\Extensions\501cf8456ffa3@501cf8456ffdd.info [2012-09-29]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\c0m5y4it.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-05-12]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.14\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.14\coFFFw\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-10-31]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-15]
CHR Extension: (Google Drive) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-15]
CHR Extension: (YouTube) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-15]
CHR Extension: (Google-Suche) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-15]
CHR Extension: (AdBlock Premium) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-01-02]
CHR Extension: (AdBlock) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-15]
CHR Extension: (Norton Identity Protection) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-19]
CHR Extension: (Norton™ Family) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2013-09-19]
CHR Extension: (Google Wallet) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Google Mail) - C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files\Norton Family\Engine\2.9.5.29\Extensions\Chrome.crx [2014-02-12]
CHR HKLM\...\Chrome\Extension: [oclcjojjnkeionnajdimfdldkbbjifmf] - C:\ProgramData\Codecv\oclcjojjnkeionnajdimfdldkbbjifmf.crx [2014-02-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-11-09] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [18432 2011-05-05] ()
R2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-05-28] ()
S2 gupdate1cb055562ebb685; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-06-06] (Google Inc.)
R2 HWSuperPowerTablet; C:\Windows\jwpen.exe [66560 2008-06-03] ()
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 NSM; C:\Program Files\Norton Family\Engine\2.9.5.29\NF.exe [570944 2014-02-10] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_63b9aeb0b2db5e8b\STacSV.exe [229465 2009-11-27] (IDT, Inc.)
R2 WebUpdate; C:\Windows\system32\WebUpdateSvc.exe [266240 2005-08-03] (Data Perceptions / PowerProgrammer)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV05; C:\Windows\system32\drivers\ACEDRV05.sys [97792 2012-01-20] (Protect Software GmbH)
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2011-03-26] (Protect Software GmbH)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2009-08-21] (Alcor Micro, Corp.)
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-01-16] ()
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [1098968 2014-03-19] (Symantec Corporation)
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1502000.026\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSM\0209050.01D\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140424.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140425.001\NAVENG.SYS [93272 2013-10-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140425.001\NAVEX15.SYS [1612376 2013-10-31] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2011-01-04] (CACE Technologies)
S3 QCPro; C:\Windows\System32\DRIVERS\p35u.sys [116480 2002-12-10] (Logitech Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759872 2009-08-12] ()
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1502000.026\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1502000.026\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1502000.026\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-10-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1502000.026\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1502000.026\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSM\0209050.01D\SymRdrS.SYS [203992 2013-12-18] (Symantec Corporation)
R3 VHWDrawing; C:\Windows\System32\DRIVERS\HWDrawing.sys [6400 2007-03-26] (Windows (R) Codename Longhorn DDK provider)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S2 HYRDBios; system32\DRIVERS\HYRDBios.sys [X]
U2 V2iMount; 
S3 XDva387; \??\C:\Windows\system32\XDva387.sys [X]
S3 XDva392; \??\C:\Windows\system32\XDva392.sys [X]
S3 XDva396; \??\C:\Windows\system32\XDva396.sys [X]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: ezGOSvc -> C:\Windows\system32\ezGOSvc.dll ()

