Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Chrome öffnet wahllos Fenster, Norton zeigt Bedrohung durch injects.js an, malwarebytes findet über 200 Viren (https://www.trojaner-board.de/153914-chrome-oeffnet-wahllos-fenster-norton-zeigt-bedrohung-injects-js-malwarebytes-findet-200-viren.html)

Cati 15.05.2014 18:19
Chrome öffnet wahllos Fenster, Norton zeigt Bedrohung durch injects.js an, malwarebytes findet über 200 Viren
 
Hallo,

ich habe seit heute morgen Probleme mit meinem Laptop. Ich wollte mir eine Erweiterung für Chrome installieren und auf einmal wurde mir von meinem Norton 360 Virusprogramm eine Bedrohung durch injects.js angezeigt. Seitdem öffnete mein Browser wahllos Fenster und auch meine Browserstartseite war jedes Mal eine andere. Ich habe mir dann malwarebytes heruntergeladen und habe es durchlaufen lassen. Dabei wurden über 200 Viren gefunden. Sowas ist mir noch nie passiert :(
Da ich mich mit Computern & Co. überhaupt nicht auskenne, brauche ich nun Hilfe. Ich bin nämlich echt etwas verzweifelt und weiß nicht so recht, ob und wie man dieses Problem wieder beheben kann...Vielen Dank euch schon einmal!!!

Ich habe hier mal das logfil von malwarebytes kopiert:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15.05.2014
Scan Time: 18:53:43
Logfile: virenscan.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.15.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Caterina Quast

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335952
Time Elapsed: 40 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1900, , [674c1b36a3d8b4827a4288cde8198f71]
Backdoor.Bot.ED, C:\Users\Caterina Quast\AppData\Local\fst_de_16\upfst_de_16.exe, 4508, , [169d10412754b97d4d9f0a6e02ff44bc]
Adware.Tuto4PC, C:\Program Files (x86)\fst_de_16\fst_de_16.exe, 3896, , [5162ba979edd0b2bae5b6b9dbf427d83]
PUP.Optional.FirstSeenToday.A, C:\Program Files (x86)\fst_de_16\fst_de_16.exe, 3896, , [13a0b1a083f8c670bec9bec8be442dd3]

Modules: 1
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, , [2e855001bcbfe551012eabecd42e6b95],

Registry Keys: 80
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, , [674c1b36a3d8b4827a4288cde8198f71],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, , [cce77fd2f98291a5c43d95c839c9e719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, , [cce77fd2f98291a5c43d95c839c9e719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [7340fb565724fb3bbdfaa6b616ecab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd.1, , [7340fb565724fb3bbdfaa6b616ecab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd, , [7340fb565724fb3bbdfaa6b616ecab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd, , [7340fb565724fb3bbdfaa6b616ecab55],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd.1, , [7340fb565724fb3bbdfaa6b616ecab55],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [7340fb565724fb3bbdfaa6b616ecab55],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [7340fb565724fb3bbdfaa6b616ecab55],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [6a491938a8d3d363fd0c38f01be7ea16],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [6a491938a8d3d363fd0c38f01be7ea16],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [6a491938a8d3d363fd0c38f01be7ea16],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [6a491938a8d3d363fd0c38f01be7ea16],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [6a491938a8d3d363fd0c38f01be7ea16],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [6a491938a8d3d363fd0c38f01be7ea16],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, , [892a59f8cead0d2939c9fe5fe51d42be],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [892a59f8cead0d2939c9fe5fe51d42be],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [892a59f8cead0d2939c9fe5fe51d42be],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, , [892a59f8cead0d2939c9fe5fe51d42be],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, , [892a59f8cead0d2939c9fe5fe51d42be],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, , [892a59f8cead0d2939c9fe5fe51d42be],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, , [892a59f8cead0d2939c9fe5fe51d42be],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [92217dd4007b74c29e18a0bc808253ad],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr.1, , [92217dd4007b74c29e18a0bc808253ad],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr, , [92217dd4007b74c29e18a0bc808253ad],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr, , [92217dd4007b74c29e18a0bc808253ad],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [92217dd4007b74c29e18a0bc808253ad],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr.1, , [92217dd4007b74c29e18a0bc808253ad],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [92217dd4007b74c29e18a0bc808253ad],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [92217dd4007b74c29e18a0bc808253ad],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, , [4172d978473487afce99e07d5ca6c33d],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, , [298a31201a61a88eb008401c08fa4db3],
Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\FreeSoftToday, , [9e15ada45f1c8caaade3269036cd3bc5],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, , [edc6074a5f1c3afc239027661ae86f91],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, , [fbb80e43b8c369cdd49b2a6430d27b85],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, , [9b1891c0304b3303538c951a26dd41bf],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, , [dad996bb3942a88eaae13081778c639d],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, , [456e4c056e0df73f0488e3cead56b34d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [d7dc1d34c8b31b1baac42a70e51d1de3],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial, , [7340e56c8cef06300b3a4d6843c07987],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [1a99e66b5724e94d7e0919972ed5c53b],
PUP.Optional.Qone8, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [3f74222f94e70b2b4ffc8e2e29da28d8],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore.1, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore.1, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\m, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\m, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mysearchdial, , [c3f0d37e72091a1c1f2a571a9e64f709],
Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\fst_de_16_is1, , [7f34d180334885b1b3ba1b5efa0850b0],

Registry Values: 7
Backdoor.Bot.ED, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upfst_de_16.exe, C:\Users\Caterina Quast\AppData\Local\fst_de_16\upfst_de_16.exe -runonce, , [169d10412754b97d4d9f0a6e02ff44bc]
Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_16, "C:\Program Files (x86)\fst_de_16\fst_de_16.exe", , [5162ba979edd0b2bae5b6b9dbf427d83]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{3004627E-F8E9-4E8B-909D-316753CBA923}, mysearchdial Toolbar, , [7340fb565724fb3bbdfaa6b616ecab55]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{3004627E-F8E9-4E8B-909D-316753CBA923}, , [258ec68b95e686b0dcdb0f4d669ce719],
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_16, "C:\Program Files (x86)\fst_de_16\fst_de_16.exe", , [13a0b1a083f8c670bec9bec8be442dd3]
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Caterina Quast\AppData\Roaming\Mozilla\Firefox\Profiles\vr7yneex.default\extensions\quick_start@gmail.com, , [b8fb71e0a7d43204234d6b2355ada35d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, , [1a99e66b5724e94d7e0919972ed5c53b]

Registry Data: 15
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX),,[f3c03a178fecf34371cd2d122ed658a8]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX&q={searchTerms}),,[aa0979d828532511c96c47f824e0936d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX),,[a70c77da1c5f0531003366d9aa5a926e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX),,[c3f0074a4437cf6742f5e35c9b697789]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX),,[a40f6de4d1aa53e36fcfe758709456aa]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX&q={searchTerms}),,[3182c091f388b5816bca51ee7193fa06]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX),,[2f841938d9a22610be7586b9aa5aef11]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX),,[e2d11f32710a02345ddaeb54cc38f907]
PUP.Optional.Snapdo, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[5e55440d453641f520b61038bf4553ad]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX),,[8033e0714f2c280e70c4be81af5553ad]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX),,[298aaaa7b7c4e254f4440c339371916f]
PUP.Optional.Snapdo, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[397aa9a8bfbcc076c4117aceef15916f]
PUP.Optional.Snapdo, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[bff475dcef8c9b9b5d7b90b8040046ba]
PUP.Optional.Snapdo, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[b8fb1c35a3d87eb8bf1a85c357add927]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1313419136-1395772497-2831837863-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}),,[446f6be691eaa3938de43e01976d33cd]

Folders: 44
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, , [2e855001bcbfe551012eabecd42e6b95],
Rogue.Multiple, C:\ProgramData\374311380, , [e6cddd74413a1b1b311b3b2512f09a66],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\mysearchdial, , [496aff5244374de9b82c83ec61a1d828],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\mysearchdial\icons_2.18.2.0, , [496aff5244374de9b82c83ec61a1d828],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\mysearchdial\UpdateProc, , [496aff5244374de9b82c83ec61a1d828],
PUP.Optional.OpenCandy, C:\Users\Caterina Quast\AppData\Roaming\OpenCandy, , [7f347ad7671470c6777ba1cedd25a957],
PUP.Optional.OpenCandy, C:\Users\Caterina Quast\AppData\Roaming\OpenCandy\133A3468EA3D41AF8AE8558E86BE79FD, , [7f347ad7671470c6777ba1cedd25a957],
Adware.EoRezo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSoftToday, , [e3d09ab7116af244fa7e3a369969768a],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, , [5261440d0d6e40f6af05333faa581de3],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, , [5261440d0d6e40f6af05333faa581de3],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\Mozilla\Firefox\Profiles\vr7yneex.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}, , [b4ff2e2399e2b97d2f99571ef70b07f9],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\Mozilla\Firefox\Profiles\vr7yneex.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales, , [b4ff2e2399e2b97d2f99571ef70b07f9],
PUP.Optional.WebsSearches.A, C:\Users\Caterina Quast\AppData\Roaming\webssearches, , [4c676fe20d6e23135b65c3b32cd6f10f],
Adware.EoRezo, C:\Users\Caterina Quast\AppData\Local\fst_de_16, , [e7ccb29fa1da78be12587dfc3cc66b95],
Adware.EoRezo, C:\Users\Caterina Quast\AppData\Local\fst_de_16\fst_de_16, , [e7ccb29fa1da78be12587dfc3cc66b95],
Adware.EoRezo, C:\Users\Caterina Quast\AppData\Local\fst_de_16\fst_de_16\1.10, , [e7ccb29fa1da78be12587dfc3cc66b95],
Adware.EoRezo, C:\Program Files (x86)\fst_de_16, , [7f34d180334885b1b3ba1b5efa0850b0],

Files: 130
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, , [674c1b36a3d8b4827a4288cde8198f71],
Backdoor.Bot.ED, C:\Users\Caterina Quast\AppData\Local\fst_de_16\upfst_de_16.exe, , [169d10412754b97d4d9f0a6e02ff44bc],
Adware.Tuto4PC, C:\Program Files (x86)\fst_de_16\fst_de_16.exe, , [5162ba979edd0b2bae5b6b9dbf427d83],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll, , [7340fb565724fb3bbdfaa6b616ecab55],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, , [6a491938a8d3d363fd0c38f01be7ea16],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe, , [892a59f8cead0d2939c9fe5fe51d42be],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll, , [92217dd4007b74c29e18a0bc808253ad],
PUP.Optional.SupTab.A, C:\Users\Caterina Quast\AppData\Roaming\SupTab\SupTab.dll, , [ab08173a6c0fe551f459082de61a9e62],
PUP.Optional.OptimumInstaller.A, C:\Users\Caterina Quast\Downloads\Player-Chrome.exe, , [9a1963eecdae2f07c54e95b806fbd52b],
PUP.Optional.Superfish.A, C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [0da6420f39422511b583018031d1bc44],
PUP.Optional.Superfish.A, C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [00b3dc755229fa3cfe3a87fae31f5fa1],
PUP.Optional.QuickStart.A, C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, , [0ea5dc752a516cca85044a42c83a768a],
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\searchplugins\Mysearchdial.xml, , [6c47e071d3a838fe09fcb8d80df558a8],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, , [2e855001bcbfe551012eabecd42e6b95],
PUP.Optional.FunMoods.A, C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage, , [4370fb56f8834beb486e6b4e3ac913ed],
PUP.Optional.FirstSeenToday.A, C:\Program Files (x86)\fst_de_16\fst_de_16.exe, , [13a0b1a083f8c670bec9bec8be442dd3],
Rogue.Multiple, C:\ProgramData\374311380\BITA987.tmp, , [e6cddd74413a1b1b311b3b2512f09a66],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\mysearchdial\UpdateProc\config.dat, , [496aff5244374de9b82c83ec61a1d828],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\mysearchdial\UpdateProc\info.dat, , [496aff5244374de9b82c83ec61a1d828],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT, , [496aff5244374de9b82c83ec61a1d828],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT, , [496aff5244374de9b82c83ec61a1d828],
PUP.Optional.MySearchDial.A, C:\Users\Caterina Quast\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe, , [496aff5244374de9b82c83ec61a1d828],
PUP.Optional.OpenCandy, C:\Users\Caterina Quast\AppData\Roaming\OpenCandy\133A3468EA3D41AF8AE8558E86BE79FD\Installer.exe, , [7f347ad7671470c6777ba1cedd25a957],
Adware.EoRezo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSoftToday\Freesofttoday.lnk, , [e3d09ab7116af244fa7e3a369969768a],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\FavIcon.ico, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\Sqlite3.dll, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\uninst.dat, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\uninstall.exe, , [c3f0d37e72091a1c1f2a571a9e64f709],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, , [5261440d0d6e40f6af05333faa581de3],
Adware.EoRezo, C:\Users\Caterina Quast\AppData\Local\fst_de_16\upfst_de_16.cyp, , [e7ccb29fa1da78be12587dfc3cc66b95],
Adware.EoRezo, C:\Users\Caterina Quast\AppData\Local\fst_de_16\user_profil.cyp, , [e7ccb29fa1da78be12587dfc3cc66b95],
Adware.EoRezo, C:\Users\Caterina Quast\AppData\Local\fst_de_16\fst_de_16\1.10\cnf.cyl, , [e7ccb29fa1da78be12587dfc3cc66b95],
Adware.EoRezo, C:\Users\Caterina Quast\AppData\Local\fst_de_16\fst_de_16\1.10\eorezo.cyl, , [e7ccb29fa1da78be12587dfc3cc66b95],
Adware.EoRezo, C:\Program Files (x86)\fst_de_16\freeSoftToday_widget.exe, , [7f34d180334885b1b3ba1b5efa0850b0],
Adware.EoRezo, C:\Program Files (x86)\fst_de_16\predm.exe, , [7f34d180334885b1b3ba1b5efa0850b0],
Adware.EoRezo, C:\Program Files (x86)\fst_de_16\unins000.dat, , [7f34d180334885b1b3ba1b5efa0850b0],
Adware.EoRezo, C:\Program Files (x86)\fst_de_16\unins000.exe, , [7f34d180334885b1b3ba1b5efa0850b0],
Adware.EoRezo, C:\Program Files (x86)\fst_de_16\unins000.msg, , [7f34d180334885b1b3ba1b5efa0850b0],
PUP.Optional.WebsSearches.A, C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "hxxp://istart.webssearches.com/?type=hppp&ts=1400168554&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX" ],), ,[8d26143dbcbfbd792521d69fd72d6997]
PUP.Optional.WebsSearches.A, C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (  "homepage": "hxxp://istart.webssearches.com/?type=hppp&ts=1400168554&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX",), ,[466db39e681365d169de6d080bf90000]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (  "homepage": "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0D0CzyyC0Ezy0A0BzyzyyDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyB0DyC0CtBtAzztGtCtBtAyDtG0AtCyEtDtGtDzz0BtCtGtDyCyEyE0CtDtA0EtCtD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyC0DyE0CtC0CtGtD0Ezy0BtG0DtByBtDtG0CyD0C0AtGtA0A0B0AyBzzyDtAyDyEzyyC2Q&cr=46250457&ir=",), ,[efc4a5aca1da063065ed3541c63e629e]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0D0CzyyC0Ezy0A0BzyzyyDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyB0DyC0CtBtAzztGtCtBtAyDtG0AtCyEtDtGtDzz0BtCtGtDyCyEyE0CtDtA0EtCtD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyC0DyE0CtC0CtGtD0Ezy0BtG0DtByBtDtG0CyD0C0AtGtA0A0B0AyBzzyDtAyDyEzyyC2Q&cr=46250457&ir=" ],), ,[ddd6d37e6912a78f9be9f58117ed817f]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0D0CzyyC0Ezy0A0BzyzyyDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyB0DyC0CtBtAzztGtCtBtAyDtG0AtCyEtDtGtDzz0BtCtGtDyCyEyE0CtDtA0EtCtD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyC0DyE0CtC0CtGtD0Ezy0BtG0DtByBtDtG0CyD0C0AtGtA0A0B0AyBzzyDtAyDyEzyyC2Q&cr=46250457&ir=");), ,[93209eb3a0dbe551c328da9bd23241bf]
PUP.Optional.MySearch.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.aflt", "dvd_14_13_ch");), ,[fcb7d9789edd4de9f4b9c5b00cf87888]
PUP.Optional.MySearch.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.instlRef", "140305_a");), ,[b300bc95a6d538fea706a8cd7e8629d7]
PUP.Optional.MySearch.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cr", "46250457");), ,[6f44f35e6615b6801e8faacbb3515fa1]
PUP.Optional.MySearch.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtByCtB0D0CzyyC0Ezy0A0BzyzyyDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyB0DyC0CtBtAzztGtCtBtAyDtG0AtCyEtDtGtDzz0BtCtGtDyCyEyE0CtDtA0EtCtD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyC0DyE0CtC0CtGtD0Ezy0BtG0DtByBtDtG0CyD0C0AtGtA0A0B0AyBzzyDtAyDyEzyyC2Q");), ,[2192252caad179bd109d6d08cc38da26]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true);), ,[f2c1fd54007b1d191d99bbbaba4abf41]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0D0CzyyC0Ezy0A0BzyzyyDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyB0DyC0CtBtAzztGtCtBtAyDtG0AtCyEtDtGtDzz0BtCtGtDyCyEyE0CtDtA0EtCtD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyC0DyE0CtC0CtGtD0Ezy0BtG0DtByBtDtG0CyD0C0AtGtA0A0B0AyBzzyDtAyDyEzyyC2Q&cr=46250457&ir=");), ,[793a4e038cefdc5acde95421c83cb44c]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true);), ,[81322130166504324c6ad5a022e20bf5]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), ,[793a2f22fc7f1c1a387ebcb919eb0df3]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true);), ,[842ffb56fb8051e57541bcb9fd07f10f]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false);), ,[407353fee299af876e48611412f259a7]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0D0CzyyC0Ezy0A0BzyzyyDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyB0DyC0CtBtAzztGtCtBtAyDtG0AtCyEtDtGtDzz0BtCtGtDyCyEyE0CtDtA0EtCtD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyC0DyE0CtC0CtGtD0Ezy0BtG0DtByBtDtG0CyD0C0AtGtA0A0B0AyBzzyDtAyDyEzyyC2Q&cr=46250457&ir=");), ,[4a6970e1a1da1224b6004d2838cc40c0]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0D0CzyyC0Ezy0A0BzyzyyDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyB0DyC0CtBtAzztGtCtBtAyDtG0AtCyEtDtGtDzz0BtCtGtDyCyEyE0CtDtA0EtCtD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyC0DyE0CtC0CtGtD0Ezy0BtG0DtByBtDtG0CyD0C0AtGtA0A0B0AyBzzyDtAyDyEzyyC2Q&cr=46250457&ir=&q=");), ,[9d16420f80fb2d09f6c06213dd27d12f]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "00262DC96E9AB995");), ,[0ba81839621937ff02b4d4a1e321f60a]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16159");), ,[e9cae66b8eedb87e783edd98c63e35cb]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");), ,[347fc78ab6c570c6cde92c490301b050]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");), ,[357e0f42631894a2971fa3d226de916f]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:34:10");), ,[cee5203185f62016feb8f77e5aaa7f81]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), ,[258e1938d4a76acc783ed2a345bf43bd]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), ,[199aca87c2b95fd7ebcba1d430d44cb4]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "dvd_14_13_ch");), ,[bbf82130e5966ccaeacc6b0a7f85ae52]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), ,[a2116de436450135d5e1f08561a337c9]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base");), ,[e7cc0b46ee8d72c4ab0bc3b212f24eb2]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "140305_a");), ,[e5cec28f1764112512a46c09749006fa]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", "");), ,[c8eb7fd2e7942e08971fe5902ed65ca4]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), ,[1a99dc754338bc7a15a1a0d5d034817f]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false);), ,[b3007cd54b306fc706b03d38b94bdd23]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "46250457");), ,[8e25f75a3942aa8c991db4c113f1e61a]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByCtB0D0CzyyC0Ezy0A0BzyzyyDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyB0DyC0CtBtAzztGtCtBtAyDtG0AtCyEtDtGtDzz0BtCtGtDyCyEyE0CtDtA0EtCtD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyC0DyE0CtC0CtGtD0Ezy0BtG0DtByBtDtG0CyD0C0AtGtA0A0B0AyBzzyDtAyDyEzyyC2Q");), ,[a50eb39e0d6e64d2f9bd99dc82827e82]
PUP.Optional.MySearchDial.A, C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2);), ,[149f6be6f784d2648a2c4c29e81cff01]

Physical Sectors: 0
(No malicious items detected)