==================== One Month Created Files and Folders ========

2014-04-25 11:04 - 2014-04-25 11:05 - 00855379 _____ () C:\Users\Evelyn\Desktop\SecurityCheck.exe
2014-04-25 11:04 - 2014-04-25 11:04 - 02347384 _____ (ESET) C:\Users\Evelyn\Desktop\esetsmartinstaller_enu.exe
2014-04-24 21:59 - 2014-04-24 21:59 - 01060864 _____ () C:\Users\Evelyn\Desktop\Pumpkin.sai
2014-04-24 16:06 - 2014-04-24 16:06 - 00009595 _____ () C:\Users\Evelyn\Desktop\JRT.txt
2014-04-24 16:03 - 2014-04-24 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-04-24 16:00 - 2014-04-24 16:00 - 01016261 _____ (Thisisu) C:\Users\Evelyn\Desktop\JRT.exe
2014-04-24 15:57 - 2014-04-24 15:58 - 00010050 _____ () C:\Users\Evelyn\Desktop\Neues Textdokument.txt
2014-04-24 15:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-04-24 15:45 - 2014-04-24 15:53 - 00000000 ____D () C:\AdwCleaner
2014-04-24 15:43 - 2014-04-24 15:43 - 01365865 _____ () C:\Users\Evelyn\Desktop\adwcleaner.exe
2014-04-24 15:41 - 2014-04-24 15:41 - 00007619 _____ () C:\Users\Evelyn\Desktop\mbam.txt
2014-04-24 14:01 - 2014-04-24 15:38 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 14:01 - 2014-04-24 14:01 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-24 14:01 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-24 14:01 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-24 14:01 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-24 13:59 - 2014-04-24 13:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Evelyn\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-24 08:35 - 2014-04-24 08:36 - 00045773 _____ () C:\Users\Evelyn\Desktop\Addition.txt
2014-04-24 08:33 - 2014-04-25 20:37 - 00024925 _____ () C:\Users\Evelyn\Desktop\FRST.txt
2014-04-24 08:33 - 2014-04-25 20:37 - 00000000 ____D () C:\FRST
2014-04-24 08:32 - 2014-04-24 08:32 - 01048576 _____ (Farbar) C:\Users\Evelyn\Desktop\FRST.exe
2014-04-23 16:18 - 2014-04-23 16:18 - 03081712 ____N (Symantec Corporation) C:\Users\Evelyn\Desktop\NPE.exe
2014-04-23 07:24 - 2014-04-24 16:41 - 00001285 _____ () C:\Users\Evelyn\Desktop\ROBLOX Player.lnk
2014-04-23 07:23 - 2014-04-24 16:41 - 00001104 _____ () C:\Users\Evelyn\Desktop\ROBLOX Studio 2013.lnk
2014-04-22 21:41 - 2014-04-22 21:41 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 21:09 - 2014-04-22 21:09 - 00253952 _____ () C:\Users\Evelyn\Desktop\New Canvas.sai
2014-04-13 16:27 - 2013-03-25 20:27 - 00000042 _____ () C:\Users\Evelyn\Documents\aionmemo_8f d76 7.bak
2014-04-09 12:47 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 12:47 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 12:47 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 12:47 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 12:47 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 12:47 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 12:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 12:47 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-30 14:35 - 2014-03-30 14:35 - 00000000 ____D () C:\Users\Evelyn\Documents\The Movies