(end)

schrauber 15.05.2014 18:48
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Cati 15.05.2014 19:01
Vielen Dank erst einmal für die schnelle Hilfe.
Hier die gewünschten Dinge:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Caterina Quast (administrator) on CATERINAQUAST on 15-05-2014 19:51:35
Running from C:\Users\Caterina Quast\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Caterina Quast\AppData\Local\ywBhFIE\ywBhFIE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Caterina Quast\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2011-11-01] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1313419136-1395772497-2831837863-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung)
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-02] ()
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [GoogleChromeAutoLaunch_31C91B8FD43559FF4B1E035F5F9F8CA0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-08] (Google Inc.)
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [Facebook Update] => C:\Users\Caterina Quast\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-14] (Facebook Inc.)
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [ywbhfie] => c:\users\caterina quast\appdata\local\ywbhfie\ywbhfie.exe [2801664 2014-05-15] ()
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\RunOnce: [Uninstall C:\Users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\RunOnce: [Uninstall C:\Users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\RunOnce: [Application Restart #3] - C:\Users\Caterina Quast\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Caterina Quast\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\MountPoints2: {6603acc1-047f-11e1-9eff-00262dc96e9a} - F:\Setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-07-25] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [193128 2011-07-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Caterina Quast\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - _tmp URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=c9db3c22-be7f-9bd5-7590-b6931ffc3b1a&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Caterina Quast\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hppp&ts=1400168554&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (Adblock Plus) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-03]
CHR Extension: (Google-Suche) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (Hola Besseres Internet) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-04-30]
CHR Extension: (Norton Identity Protection) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-06-06]
CHR Extension: (Google Wallet) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-06-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] ()
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-01-19] (GEAR Software Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140514.001\IDSvia64.sys [525016 2014-03-22] (Symantec Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-15] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140514.034\ENG64.SYS [126040 2014-05-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140514.034\EX64.SYS [2099288 2014-05-15] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-15 19:51 - 2014-05-15 19:51 - 00029901 _____ () C:\Users\Caterina Quast\Downloads\FRST.txt
2014-05-15 19:51 - 2014-05-15 19:51 - 00000000 ____D () C:\FRST
2014-05-15 19:49 - 2014-05-15 19:50 - 02066944 _____ (Farbar) C:\Users\Caterina Quast\Downloads\FRST64.exe
2014-05-15 18:54 - 2014-05-15 18:54 - 00049984 _____ () C:\Users\Caterina Quast\Virenscan1.txt
2014-05-15 18:53 - 2014-05-15 18:53 - 00049983 _____ () C:\Users\Caterina Quast\virenscan.txt
2014-05-15 18:12 - 2014-05-15 18:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 18:11 - 2014-05-15 18:11 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 18:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 18:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 18:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 18:08 - 2014-05-15 18:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 18:07 - 2014-05-15 18:10 - 29629431 _____ () C:\Users\Caterina Quast\Downloads\avira_free_antivirus_de-614.exe
2014-05-15 18:07 - 2014-05-15 18:09 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-15 18:01 - 2014-05-15 18:01 - 00003928 _____ () C:\{B3802693-C2A0-401B-9607-45A78A008CDD}
2014-05-15 17:08 - 2014-05-15 17:08 - 00032480 _____ () C:\{4449DDC6-95B4-4281-B3F5-5D222C475C25}
2014-05-15 17:08 - 2014-05-15 17:08 - 00004312 _____ () C:\{59FBD6D1-2AE8-4338-9205-A7B6BFB3EB0E}
2014-05-15 17:05 - 2014-05-15 17:05 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Optimizer Pro
2014-05-15 07:15 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 07:15 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 07:15 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 07:15 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 07:15 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 07:15 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 06:53 - 2014-05-15 06:53 - 00000000 ____D () C:\Users\Caterina Quast\Documents\Optimizer Pro
2014-05-15 06:51 - 2014-05-15 06:52 - 00000318 _____ () C:\Users\Caterina Quast\AppData\Roaming\aps.uninstall.scan.results
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-15 06:49 - 2014-05-15 18:54 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\SupTab
2014-05-15 06:49 - 2014-05-15 17:57 - 00000000 ____D () C:\ProgramData\WPM
2014-05-15 06:49 - 2014-05-15 06:47 - 01746032 _____ (AnyProtect.com) C:\Users\Caterina Quast\AppData\Local\nsxC9EF.tmp
2014-05-15 06:47 - 2014-05-15 06:58 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Activeris
2014-05-15 06:45 - 2014-05-15 17:05 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-15 06:43 - 2014-05-15 19:49 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Local\ywBhFIE
2014-05-14 17:13 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:13 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:13 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:13 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:12 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:12 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:12 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:12 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:12 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:12 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:12 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:11 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:11 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:11 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:11 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:11 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:11 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:11 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:11 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:11 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:11 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:11 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-06 15:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 15:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 15:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 15:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 15:23 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 15:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 15:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 15:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 15:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 15:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 15:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 15:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 15:23 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 15:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 15:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 15:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 15:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 15:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 15:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 15:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 15:23 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 15:23 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 15:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 15:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 15:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 15:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 15:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 15:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 15:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 15:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 15:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 15:23 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 15:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 15:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 15:23 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 15:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 15:23 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 15:23 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 15:23 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 15:23 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 15:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 15:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 15:23 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 15:23 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-06 15:22 - 2014-05-15 16:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 16:34 - 2014-05-03 16:34 - 00003222 _____ () C:\Windows\System32\Tasks\{769E4AD9-CAAE-4B18-84DE-ECCF78F2691C}
2014-05-03 13:49 - 2014-05-03 13:49 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\DropboxMaster
2014-04-18 13:31 - 2014-04-18 13:31 - 00000000 ____D () C:\ProgramData\APN
2014-04-18 13:28 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-18 13:28 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-18 13:28 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-18 13:28 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-18 13:27 - 2014-04-18 13:28 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-16 08:09 - 2014-04-16 08:09 - 00000000 _____ () C:\Users\Gast\daemonprocess.txt

==================== One Month Modified Files and Folders =======

2014-05-15 19:51 - 2014-05-15 19:51 - 00029901 _____ () C:\Users\Caterina Quast\Downloads\FRST.txt
2014-05-15 19:51 - 2014-05-15 19:51 - 00000000 ____D () C:\FRST
2014-05-15 19:50 - 2014-05-15 19:49 - 02066944 _____ (Farbar) C:\Users\Caterina Quast\Downloads\FRST64.exe
2014-05-15 19:49 - 2014-05-15 06:43 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Local\ywBhFIE
2014-05-15 19:42 - 2012-07-29 11:55 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Dropbox
2014-05-15 19:38 - 2012-09-15 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-15 19:35 - 2014-03-30 15:35 - 00000316 _____ () C:\Windows\Tasks\MySearchDial.job
2014-05-15 19:31 - 2011-10-27 15:10 - 01221320 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 19:24 - 2011-10-27 15:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-15 19:08 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 19:08 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 19:02 - 2012-07-29 11:57 - 00000000 ___RD () C:\Users\Caterina Quast\Dropbox
2014-05-15 19:00 - 2011-10-27 15:23 - 00121736 _____ () C:\Users\Caterina Quast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-15 18:59 - 2011-10-27 15:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-15 18:58 - 2011-08-10 21:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-15 18:58 - 2009-07-14 06:45 - 00443632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-15 18:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 18:57 - 2009-07-14 06:51 - 00179670 _____ () C:\Windows\setupact.log
2014-05-15 18:56 - 2010-11-21 05:47 - 00330050 _____ () C:\Windows\PFRO.log
2014-05-15 18:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 18:54 - 2014-05-15 18:54 - 00049984 _____ () C:\Users\Caterina Quast\Virenscan1.txt
2014-05-15 18:54 - 2014-05-15 06:49 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\SupTab
2014-05-15 18:54 - 2011-10-27 15:22 - 00000000 ____D () C:\Users\Caterina Quast
2014-05-15 18:53 - 2014-05-15 18:53 - 00049983 _____ () C:\Users\Caterina Quast\virenscan.txt
2014-05-15 18:36 - 2011-10-27 15:17 - 00000000 ____D () C:\ProgramData\Corel
2014-05-15 18:20 - 2012-09-30 18:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 18:19 - 2014-04-07 15:42 - 00000000 ____D () C:\Windows\CryptoGuard
2014-05-15 18:13 - 2014-05-15 18:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 18:11 - 2014-05-15 18:11 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 18:10 - 2014-05-15 18:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 18:10 - 2014-05-15 18:07 - 29629431 _____ () C:\Users\Caterina Quast\Downloads\avira_free_antivirus_de-614.exe
2014-05-15 18:09 - 2014-05-15 18:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-15 18:09 - 2013-07-14 21:04 - 00000964 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001UA.job
2014-05-15 18:06 - 2014-03-30 15:36 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Local\Mobogenie
2014-05-15 18:01 - 2014-05-15 18:01 - 00003928 _____ () C:\{B3802693-C2A0-401B-9607-45A78A008CDD}
2014-05-15 18:00 - 2011-10-27 19:32 - 00000000 ____D () C:\Users\Caterina Quast\Computer
2014-05-15 17:57 - 2014-05-15 06:49 - 00000000 ____D () C:\ProgramData\WPM
2014-05-15 17:56 - 2011-08-10 19:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-15 17:55 - 2012-12-25 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gefährten
2014-05-15 17:52 - 2013-05-29 13:14 - 00000000 ____D () C:\ProgramData\Cisco
2014-05-15 17:52 - 2011-08-10 21:33 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-05-15 17:44 - 2011-10-28 13:18 - 00000000 ____D () C:\Users\Caterina Quast\Caterina
2014-05-15 17:08 - 2014-05-15 17:08 - 00032480 _____ () C:\{4449DDC6-95B4-4281-B3F5-5D222C475C25}
2014-05-15 17:08 - 2014-05-15 17:08 - 00004312 _____ () C:\{59FBD6D1-2AE8-4338-9205-A7B6BFB3EB0E}
2014-05-15 17:05 - 2014-05-15 17:05 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Optimizer Pro
2014-05-15 17:05 - 2014-05-15 06:45 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-15 17:02 - 2011-10-27 15:22 - 00000000 ___RD () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:02 - 2011-10-27 15:22 - 00000000 ___RD () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:57 - 2014-05-06 15:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 07:15 - 2011-10-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 07:07 - 2013-08-16 21:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 06:58 - 2014-05-15 06:47 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Activeris
2014-05-15 06:54 - 2011-08-10 17:28 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 06:53 - 2014-05-15 06:53 - 00000000 ____D () C:\Users\Caterina Quast\Documents\Optimizer Pro
2014-05-15 06:52 - 2014-05-15 06:51 - 00000318 _____ () C:\Users\Caterina Quast\AppData\Roaming\aps.uninstall.scan.results
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-15 06:48 - 2011-10-27 15:22 - 00001669 _____ () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 06:48 - 2011-10-27 15:15 - 00002407 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 06:47 - 2014-05-15 06:49 - 01746032 _____ (AnyProtect.com) C:\Users\Caterina Quast\AppData\Local\nsxC9EF.tmp
2014-05-15 06:47 - 2011-10-27 15:15 - 00002732 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2014-05-15 06:41 - 2012-09-15 19:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 06:40 - 2012-06-25 10:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 06:40 - 2011-08-10 21:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:17 - 2012-07-29 11:56 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 16:58 - 2011-08-10 21:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-13 21:09 - 2013-07-14 21:04 - 00000942 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001Core.job
2014-05-09 08:14 - 2014-05-14 17:13 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 17:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 18:59 - 2011-08-10 01:07 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-07 18:59 - 2011-08-10 01:07 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-07 18:59 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 13:18 - 2011-10-27 15:15 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 13:18 - 2011-10-27 15:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-15 07:15 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 07:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 07:15 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 07:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 07:15 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 07:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-03 16:35 - 2011-10-29 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-05-03 16:34 - 2014-05-03 16:34 - 00003222 _____ () C:\Windows\System32\Tasks\{769E4AD9-CAAE-4B18-84DE-ECCF78F2691C}
2014-05-03 13:49 - 2014-05-03 13:49 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\DropboxMaster
2014-05-01 22:15 - 2011-10-29 17:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-22 18:04 - 2011-11-25 14:52 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-04-18 19:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-18 14:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-18 13:31 - 2014-04-18 13:31 - 00000000 ____D () C:\ProgramData\APN
2014-04-18 13:29 - 2013-10-20 15:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 13:28 - 2014-04-18 13:27 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 13:28 - 2012-03-02 15:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-17 19:38 - 2014-03-30 15:36 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Local\cache
2014-04-16 08:09 - 2014-04-16 08:09 - 00000000 _____ () C:\Users\Gast\daemonprocess.txt
2014-04-16 08:09 - 2011-11-22 18:16 - 00000000 ____D () C:\Users\Gast

Some content of TEMP:
====================
C:\Users\Caterina Quast\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzsuwij.dll
C:\Users\Caterina Quast\AppData\Local\Temp\HitmanPro_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 17:12] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-12 22:08

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014
Ran by Caterina Quast at 2014-05-15 19:52:40
Running from C:\Users\Caterina Quast\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 6.0 (x32 Version: 6.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM-x32\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1508_36229 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.1.2414 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.0.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.4020 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2930.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2930.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.3503 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to iPhone Converter version 2.12.31.325 (HKLM-x32\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.31.325 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.11.3.610 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.3.610 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Genesis (HKCU\...\ywbhfie) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IT9130 Driver v11.4.26.1 (HKLM-x32\...\IT9130 DriverInstaller_11.4.26.1) (Version:  - )
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0406-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-040C-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-040E-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0410-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0413-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0415-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0424-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0C0A-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Norton 360 (HKLM-x32\...\N360) (Version: 6.4.1.14 - Symantec Corporation)
NVIDIA 3D Vision Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Control Panel 269.24 (Version: 269.24 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 269.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.24 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.42.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.23 (Version: 1.0.23 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6924 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.23 - NVIDIA Corporation) Hidden
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 2.5.6 Build: 5.6.2119 - Koninklijke Philips Electronics N.V.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.130 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version:  - )

==================== Restore Points  =========================

04-05-2014 09:07:04 Windows Update
06-05-2014 13:22:09 Windows Update
07-05-2014 15:40:12 Windows Update
15-05-2014 04:36:56 Windows Update
15-05-2014 15:49:53 Removed Cisco AnyConnect Secure Mobility Client
15-05-2014 15:53:32 Entfernt DER HERR DER RINGE: DIE GEFÄHRTEN

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1674CE26-EB90-468D-B1A4-2597D6410D14} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {1B6C21DE-2381-4EAA-9F5C-6DA75B9B9C56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {84A5167C-632C-4E8E-BC44-6956E9A8AE56} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {8554CC6D-C282-4FA1-BB2C-9379C4399334} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27] (Google Inc.)
Task: {880D09B9-AC8D-494C-BD2D-5688B05339FD} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {9EFB7DA2-310F-422B-AF2E-AE5A61216637} - System32\Tasks\MySearchDial => C:\Users\CATERI~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B6D99E2F-9D9F-4969-9B47-65031077E91C} - System32\Tasks\irMonitor => C:\Windows\system32 [2014-05-15] ()
Task: {C549D20C-26A5-4CC1-8318-07531C2CF8D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27] (Google Inc.)
Task: {C8B4DEA5-F15D-45D3-A7E5-1408FBE58BBD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001UA => C:\Users\Caterina Quast\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-14] (Facebook Inc.)
Task: {E66221C7-0BD8-4DE6-A88D-912468E6CAEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ECAC3797-29F4-4005-AD58-84892C833D19} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001Core => C:\Users\Caterina Quast\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-14] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001Core.job => C:\Users\Caterina Quast\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001UA.job => C:\Users\Caterina Quast\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\CATERI~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2007-09-11 01:45 - 2007-09-11 01:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2011-10-29 17:00 - 2009-02-10 18:01 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-08-17 14:26 - 2010-12-14 11:39 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-07-27 00:37 - 2011-07-27 00:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-05-15 06:43 - 2014-05-15 06:44 - 02801664 _____ () C:\Users\Caterina Quast\AppData\Local\ywBhFIE\ywBhFIE.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2011-10-27 15:14 - 2011-10-27 15:14 - 00061952 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2011-11-01 14:46 - 2011-11-01 14:46 - 00380416 _____ () C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-15 19:01 - 2014-05-15 19:01 - 00041984 _____ () C:\Users\Caterina Quast\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzsuwij.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Caterina Quast\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-13 19:35 - 2014-02-13 19:35 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2011-08-10 20:11 - 2011-05-20 19:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-14 17:25 - 2014-05-08 01:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-14 17:25 - 2014-05-08 01:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-14 17:25 - 2014-05-08 01:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-14 17:25 - 2014-05-08 01:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-14 17:25 - 2014-05-08 01:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-14 17:25 - 2014-05-08 01:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-05-14 17:25 - 2014-05-08 01:29 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2014 06:39:21 PM) (Source: MsiInstaller) (EventID: 11706) (User: CaterinaQuast)
Description: Produkt: CorelDRAW Essentials X5 - Extra Content -- Fehler 1706. Ein Installationspaket des Produkts CorelDRAW Essentials X5 - Extra Content konnte nicht gefunden werden. Wiederholen Sie die Installation unter Verwendung einer gültigen Kopie des Installationspakets "ExtraContent.msi".

Error: (05/15/2014 06:39:21 PM) (Source: MsiInstaller) (EventID: 11706) (User: CaterinaQuast)
Description: Produkt: CorelDRAW Essentials X5 - Extra Content -- Fehler 1706. Ein Installationspaket des Produkts CorelDRAW Essentials X5 - Extra Content konnte nicht gefunden werden. Wiederholen Sie die Installation unter Verwendung einer gültigen Kopie des Installationspakets "ExtraContent.msi".

Error: (05/15/2014 06:26:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 34.0.1847.137 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2368

Startzeit: 01cf705a318c7829

Endzeit: 42

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 88b1119b-dc4d-11e3-aca7-00262dc96e9a

Error: (05/15/2014 05:21:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {c571acb7-730c-4865-a317-a1c24cef60cf}

Error: (05/13/2014 08:55:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1025238

Error: (05/13/2014 08:55:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1025238

Error: (05/13/2014 08:55:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/13/2014 08:55:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1024099

Error: (05/13/2014 08:55:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1024099

Error: (05/13/2014 08:55:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/15/2014 06:59:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/15/2014 06:59:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (05/15/2014 06:55:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/15/2014 05:46:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (05/15/2014 05:37:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/15/2014 05:37:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (05/15/2014 05:11:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel(R) Management and Security Application User Notification Service" wurde nicht richtig gestartet.

Error: (05/15/2014 05:09:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (05/15/2014 05:06:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (05/15/2014 04:58:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (05/06/2014 08:20:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/13/2014 10:17:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1141 seconds with 660 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-15 18:20:12.099
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-15 18:06:27.090
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-15 17:54:49.728
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-15 17:35:19.613
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-15 17:26:37.936
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-15 17:18:34.257
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-15 16:59:59.567
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-15 16:57:10.807
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-15 06:28:08.547
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-14 22:08:56.551
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 4001.87 MB
Available physical RAM: 1707.63 MB
Total Pagefile: 8001.92 MB
Available Pagefile: 5339.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:514.43 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:22.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=648 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