==================== One Month Modified Files and Folders =======

2014-04-25 20:38 - 2014-04-24 08:33 - 00024925 _____ () C:\Users\Evelyn\Desktop\FRST.txt
2014-04-25 20:37 - 2014-04-24 08:33 - 00000000 ____D () C:\FRST
2014-04-25 20:37 - 2011-06-14 20:26 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001UA.job
2014-04-25 20:26 - 2010-06-06 16:45 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 20:18 - 2010-06-06 10:51 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Skype
2014-04-25 19:16 - 2010-05-14 14:01 - 01423730 _____ () C:\Windows\WindowsUpdate.log
2014-04-25 19:15 - 2010-10-11 19:07 - 00000476 ____H () C:\Windows\Tasks\Norton Security Scan for Evelyn.job
2014-04-25 18:34 - 2009-07-14 04:04 - 00000430 _____ () C:\Windows\win.ini
2014-04-25 17:37 - 2011-06-14 20:26 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-698156655-3041474433-3874372325-1001Core.job
2014-04-25 16:04 - 2010-10-18 20:32 - 00000000 ____D () C:\ProgramData\Origin
2014-04-25 16:02 - 2012-08-04 12:25 - 00000334 ____H () C:\Windows\Tasks\CodecUpdaterTask{021B7108-D364-46A2-8F39-6B2ED6A0EBE3}.job
2014-04-25 16:02 - 2011-07-27 07:15 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\Htc
2014-04-25 16:02 - 2011-06-04 16:37 - 00000000 ____D () C:\Program Files\Origin
2014-04-25 16:02 - 2010-06-06 16:45 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-25 15:03 - 2009-07-14 06:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-25 15:03 - 2009-07-14 06:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 14:56 - 2013-11-03 21:35 - 00003116 _____ () C:\Windows\HWTablet.bin
2014-04-25 14:56 - 2012-06-23 20:23 - 00024449 _____ () C:\Windows\setupact.log
2014-04-25 14:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-25 11:05 - 2014-04-25 11:04 - 00855379 _____ () C:\Users\Evelyn\Desktop\SecurityCheck.exe
2014-04-25 11:04 - 2014-04-25 11:04 - 02347384 _____ (ESET) C:\Users\Evelyn\Desktop\esetsmartinstaller_enu.exe
2014-04-25 08:55 - 2010-07-25 11:27 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\Adobe
2014-04-24 21:59 - 2014-04-24 21:59 - 01060864 _____ () C:\Users\Evelyn\Desktop\Pumpkin.sai
2014-04-24 16:41 - 2014-04-23 07:24 - 00001285 _____ () C:\Users\Evelyn\Desktop\ROBLOX Player.lnk
2014-04-24 16:41 - 2014-04-23 07:23 - 00001104 _____ () C:\Users\Evelyn\Desktop\ROBLOX Studio 2013.lnk
2014-04-24 16:41 - 2011-11-21 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2014-04-24 16:06 - 2014-04-24 16:06 - 00009595 _____ () C:\Users\Evelyn\Desktop\JRT.txt
2014-04-24 16:03 - 2014-04-24 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-04-24 16:00 - 2014-04-24 16:00 - 01016261 _____ (Thisisu) C:\Users\Evelyn\Desktop\JRT.exe
2014-04-24 15:58 - 2014-04-24 15:57 - 00010050 _____ () C:\Users\Evelyn\Desktop\Neues Textdokument.txt
2014-04-24 15:53 - 2014-04-24 15:45 - 00000000 ____D () C:\AdwCleaner
2014-04-24 15:43 - 2014-04-24 15:43 - 01365865 _____ () C:\Users\Evelyn\Desktop\adwcleaner.exe
2014-04-24 15:41 - 2014-04-24 15:41 - 00007619 _____ () C:\Users\Evelyn\Desktop\mbam.txt
2014-04-24 15:38 - 2014-04-24 14:01 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 15:36 - 2010-07-14 16:04 - 01743364 _____ () C:\Windows\PFRO.log
2014-04-24 15:35 - 2012-08-04 12:25 - 00000000 ____D () C:\ProgramData\Codec
2014-04-24 14:01 - 2014-04-24 14:01 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 14:01 - 2014-04-24 14:01 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-24 13:59 - 2014-04-24 13:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Evelyn\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-24 08:36 - 2014-04-24 08:35 - 00045773 _____ () C:\Users\Evelyn\Desktop\Addition.txt
2014-04-24 08:32 - 2014-04-24 08:32 - 01048576 _____ (Farbar) C:\Users\Evelyn\Desktop\FRST.exe
2014-04-23 22:11 - 2011-02-13 21:07 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\CrashDumps
2014-04-23 20:53 - 2011-02-12 17:46 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\.minecraft
2014-04-23 20:44 - 2011-05-01 20:00 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\NPE
2014-04-23 16:18 - 2014-04-23 16:18 - 03081712 ____N (Symantec Corporation) C:\Users\Evelyn\Desktop\NPE.exe
2014-04-23 13:40 - 2010-06-05 07:59 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Mozilla
2014-04-23 08:07 - 2010-06-05 07:48 - 00000000 ____D () C:\Users\Evelyn
2014-04-23 08:05 - 2011-02-09 17:33 - 00000000 ____D () C:\ProgramData\Sony
2014-04-23 07:58 - 2010-05-14 14:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-23 07:50 - 2012-01-20 21:24 - 00035328 ___SH () C:\Users\Evelyn\Thumbs.db
2014-04-22 21:41 - 2014-04-22 21:41 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 21:09 - 2014-04-22 21:09 - 00253952 _____ () C:\Users\Evelyn\Desktop\New Canvas.sai
2014-04-22 16:42 - 2010-06-06 10:49 - 00000000 ___RD () C:\Program Files\Skype
2014-04-22 12:54 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-18 23:36 - 2010-06-19 13:25 - 00000000 ____D () C:\Program Files\Steam
2014-04-18 07:41 - 2011-06-14 20:26 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-18 07:30 - 2014-02-11 00:23 - 00000000 ____D () C:\Users\Evelyn\Desktop\To be Sorted
2014-04-17 11:29 - 2010-07-05 13:50 - 00000000 ____D () C:\Users\Evelyn\.gimp-2.6
2014-04-17 09:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-17 08:44 - 2010-11-28 15:46 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\gtk-2.0
2014-04-12 15:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-10 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-09 21:26 - 2013-08-09 23:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:22 - 2010-06-05 07:40 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-03 09:51 - 2014-04-24 14:01 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-24 14:01 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-24 14:01 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 17:10 - 2010-05-14 14:09 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 17:04 - 2013-10-31 15:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-04-02 17:04 - 2011-02-12 14:54 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-03-31 02:13 - 2014-04-09 12:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 12:47 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 14:35 - 2014-03-30 14:35 - 00000000 ____D () C:\Users\Evelyn\Documents\The Movies
2014-03-30 14:35 - 2012-01-14 13:28 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Lionhead Studios
2014-03-29 20:24 - 2011-03-06 10:48 - 00000000 ____D () C:\Users\Evelyn\AppData\Roaming\Audacity