schrauber 16.05.2014 11:51
Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Cati 16.05.2014 15:08
Also ich habe mir den Revo Uninstaller heruntergeladen, habe dort aber keines der gekennzeichneten Programme gefunden. Mir ist dabei aber auch aufgefallen, dass ich zumindest eines der gekennzeichneten Programme gestern bereits deinstalliert habe. Eventuell lag es also daran, dass ich nichts gefunden habe.
Im Anschluss habe ich dann, wie du geschrieben hast, Combofix heruntergeladen und habe folgendes Logfile erhalten:
Code:
ComboFix 14-05-16.01 - Caterina Quast 16.05.2014  15:40:44.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4002.2067 [GMT 2:00]
ausgeführt von:: c:\users\Caterina Quast\Downloads\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Caterina Quast\4.0
c:\users\Caterina Quast\AppData\Local\nsxC9EF.tmp
c:\users\Caterina Quast\AppData\Roaming\Adydic
c:\users\Caterina Quast\AppData\Roaming\Adydic\ybegi.ure
c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-16 bis 2014-05-16  ))))))))))))))))))))))))))))))
.
.
2014-05-16 13:56 . 2014-05-16 13:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-05-16 13:56 . 2014-05-16 13:56        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-05-16 13:23 . 2014-05-16 13:23        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-05-15 17:51 . 2014-05-15 17:54        --------        d-----w-        C:\FRST
2014-05-15 16:12 . 2014-05-15 16:13        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-15 16:11 . 2014-05-15 16:11        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-15 16:11 . 2014-05-15 16:11        --------        d-----w-        c:\programdata\Malwarebytes
2014-05-15 16:11 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-05-15 16:11 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-05-15 16:11 . 2014-04-03 07:50        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-05-15 04:43 . 2014-05-16 13:27        --------        d-----w-        c:\users\Caterina Quast\AppData\Local\ywBhFIE
2014-05-14 15:13 . 2014-03-25 02:43        14175744        ----a-w-        c:\windows\system32\shell32.dll
2014-05-14 15:13 . 2014-05-09 06:14        477184        ----a-w-        c:\windows\system32\aepdu.dll
2014-05-14 15:13 . 2014-05-09 06:11        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-05-14 15:12 . 2014-04-12 02:19        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-05-14 15:12 . 2014-03-04 09:44        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-05-14 15:12 . 2014-03-04 09:20        3969984        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2014-05-14 15:12 . 2014-03-04 09:44        314880        ----a-w-        c:\windows\system32\msv1_0.dll
2014-05-14 15:12 . 2014-03-04 09:43        455168        ----a-w-        c:\windows\system32\winlogon.exe
2014-05-14 15:12 . 2014-03-04 09:20        3914176        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2014-05-14 15:12 . 2014-03-04 09:17        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-05-08 11:21 . 2014-05-08 11:21        188272        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 13:22 . 2014-05-15 14:57        --------        d-s---w-        c:\windows\system32\CompatTel
2014-05-03 11:49 . 2014-05-03 11:49        --------        d-----w-        c:\users\Caterina Quast\AppData\Roaming\DropboxMaster
2014-04-18 11:31 . 2014-04-18 11:31        --------        d-----w-        c:\programdata\APN
2014-04-18 11:28 . 2014-04-14 18:13        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 04:54 . 2011-08-10 15:28        93223848        ----a-w-        c:\windows\system32\MRT.exe
2014-05-15 04:40 . 2012-06-25 08:24        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 04:40 . 2011-08-10 19:00        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 20:46 . 2014-03-31 20:46        130712        ----a-w-        c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46        1070232        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-04 09:44 . 2014-04-10 04:45        362496        ----a-w-        c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 04:45        243712        ----a-w-        c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 04:45        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 04:45        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 04:45        1163264        ----a-w-        c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 04:45        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 04:45        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 04:45        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 04:45        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 04:45        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 04:45        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-02-14 23:42 . 2013-02-14 23:42        4126720        ----a-w-        c:\program files (x86)\GUT5DA1.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 18:29        297128        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-22 10:55        220632        ----a-w-        c:\users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-22 10:55        220632        ----a-w-        c:\users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-22 10:55        220632        ----a-w-        c:\users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Caterina Quast\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Caterina Quast\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Caterina Quast\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-02 21416]
"GoogleChromeAutoLaunch_31C91B8FD43559FF4B1E035F5F9F8CA0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-05-07 841032]
"ywbhfie"="c:\users\caterina quast\appdata\local\ywbhfie\ywbhfie.exe" [2014-05-15 2801664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2011-08-06 207400]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2011-08-06 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2011-08-13 447016]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-02-03 506712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-11-01 380416]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Caterina Quast\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys;c:\windows\SYSNATIVE\DRIVERS\mod77-64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140409.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\ccSetx64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140515.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140515.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\0604010.00E\SYMNETS.SYS [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe;c:\program files (x86)\Launch Manager\WisLMSvc.exe [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys;c:\windows\SYSNATIVE\Drivers\x10hid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 15:23        1077576        ----a-w-        c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 04:40]
.
2014-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001Core.job
- c:\users\Caterina Quast\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-14 19:03]
.
2014-05-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001UA.job
- c:\users\Caterina Quast\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-14 19:03]
.
2014-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 13:15]
.
2014-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 13:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-20 16:08        357432        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-22 10:55        244696        ----a-w-        c:\users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-22 10:55        244696        ----a-w-        c:\users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-22 10:55        244696        ----a-w-        c:\users\Caterina Quast\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Caterina Quast\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Caterina Quast\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Caterina Quast\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Caterina Quast\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400129093&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to iPod Converter - c:\users\Caterina Quast\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-LMgrOSD - c:\program files (x86)\Launch Manager\OSDCtrl.exe
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exe
AddRemove-IT9130 DriverInstaller_11.4.26.1 - c:\users\ADMINI~1\AppData\Local\Temp\\DriverInstall64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-16  16:03:08
ComboFix-quarantined-files.txt  2014-05-16 14:03
.
Vor Suchlauf: 11 Verzeichnis(se), 551.883.120.640 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 551.291.371.520 Bytes frei
.
- - End Of File - - C202904ABD65321E8C39EDFD530E28BC
Anscheinend scheint mein Problem mit den Werbefenstern bei Chrome jetzt gelöst zu sein. Bisher ist keine Werbung mehr erschienen :)

schrauber 17.05.2014 14:29
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Cati 18.05.2014 13:30
Ich hoffe mal, ich habe nichts vergessen :D Hier alle Text-/Logdateien:

mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 18.05.2014
Suchlauf-Zeit: 13:26:12
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.18.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Caterina Quast

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 343485
Verstrichene Zeit: 31 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 3
PUP.Optional.Superfish.A, C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [c6144d05dd9ebd79df2e592bb151c838],
PUP.Optional.Superfish.A, C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [00da064cb3c86dc927e6e4a0fa087987],
PUP.Optional.WebsSearches.A, C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (  "homepage": "hxxp://istart.webssearches.com/?type=hppp&ts=1400168554&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX",), Ersetzt,[dffbb39f2c4fc96d8f0dfb7d689c9c64]

Physische Sektoren: 0
(No malicious items detected)


(end)

adwcleaner:
Code:
# AdwCleaner v3.208 - Bericht erstellt am 18/05/2014 um 13:42:33
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Caterina Quast - CATERINAQUAST
# Gestartet von : C:\Users\Caterina Quast\Downloads\adwcleaner_3.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Users\Caterina Quast\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Caterina Quast\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\Caterina Quast\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Caterina Quast\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Caterina Quast\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Caterina Quast\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Caterina Quast\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\Extensions\staged\ffxtlbr@mysearchdial.com
Datei Gelöscht : C:\Users\Caterina Quast\daemonprocess.txt
Datei Gelöscht : C:\Users\Caterina Quast\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Gast\daemonprocess.txt
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\user.js

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Classes\*\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Folder\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Wpm

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yfs6yimv.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");

-\\ Google Chrome v34.0.1847.137

[ Datei : C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1400168554&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX&q={searchTerms}
Gelöscht [Homepage] : hxxp://istart.webssearches.com/?type=hppp&ts=1400168554&from=tugs&uid=HitachiXHTS547575A9E384_J2540054C8DPREC8DPREX
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
Gelöscht [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0D0CzyyC0Ezy0A0BzyzyyDtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyB0DyC0CtBtAzztGtCtBtAyDtG0AtCyEtDtGtDzz0BtCtGtDyCyEyE0CtDtA0EtCtD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyyC0DyE0CtC0CtGtD0Ezy0BtG0DtByBtDtG0CyD0C0AtGtA0A0B0AyBzzyDtAyDyEzyyC2Q&cr=46250457&ir=
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [11388 octets] - [18/05/2014 13:39:15]
AdwCleaner[S0].txt - [9794 octets] - [18/05/2014 13:42:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9854 octets] ##########

JRT:JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Caterina Quast on 18.05.2014 at 14:01:23,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Caterina Quast\appdata\local\{02C9F488-DB67-4A86-BEA9-AD7E06DCD583}
Successfully deleted: [Empty Folder] C:\Users\Caterina Quast\appdata\local\{37F2EA3F-835C-4489-85CA-CDCAA090D7EB}
Successfully deleted: [Empty Folder] C:\Users\Caterina Quast\appdata\local\{6A7BE500-C957-4A0D-8A03-E8588806592B}
Successfully deleted: [Empty Folder] C:\Users\Caterina Quast\appdata\local\{74E4B320-0851-45BF-AC7D-2BB335161FEC}
Successfully deleted: [Empty Folder] C:\Users\Caterina Quast\appdata\local\{A1CB2327-9553-4141-8732-F03EA72B93C0}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.05.2014 at 14:20:36,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---

und als letztes ein neues FRST log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Caterina Quast (administrator) on CATERINAQUAST on 18-05-2014 14:23:09
Running from C:\Users\Caterina Quast\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Users\Caterina Quast\AppData\Local\ywBhFIE\ywBhFIE.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Caterina Quast\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2011-11-01] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1313419136-1395772497-2831837863-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung)
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-02] ()
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [GoogleChromeAutoLaunch_31C91B8FD43559FF4B1E035F5F9F8CA0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-08] (Google Inc.)
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [ywbhfie] => c:\users\caterina quast\appdata\local\ywbhfie\ywbhfie.exe [2801664 2014-05-15] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-07-25] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-07-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Caterina Quast\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - _tmp URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Caterina Quast\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (Adblock Plus) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-03]
CHR Extension: (Google-Suche) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (Hola Besseres Internet) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-04-30]
CHR Extension: (Google Wallet) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-06-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] ()
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-01-19] (GEAR Software Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140515.001\IDSvia64.sys [525016 2014-03-22] (Symantec Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140517.001\ENG64.SYS [126040 2014-05-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140517.001\EX64.SYS [2099288 2014-05-15] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 14:22 - 2014-05-18 14:22 - 00000000 ____D () C:\Users\Caterina Quast\Downloads\FRST-OlderVersion
2014-05-18 14:20 - 2014-05-18 14:21 - 00001264 _____ () C:\Users\Caterina Quast\Desktop\JRT.txt
2014-05-18 14:01 - 2014-05-18 14:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 13:59 - 2014-05-18 13:59 - 01016261 _____ (Thisisu) C:\Users\Caterina Quast\Downloads\JRT.exe
2014-05-18 13:47 - 2014-05-18 13:47 - 00009970 _____ () C:\Users\Caterina Quast\Desktop\AdwCleaner[S0].txt
2014-05-18 13:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-18 13:38 - 2014-05-18 13:43 - 00000000 ____D () C:\AdwCleaner
2014-05-18 13:37 - 2014-05-18 13:37 - 01325827 _____ () C:\Users\Caterina Quast\Downloads\adwcleaner_3.208.exe
2014-05-18 13:36 - 2014-05-18 13:36 - 00001860 _____ () C:\Users\Caterina Quast\Desktop\mbam.txt
2014-05-16 16:13 - 2014-05-16 16:13 - 00030940 _____ () C:\Users\Caterina Quast\Combofix.txt
2014-05-16 16:03 - 2014-05-16 16:03 - 00030940 _____ () C:\ComboFix.txt
2014-05-16 15:37 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-16 15:37 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-16 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-16 15:33 - 2014-05-16 16:03 - 00000000 ____D () C:\Qoobox
2014-05-16 15:32 - 2014-05-16 15:59 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 15:31 - 2014-05-16 15:32 - 05200990 ____R (Swearware) C:\Users\Caterina Quast\Downloads\ComboFix.exe
2014-05-16 15:23 - 2014-05-16 15:23 - 00001272 _____ () C:\Users\Caterina Quast\Desktop\Revo Uninstaller.lnk
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-16 15:21 - 2014-05-16 15:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Caterina Quast\Downloads\revosetup95.exe
2014-05-15 19:52 - 2014-05-15 19:54 - 00039863 _____ () C:\Users\Caterina Quast\Downloads\Addition.txt
2014-05-15 19:51 - 2014-05-18 14:23 - 00024990 _____ () C:\Users\Caterina Quast\Downloads\FRST.txt
2014-05-15 19:51 - 2014-05-18 14:23 - 00000000 ____D () C:\FRST
2014-05-15 19:49 - 2014-05-18 14:22 - 02067456 _____ (Farbar) C:\Users\Caterina Quast\Downloads\FRST64.exe
2014-05-15 18:54 - 2014-05-15 18:54 - 00049984 _____ () C:\Users\Caterina Quast\Virenscan1.txt
2014-05-15 18:53 - 2014-05-15 18:53 - 00049983 _____ () C:\Users\Caterina Quast\virenscan.txt
2014-05-15 18:12 - 2014-05-18 13:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 18:11 - 2014-05-15 18:11 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 18:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 18:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 18:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 18:08 - 2014-05-15 18:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 18:07 - 2014-05-15 18:10 - 29629431 _____ () C:\Users\Caterina Quast\Downloads\avira_free_antivirus_de-614.exe
2014-05-15 18:07 - 2014-05-15 18:09 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-15 18:01 - 2014-05-15 18:01 - 00003928 _____ () C:\{B3802693-C2A0-401B-9607-45A78A008CDD}
2014-05-15 17:08 - 2014-05-15 17:08 - 00032480 _____ () C:\{4449DDC6-95B4-4281-B3F5-5D222C475C25}
2014-05-15 17:08 - 2014-05-15 17:08 - 00004312 _____ () C:\{59FBD6D1-2AE8-4338-9205-A7B6BFB3EB0E}
2014-05-15 07:15 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 07:15 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 07:15 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 07:15 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 07:15 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 07:15 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-15 06:43 - 2014-05-18 14:07 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Local\ywBhFIE
2014-05-14 17:13 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:13 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:13 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:13 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:12 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:12 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:12 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:12 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:12 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:12 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:12 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:11 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:11 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:11 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:11 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:11 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:11 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:11 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:11 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:11 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:11 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:11 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-06 15:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 15:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 15:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 15:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 15:23 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 15:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 15:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 15:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 15:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 15:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 15:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 15:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 15:23 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 15:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 15:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 15:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 15:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 15:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 15:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 15:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 15:23 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 15:23 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 15:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 15:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 15:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 15:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 15:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 15:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 15:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 15:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 15:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 15:23 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 15:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 15:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 15:23 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 15:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 15:23 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 15:23 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 15:23 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 15:23 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 15:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 15:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 15:23 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 15:23 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-06 15:22 - 2014-05-15 16:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 16:34 - 2014-05-03 16:34 - 00003222 _____ () C:\Windows\System32\Tasks\{769E4AD9-CAAE-4B18-84DE-ECCF78F2691C}
2014-05-03 13:49 - 2014-05-03 13:49 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\DropboxMaster
2014-04-18 13:28 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-18 13:28 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-18 13:28 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-18 13:28 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-18 13:27 - 2014-04-18 13:28 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-05-18 14:24 - 2014-05-15 19:51 - 00024990 _____ () C:\Users\Caterina Quast\Downloads\FRST.txt
2014-05-18 14:23 - 2014-05-15 19:51 - 00000000 ____D () C:\FRST
2014-05-18 14:23 - 2011-10-27 15:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 14:22 - 2014-05-18 14:22 - 00000000 ____D () C:\Users\Caterina Quast\Downloads\FRST-OlderVersion
2014-05-18 14:22 - 2014-05-15 19:49 - 02067456 _____ (Farbar) C:\Users\Caterina Quast\Downloads\FRST64.exe
2014-05-18 14:21 - 2014-05-18 14:20 - 00001264 _____ () C:\Users\Caterina Quast\Desktop\JRT.txt
2014-05-18 14:07 - 2014-05-15 06:43 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Local\ywBhFIE
2014-05-18 14:03 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 14:03 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 14:01 - 2014-05-18 14:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 13:59 - 2014-05-18 13:59 - 01016261 _____ (Thisisu) C:\Users\Caterina Quast\Downloads\JRT.exe
2014-05-18 13:57 - 2012-07-29 11:57 - 00000000 ___RD () C:\Users\Caterina Quast\Dropbox
2014-05-18 13:57 - 2012-07-29 11:55 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Dropbox
2014-05-18 13:54 - 2011-10-27 15:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 13:54 - 2011-08-10 21:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-18 13:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 13:53 - 2009-07-14 06:51 - 00179950 _____ () C:\Windows\setupact.log
2014-05-18 13:52 - 2011-10-27 15:10 - 01275524 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 13:47 - 2014-05-18 13:47 - 00009970 _____ () C:\Users\Caterina Quast\Desktop\AdwCleaner[S0].txt
2014-05-18 13:44 - 2010-11-21 05:47 - 00331800 _____ () C:\Windows\PFRO.log
2014-05-18 13:43 - 2014-05-18 13:38 - 00000000 ____D () C:\AdwCleaner
2014-05-18 13:42 - 2011-11-22 18:16 - 00000000 ____D () C:\Users\Gast
2014-05-18 13:42 - 2011-10-27 15:22 - 00001017 _____ () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-18 13:42 - 2011-10-27 15:22 - 00000000 ____D () C:\Users\Caterina Quast
2014-05-18 13:42 - 2011-10-27 15:15 - 00001294 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2014-05-18 13:42 - 2011-10-27 15:15 - 00001286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 13:38 - 2012-09-15 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 13:37 - 2014-05-18 13:37 - 01325827 _____ () C:\Users\Caterina Quast\Downloads\adwcleaner_3.208.exe
2014-05-18 13:36 - 2014-05-18 13:36 - 00001860 _____ () C:\Users\Caterina Quast\Desktop\mbam.txt
2014-05-18 13:35 - 2014-05-15 18:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 13:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-05-16 18:50 - 2011-10-29 17:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-16 18:09 - 2013-07-14 21:04 - 00000964 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001UA.job
2014-05-16 16:13 - 2014-05-16 16:13 - 00030940 _____ () C:\Users\Caterina Quast\Combofix.txt
2014-05-16 16:03 - 2014-05-16 16:03 - 00030940 _____ () C:\ComboFix.txt
2014-05-16 16:03 - 2014-05-16 15:33 - 00000000 ____D () C:\Qoobox
2014-05-16 16:03 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-16 15:59 - 2014-05-16 15:32 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 15:59 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 15:32 - 2014-05-16 15:31 - 05200990 ____R (Swearware) C:\Users\Caterina Quast\Downloads\ComboFix.exe
2014-05-16 15:23 - 2014-05-16 15:23 - 00001272 _____ () C:\Users\Caterina Quast\Desktop\Revo Uninstaller.lnk
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-16 15:22 - 2014-05-16 15:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Caterina Quast\Downloads\revosetup95.exe
2014-05-16 15:20 - 2011-08-10 01:07 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-16 15:20 - 2011-08-10 01:07 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-16 15:20 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 15:15 - 2011-11-22 18:18 - 00121736 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-16 14:36 - 2011-11-22 18:17 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 14:36 - 2011-11-22 18:17 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 21:09 - 2013-07-14 21:04 - 00000942 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001Core.job
2014-05-15 19:54 - 2014-05-15 19:52 - 00039863 _____ () C:\Users\Caterina Quast\Downloads\Addition.txt
2014-05-15 19:00 - 2011-10-27 15:23 - 00121736 _____ () C:\Users\Caterina Quast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-15 18:58 - 2009-07-14 06:45 - 00443632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-15 18:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 18:54 - 2014-05-15 18:54 - 00049984 _____ () C:\Users\Caterina Quast\Virenscan1.txt
2014-05-15 18:53 - 2014-05-15 18:53 - 00049983 _____ () C:\Users\Caterina Quast\virenscan.txt
2014-05-15 18:36 - 2011-10-27 15:17 - 00000000 ____D () C:\ProgramData\Corel
2014-05-15 18:20 - 2012-09-30 18:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 18:19 - 2014-04-07 15:42 - 00000000 ____D () C:\Windows\CryptoGuard
2014-05-15 18:11 - 2014-05-15 18:11 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 18:10 - 2014-05-15 18:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 18:10 - 2014-05-15 18:07 - 29629431 _____ () C:\Users\Caterina Quast\Downloads\avira_free_antivirus_de-614.exe
2014-05-15 18:09 - 2014-05-15 18:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-15 18:01 - 2014-05-15 18:01 - 00003928 _____ () C:\{B3802693-C2A0-401B-9607-45A78A008CDD}
2014-05-15 18:00 - 2011-10-27 19:32 - 00000000 ____D () C:\Users\Caterina Quast\Computer
2014-05-15 17:56 - 2011-08-10 19:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-15 17:55 - 2012-12-25 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gefährten
2014-05-15 17:52 - 2013-05-29 13:14 - 00000000 ____D () C:\ProgramData\Cisco
2014-05-15 17:52 - 2011-08-10 21:33 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-05-15 17:44 - 2011-10-28 13:18 - 00000000 ____D () C:\Users\Caterina Quast\Caterina
2014-05-15 17:08 - 2014-05-15 17:08 - 00032480 _____ () C:\{4449DDC6-95B4-4281-B3F5-5D222C475C25}
2014-05-15 17:08 - 2014-05-15 17:08 - 00004312 _____ () C:\{59FBD6D1-2AE8-4338-9205-A7B6BFB3EB0E}
2014-05-15 17:02 - 2011-10-27 15:22 - 00000000 ___RD () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:02 - 2011-10-27 15:22 - 00000000 ___RD () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:57 - 2014-05-06 15:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 07:15 - 2011-10-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 07:07 - 2013-08-16 21:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 06:54 - 2011-08-10 17:28 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-15 06:41 - 2012-09-15 19:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 06:40 - 2012-06-25 10:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 06:40 - 2011-08-10 21:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:17 - 2012-07-29 11:56 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 16:58 - 2011-08-10 21:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-09 08:14 - 2014-05-14 17:13 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 17:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 13:18 - 2011-10-27 15:15 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 13:18 - 2011-10-27 15:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-15 07:15 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 07:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 07:15 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 07:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 07:15 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 07:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-03 16:35 - 2011-10-29 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-05-03 16:34 - 2014-05-03 16:34 - 00003222 _____ () C:\Windows\System32\Tasks\{769E4AD9-CAAE-4B18-84DE-ECCF78F2691C}
2014-05-03 13:49 - 2014-05-03 13:49 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\DropboxMaster
2014-04-22 18:04 - 2011-11-25 14:52 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-04-18 19:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-18 14:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-18 13:29 - 2013-10-20 15:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 13:28 - 2014-04-18 13:27 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 13:28 - 2012-03-02 15:40 - 00000000 ____D () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\Caterina Quast\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm6bdxs.dll
C:\Users\Caterina Quast\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 17:12] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-12 22:08