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\sysqcl1129139270.dat


Some content of TEMP:
====================
C:\Users\Cygnet\AppData\Local\Temp\_is513B.exe
C:\Users\Evelyn\AppData\Local\Temp\AutoRun.exe
C:\Users\Evelyn\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Evelyn\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Evelyn\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Evelyn\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Evelyn\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Evelyn\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Evelyn\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Evelyn\AppData\Local\Temp\First15.exe
C:\Users\Evelyn\AppData\Local\Temp\Quarantine.exe
C:\Users\Evelyn\AppData\Local\Temp\rootsupd.exe
C:\Users\Evelyn\AppData\Local\Temp\ubi6A29.tmp.exe
C:\Users\Evelyn\AppData\Local\Temp\ubi9DA7.tmp.exe
C:\Users\Evelyn\AppData\Local\Temp\ubiA1FD.tmp.exe
C:\Users\Evelyn\AppData\Local\Temp\VP6Install.exe
C:\Users\Evelyn\AppData\Local\Temp\VP6VFW.dll
C:\Users\Evelyn\AppData\Local\Temp\_is7213.exe
C:\Users\Evelyn\AppData\Local\Temp\_is9397.exe
C:\Users\Evelyn\AppData\Local\Temp\_isA58E.exe
C:\Users\Evelyn\AppData\Local\Temp\_isDA48.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 19:58

==================== End Of Log ============================

--- --- ---

Yay

schrauber · 26.04.2014, 15:40

Java, Flash und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

EvelynW · 26.04.2014, 17:15

Hallo - ich wollte gerade einen FRST Scan machen, aber das Programm stürtzt immer ab und sagt "Keine Rückmeldung".
Und dann geht das Fenster zu, lädt aber noch im Hintergrund.
Einen Ordner hat es auch erstellt, der heißt "FRST-OlderVersion". Ich hab mal versucht, da FRST raus zu starten, aber der ist auch abgestürtzt. Vielleicht neu downloaden?

EDIT: Auch das neu downloaden von FRST hat nichts gebracht. Was jetzt passiert, ist mir auch komplett wirr. Ich führe FRST aus, und ich sehe das Fenster für ein paar Sekunden. Danach geht es einfach aus. Im Hintergrund läuft es auch nicht mehr. Was kann ich tun?

EDIT2: Norton meldet mir gerade 12 Viren. FRST, welches ich mehrmals heruntergeladen habe und versucht habe, zu updaten, wird als Virus erkannt und wird jedesmal gelöscht. Ich habe ebenfalls versucht Adobe Reader 11 und Adobe Flash Player zu updaten, doch diese Files wurden ebenfalls gelöscht. Ursache nicht sicher, da Norton keinen Alarm für diese beiden Schlug. Kann es sein dass diese beiden Programme nur einen Doppelclick erfordern? Steht so auf der Website, aber ich dachte da kommt noch mehr.
Nebenbei hat es auch noch "Suspicious.Cloud.7.EP" gefunden, zwei mal sogar. <-- Schlimm?
Was tun?

EDIT3: Okay, ich habe jetzt Norton ausgeschaltet gehabt und dann nochmal versucht. Hat funktioniert, hier ist der Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-04-2014 03
Ran by Evelyn at 2014-04-26 18:11:14 Run:1
Running from C:\Users\Evelyn\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowLegacyWebView => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowUnhashedWebView => Value deleted successfully.

==== End of Fixlog ====

Norton ist wieder an, bums, alles gut. Defogger und Combofix habe ich nicht auf meinem Rechner, also nehme ich mal an das das nichts mit mir zu tun hat.. :P

Da DelFix vorgeschlagen wird werde ich es benutzen. Aber, bevor ich das tue, steht da "Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst". Bedeutet das, dass alle meine Programme gelöscht werden oder irre ich mich da nur?
Übrigens, wenn ich Malwarebytes lösche, kommen dann nicht die ganzen Viren von der Quarantäne frei und laufen dann wieder über meinen Rechner wie bescheuert? Wills nur wissen bevor ich da was mache

schrauber · 27.04.2014, 18:06

Delfix entfernt nur die Tools, die wir benutzt haben. MBAM Löschen löscht ach die Quarantäne, da wird nix rei gelassen

EvelynW · 27.04.2014, 19:13

Suupi!

VIELEN, VIELEN DANK!

Tausend dank!
Werde ich definitiv weiterempfehlen!

schrauber · 28.04.2014, 08:50

Gern Geschehen

24.04.2014, 07:03	#4
schrauber /// the machine /// TB-Ausbilder	Habe ich immernoch Viren? ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

27.04.2014, 18:06	#12
schrauber /// the machine /// TB-Ausbilder	Habe ich immernoch Viren? Delfix entfernt nur die Tools, die wir benutzt haben. MBAM Löschen löscht ach die Quarantäne, da wird nix rei gelassen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

28.04.2014, 08:50	#14
schrauber /// the machine /// TB-Ausbilder	Habe ich immernoch Viren? Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Habe ich immernoch Viren?

Plagegeister aller Art und deren Bekämpfung: Habe ich immernoch Viren?