==================== End Of Log ============================
--- --- ---

schrauber 19.05.2014 09:32

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Cati 19.05.2014 19:44
Hier erst einmal die gewünschten logfiles:

ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b85642ae1203b24fa686d706d4d15ebb
# engine=18321
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-19 05:40:16
# local_time=2014-05-19 07:40:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1036 16777214 0 0 61513297 61513297 0 0
# compatibility_mode=1797 16774142 0 1 64542116 64542116 0 0
# compatibility_mode=3592 16777213 100 95 1403980 151183712 0 0
# compatibility_mode=5893 16776574 100 94 26892254 152151066 0 0
# scanned=252194
# found=3
# cleaned=0
# scan_time=20080
sh=895A3EA6AF0BC9BA07327E2E111418B1D0F35C79 ft=1 fh=e191941caea8d99b vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir"
sh=1D3935216A232B396ECA884307BADBF7F67A8ACA ft=1 fh=c71c0011ac727c7d vn="Variante von Win32/Skintrim.ML Trojaner" ac=I fn="C:\Users\Caterina Quast\AppData\Local\ywBhFIE\ywBhFIE.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="${Memory}"
Security Check:
Code:
Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Norton 360 Online 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55 
 Adobe Flash Player 13.0.0.214 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Google Chrome 34.0.1847.137 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
und zu guter letzt ein frisches FRST log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Caterina Quast (administrator) on CATERINAQUAST on 19-05-2014 20:38:15
Running from C:\Users\Caterina Quast\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Caterina Quast\AppData\Local\ywBhFIE\ywBhFIE.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Dropbox, Inc.) C:\Users\Caterina Quast\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2011-11-01] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1313419136-1395772497-2831837863-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung)
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-02] ()
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [ywbhfie] => c:\users\caterina quast\appdata\local\ywbhfie\ywbhfie.exe [2801664 2014-05-15] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-07-25] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-07-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Caterina Quast\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope _tmp URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - _tmp URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Caterina Quast\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:
=======
CHR StartupUrls: "hxxp://google.de/"
CHR Extension: (Google Drive) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (YouTube) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (Google-Suche) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (AdBlock) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-18]
CHR Extension: (Hola Besseres Internet) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-06-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2014-02-03]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] ()
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-01-19] (GEAR Software Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140515.001\IDSvia64.sys [525016 2014-03-22] (Symantec Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-08-10] (ITE                      )
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140517.001\ENG64.SYS [126040 2014-05-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140517.001\EX64.SYS [2099288 2014-05-15] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 20:24 - 2014-05-19 20:24 - 00000814 _____ () C:\Users\Caterina Quast\Desktop\checkup.txt
2014-05-19 20:17 - 2014-05-19 20:17 - 00855379 _____ () C:\Users\Caterina Quast\Downloads\SecurityCheck.exe
2014-05-19 20:15 - 2014-05-19 20:15 - 00001354 _____ () C:\Users\Caterina Quast\Desktop\eset.txt
2014-05-19 14:00 - 2014-05-19 14:00 - 02347384 _____ (ESET) C:\Users\Caterina Quast\Downloads\esetsmartinstaller_deu.exe
2014-05-18 16:57 - 2014-05-18 16:57 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 16:57 - 2014-05-18 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 16:52 - 2014-05-18 16:52 - 00000000 __SHD () C:\Users\Caterina Quast\AppData\Local\EmieUserList
2014-05-18 16:52 - 2014-05-18 16:52 - 00000000 __SHD () C:\Users\Caterina Quast\AppData\Local\EmieSiteList
2014-05-18 14:22 - 2014-05-18 14:22 - 00000000 ____D () C:\Users\Caterina Quast\Downloads\FRST-OlderVersion
2014-05-18 14:01 - 2014-05-18 14:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 13:59 - 2014-05-18 13:59 - 01016261 _____ (Thisisu) C:\Users\Caterina Quast\Downloads\JRT.exe
2014-05-18 13:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-18 13:38 - 2014-05-18 13:43 - 00000000 ____D () C:\AdwCleaner
2014-05-18 13:37 - 2014-05-18 13:37 - 01325827 _____ () C:\Users\Caterina Quast\Downloads\adwcleaner_3.208.exe
2014-05-16 16:13 - 2014-05-16 16:13 - 00030940 _____ () C:\Users\Caterina Quast\Combofix.txt
2014-05-16 16:03 - 2014-05-16 16:03 - 00030940 _____ () C:\ComboFix.txt
2014-05-16 15:37 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-16 15:37 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-16 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-16 15:37 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-16 15:33 - 2014-05-16 16:03 - 00000000 ____D () C:\Qoobox
2014-05-16 15:32 - 2014-05-16 15:59 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 15:31 - 2014-05-16 15:32 - 05200990 ____R (Swearware) C:\Users\Caterina Quast\Downloads\ComboFix.exe
2014-05-16 15:23 - 2014-05-16 15:23 - 00001272 _____ () C:\Users\Caterina Quast\Desktop\Revo Uninstaller.lnk
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-16 15:21 - 2014-05-16 15:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Caterina Quast\Downloads\revosetup95.exe
2014-05-15 19:52 - 2014-05-15 19:54 - 00039863 _____ () C:\Users\Caterina Quast\Downloads\Addition.txt
2014-05-15 19:51 - 2014-05-19 20:38 - 00022424 _____ () C:\Users\Caterina Quast\Downloads\FRST.txt
2014-05-15 19:51 - 2014-05-19 20:38 - 00000000 ____D () C:\FRST
2014-05-15 19:49 - 2014-05-18 14:22 - 02067456 _____ (Farbar) C:\Users\Caterina Quast\Downloads\FRST64.exe
2014-05-15 18:54 - 2014-05-15 18:54 - 00049984 _____ () C:\Users\Caterina Quast\Virenscan1.txt
2014-05-15 18:53 - 2014-05-15 18:53 - 00049983 _____ () C:\Users\Caterina Quast\virenscan.txt
2014-05-15 18:12 - 2014-05-18 13:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 18:11 - 2014-05-15 18:11 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 18:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-15 18:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 18:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-15 18:08 - 2014-05-15 18:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 18:07 - 2014-05-15 18:10 - 29629431 _____ () C:\Users\Caterina Quast\Downloads\avira_free_antivirus_de-614.exe
2014-05-15 18:07 - 2014-05-15 18:09 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-15 18:01 - 2014-05-15 18:01 - 00003928 _____ () C:\{B3802693-C2A0-401B-9607-45A78A008CDD}
2014-05-15 17:08 - 2014-05-15 17:08 - 00032480 _____ () C:\{4449DDC6-95B4-4281-B3F5-5D222C475C25}
2014-05-15 17:08 - 2014-05-15 17:08 - 00004312 _____ () C:\{59FBD6D1-2AE8-4338-9205-A7B6BFB3EB0E}
2014-05-15 07:15 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 07:15 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 07:15 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 07:15 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 07:15 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 07:15 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-15 06:43 - 2014-05-19 20:38 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Local\ywBhFIE
2014-05-14 17:13 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:13 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:13 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:13 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:12 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:12 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:12 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:12 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:12 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:12 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:12 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:11 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:11 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:11 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:11 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:11 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:11 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:11 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:11 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:11 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:11 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:11 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:11 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:11 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:11 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-06 15:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 15:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 15:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 15:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 15:23 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 15:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 15:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 15:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 15:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 15:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 15:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 15:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 15:23 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 15:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 15:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 15:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 15:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 15:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 15:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 15:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 15:23 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 15:23 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 15:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 15:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 15:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 15:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 15:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 15:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 15:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 15:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 15:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 15:23 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 15:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 15:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 15:23 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 15:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 15:23 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 15:23 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 15:23 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 15:23 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 15:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 15:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 15:23 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 15:23 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-06 15:22 - 2014-05-15 16:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 16:34 - 2014-05-03 16:34 - 00003222 _____ () C:\Windows\System32\Tasks\{769E4AD9-CAAE-4B18-84DE-ECCF78F2691C}
2014-05-03 13:49 - 2014-05-03 13:49 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

2014-05-19 20:38 - 2014-05-15 19:51 - 00022424 _____ () C:\Users\Caterina Quast\Downloads\FRST.txt
2014-05-19 20:38 - 2014-05-15 19:51 - 00000000 ____D () C:\FRST
2014-05-19 20:38 - 2014-05-15 06:43 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Local\ywBhFIE
2014-05-19 20:38 - 2012-09-15 19:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 20:33 - 2012-07-29 11:57 - 00000000 ___RD () C:\Users\Caterina Quast\Dropbox
2014-05-19 20:33 - 2012-07-29 11:55 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Dropbox
2014-05-19 20:30 - 2011-10-27 15:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 20:30 - 2011-08-10 21:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-19 20:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 20:29 - 2009-07-14 06:51 - 00180118 _____ () C:\Windows\setupact.log
2014-05-19 20:28 - 2010-11-21 05:47 - 00332954 _____ () C:\Windows\PFRO.log
2014-05-19 20:25 - 2011-10-27 15:10 - 01307262 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 20:24 - 2014-05-19 20:24 - 00000814 _____ () C:\Users\Caterina Quast\Desktop\checkup.txt
2014-05-19 20:23 - 2011-10-27 15:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 20:17 - 2014-05-19 20:17 - 00855379 _____ () C:\Users\Caterina Quast\Downloads\SecurityCheck.exe
2014-05-19 20:15 - 2014-05-19 20:15 - 00001354 _____ () C:\Users\Caterina Quast\Desktop\eset.txt
2014-05-19 18:33 - 2013-07-14 21:04 - 00000964 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001UA.job
2014-05-19 14:12 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 14:12 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 14:00 - 2014-05-19 14:00 - 02347384 _____ (ESET) C:\Users\Caterina Quast\Downloads\esetsmartinstaller_deu.exe
2014-05-18 16:57 - 2014-05-18 16:57 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 16:57 - 2014-05-18 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-18 16:57 - 2011-10-27 15:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-18 16:52 - 2014-05-18 16:52 - 00000000 __SHD () C:\Users\Caterina Quast\AppData\Local\EmieUserList
2014-05-18 16:52 - 2014-05-18 16:52 - 00000000 __SHD () C:\Users\Caterina Quast\AppData\Local\EmieSiteList
2014-05-18 14:22 - 2014-05-18 14:22 - 00000000 ____D () C:\Users\Caterina Quast\Downloads\FRST-OlderVersion
2014-05-18 14:22 - 2014-05-15 19:49 - 02067456 _____ (Farbar) C:\Users\Caterina Quast\Downloads\FRST64.exe
2014-05-18 14:01 - 2014-05-18 14:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 13:59 - 2014-05-18 13:59 - 01016261 _____ (Thisisu) C:\Users\Caterina Quast\Downloads\JRT.exe
2014-05-18 13:43 - 2014-05-18 13:38 - 00000000 ____D () C:\AdwCleaner
2014-05-18 13:42 - 2011-11-22 18:16 - 00000000 ____D () C:\Users\Gast
2014-05-18 13:42 - 2011-10-27 18:53 - 00000000 ____D () C:\ProgramData\ICQ
2014-05-18 13:42 - 2011-10-27 15:22 - 00001017 _____ () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-18 13:42 - 2011-10-27 15:22 - 00000000 ____D () C:\Users\Caterina Quast
2014-05-18 13:37 - 2014-05-18 13:37 - 01325827 _____ () C:\Users\Caterina Quast\Downloads\adwcleaner_3.208.exe
2014-05-18 13:35 - 2014-05-15 18:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 13:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-05-16 18:50 - 2011-10-29 17:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-16 16:13 - 2014-05-16 16:13 - 00030940 _____ () C:\Users\Caterina Quast\Combofix.txt
2014-05-16 16:03 - 2014-05-16 16:03 - 00030940 _____ () C:\ComboFix.txt
2014-05-16 16:03 - 2014-05-16 15:33 - 00000000 ____D () C:\Qoobox
2014-05-16 16:03 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-16 15:59 - 2014-05-16 15:32 - 00000000 ____D () C:\Windows\erdnt
2014-05-16 15:59 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 15:57 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 15:32 - 2014-05-16 15:31 - 05200990 ____R (Swearware) C:\Users\Caterina Quast\Downloads\ComboFix.exe
2014-05-16 15:23 - 2014-05-16 15:23 - 00001272 _____ () C:\Users\Caterina Quast\Desktop\Revo Uninstaller.lnk
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-16 15:22 - 2014-05-16 15:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Caterina Quast\Downloads\revosetup95.exe
2014-05-16 15:20 - 2011-08-10 01:07 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-16 15:20 - 2011-08-10 01:07 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-16 15:20 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 15:15 - 2011-11-22 18:18 - 00121736 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-16 14:36 - 2011-11-22 18:17 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 14:36 - 2011-11-22 18:17 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 21:09 - 2013-07-14 21:04 - 00000942 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1313419136-1395772497-2831837863-1001Core.job
2014-05-15 19:54 - 2014-05-15 19:52 - 00039863 _____ () C:\Users\Caterina Quast\Downloads\Addition.txt
2014-05-15 19:00 - 2011-10-27 15:23 - 00121736 _____ () C:\Users\Caterina Quast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-15 18:58 - 2009-07-14 06:45 - 00443632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-15 18:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 18:54 - 2014-05-15 18:54 - 00049984 _____ () C:\Users\Caterina Quast\Virenscan1.txt
2014-05-15 18:53 - 2014-05-15 18:53 - 00049983 _____ () C:\Users\Caterina Quast\virenscan.txt
2014-05-15 18:36 - 2011-10-27 15:17 - 00000000 ____D () C:\ProgramData\Corel
2014-05-15 18:20 - 2012-09-30 18:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 18:19 - 2014-04-07 15:42 - 00000000 ____D () C:\Windows\CryptoGuard
2014-05-15 18:11 - 2014-05-15 18:11 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 18:11 - 2014-05-15 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 18:10 - 2014-05-15 18:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 18:10 - 2014-05-15 18:07 - 29629431 _____ () C:\Users\Caterina Quast\Downloads\avira_free_antivirus_de-614.exe
2014-05-15 18:09 - 2014-05-15 18:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Caterina Quast\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-15 18:01 - 2014-05-15 18:01 - 00003928 _____ () C:\{B3802693-C2A0-401B-9607-45A78A008CDD}
2014-05-15 18:00 - 2011-10-27 19:32 - 00000000 ____D () C:\Users\Caterina Quast\Computer
2014-05-15 17:56 - 2011-08-10 19:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-15 17:55 - 2012-12-25 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gefährten
2014-05-15 17:52 - 2013-05-29 13:14 - 00000000 ____D () C:\ProgramData\Cisco
2014-05-15 17:52 - 2011-08-10 21:33 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-05-15 17:44 - 2011-10-28 13:18 - 00000000 ____D () C:\Users\Caterina Quast\Caterina
2014-05-15 17:08 - 2014-05-15 17:08 - 00032480 _____ () C:\{4449DDC6-95B4-4281-B3F5-5D222C475C25}
2014-05-15 17:08 - 2014-05-15 17:08 - 00004312 _____ () C:\{59FBD6D1-2AE8-4338-9205-A7B6BFB3EB0E}
2014-05-15 17:02 - 2011-10-27 15:22 - 00000000 ___RD () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:02 - 2011-10-27 15:22 - 00000000 ___RD () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:57 - 2014-05-06 15:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 07:15 - 2011-10-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 07:07 - 2013-08-16 21:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 06:54 - 2011-08-10 17:28 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 06:50 - 2014-05-15 06:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-15 06:41 - 2012-09-15 19:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 06:40 - 2012-06-25 10:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 06:40 - 2011-08-10 21:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:17 - 2012-07-29 11:56 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 16:58 - 2011-08-10 21:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-09 08:14 - 2014-05-14 17:13 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 17:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 13:18 - 2011-10-27 15:15 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 13:18 - 2011-10-27 15:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-15 07:15 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 07:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 07:15 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 07:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 07:15 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 07:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-03 16:35 - 2011-10-29 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-05-03 16:34 - 2014-05-03 16:34 - 00003222 _____ () C:\Windows\System32\Tasks\{769E4AD9-CAAE-4B18-84DE-ECCF78F2691C}
2014-05-03 13:49 - 2014-05-03 13:49 - 00000000 ____D () C:\Users\Caterina Quast\AppData\Roaming\DropboxMaster
2014-04-22 18:04 - 2011-11-25 14:52 - 00000000 ____D () C:\ProgramData\CanonIJ

Some content of TEMP:
====================
C:\Users\Caterina Quast\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnnm_2i.dll
C:\Users\Caterina Quast\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 17:12] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-12 22:08

==================== End Of Log ============================
--- --- ---


Und ich würde jetzt wirklich sehr gerne schreiben, dass alles wieder okay ist, aber leider öffnen sich immer noch Werbefenster. Manchmal sind es nur kleine Werbeausschnitte innerhalb der Homepage, die ich anklicke. Dann wiederum öffnen sich einfach Tabs bei Chrome (meistens wird mir dabei eine Windows7 Reperatur angeboten). Da scheine ich mir wirklich etwas tolles eingefangen zu haben :(

schrauber 20.05.2014 12:24
Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Caterina Quast\AppData\Local\ywBhFIE
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [ywbhfie] => c:\users\caterina quast\appdata\local\ywbhfie\ywbhfie.exe [2801664 2014-05-15] ()
CHR Extension: (Hola Besseres Internet) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-18]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Cati 22.05.2014 18:08
Ich habe Adobe aktualisiert und habe auch das Textdokument erstellt und in den FRST Ordner auf meinem Laptop verschoben. Jetzt zeigt mir FRST aber, wenn ich auf fix klicke an, dass dieses Dokument nicht vorhanden ist. Habe ich das vielleicht falsch abgespeichert?

schrauber 23.05.2014 16:10
Du brauchst nicht den FRST ORdner verschieben. Die FRST.exe, das Programm, muss am gleichen Ort liegen wie die fixlist. FRST liegt bei dir im Download Ordner.

Cati 23.05.2014 19:37
Ich hatte deine vorherigen Angaben etwas missverstanden, sorry :D Aber jetzt hat alles geklappt :)
Hier der Fixlist:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Caterina Quast at 2014-05-23 20:07:21 Run:1
Running from C:\Users\Caterina Quast\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Caterina Quast\AppData\Local\ywBhFIE
HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\...\Run: [ywbhfie] => c:\users\caterina quast\appdata\local\ywbhfie\ywbhfie.exe [2801664 2014-05-15] ()
CHR Extension: (Hola Besseres Internet) - C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-18]
       
*****************


"C:\Users\Caterina Quast\AppData\Local\ywBhFIE" directory move:

C:\Users\Caterina Quast\AppData\Local\ywBhFIE\ywBhFIE.exe => Moved successfully.
Could not move "C:\Users\Caterina Quast\AppData\Local\ywBhFIE\ywbhfie.gdb" => Scheduled to move on reboot.
C:\Users\Caterina Quast\AppData\Local\ywBhFIE\ywbhfie.gss => Moved successfully.
Could not move "C:\Users\Caterina Quast\AppData\Local\ywBhFIE" directory. => Scheduled to move on reboot.

HKU\S-1-5-21-1313419136-1395772497-2831837863-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ywbhfie => Value deleted successfully.
C:\Users\Caterina Quast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-23 20:10:55)<=

C:\Users\Caterina Quast\AppData\Local\ywBhFIE\ywbhfie.gdb => Is moved successfully.
C:\Users\Caterina Quast\AppData\Local\ywBhFIE => Moved successfully.

==== End of Fixlog ====
Habe die restlichen Schritt auch ausgeführt und was soll ich sagen: Die Werbefenster sind verschwunden :)

schrauber 24.05.2014 18:13
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Cati 25.05.2014 13:27
Vielen, vielen Dank für deine Hilfe :)
Ich habe eigentlich nur noch eine abschließende kurze Frage: Ich betreibe über meinen Laptop Internetbanking. Ich wollte nun fragen, ob es aufgrund des Virenbefalls in Zukunft sicherer ist einen anderen Laptop zu nutzen oder ob ich den Laptop auch in Zukunft ganz normal wieder für I-Netbanking nutzen kann?


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19