Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.06.2014, 17:22   #1
kiki-berlin
 
SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Hallo Forum!

Habe da ein großes Problem: mein Sohn hat mir übergangsweise sein in den USA gekauften Laptop überlassen und nun ist ein Arbeiten an diesem Gerät kaum noch möglich: ständig ploppen Werbefenster auf, die mit "Ads by SuperLyrics" untertitelt sind. Manchmal wird man plötzlich auf kuriose Seiten umgeleitet, vorzugsweise Spieleseiten oder PC-Scan/Hilfeseiten. Außerdem sind wahllos Wörter unterstrichen und farbig, die auch für ein Aufploppen von Fenstern verantwortlich zu sein scheinen.
Dies passiert sowohl bei Chrome als auch bei Firefox.
Ich fürchte, der Haussegen wird kräftig schief hängen, wenn ich das nicht in den Griff kriege!

Habe nun versucht, Eurer Anleitung zu folgen:

1. defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:38 on 05/06/2014 (Jonathan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
2. FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Kirstin (ATTENTION: The logged in user is not administrator) on JONATHAN-PC on 05-06-2014 15:41:39
Running from C:\Users\Kirstin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HF_G_Jul] => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-28] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKU\S-1-5-21-2287927430-2481497565-1371983633-1003\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2287927430-2481497565-1371983633-1003\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-2287927430-2481497565-1371983633-1003\...\MountPoints2: {beeb4938-8444-11e3-9a98-38607716feca} - E:\LGAutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14324
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=
SearchScopes: HKLM - DefaultScope {9E473A89-2AF4-41E6-A9DB-A6E07294905B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM - {9E473A89-2AF4-41E6-A9DB-A6E07294905B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {B65B0C7E-7819-4D3A-808B-6F3D43726FFC} URL = hxxp://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {7B496DA2-D1F3-48F2-81E7-AB81BFC4CAE4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS480
SearchScopes: HKCU - {7B496DA2-D1F3-48F2-81E7-AB81BFC4CAE4} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS480
SearchScopes: HKCU - {9E473A89-2AF4-41E6-A9DB-A6E07294905B} URL = 
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files (x86)\ChatZum Toolbar\tbunscFD01.tmp\tbcore3.dll No File
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default
FF SearchEngineOrder.1: Mysearchdial
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: mysearchdial.com - C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\Extensions\ffxtlbr@mysearchdial.com [2014-03-25]
FF Extension: MySearchDial - C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-03-28]

Chrome: 
=======
CHR HomePage: https://www.google.com/
CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=", "", "https://zynga.com/play/castleville/?src=company&aff=games&crt=company.zynga.com/games/castleville"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-19]
CHR Extension: (YouTube) - C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-19]
CHR Extension: (GMX MailCheck) - C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2014-04-09]
CHR Extension: (Google-Suche) - C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-19]
CHR Extension: (Google Wallet) - C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-21]
CHR Extension: (Google Mail) - C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Users\Jonathan\AppData\Local\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.15.4.0.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\Jonathan\AppData\Local\MediaBA\betterads.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Jonathan\AppData\Local\Wajam\Chrome\wajam.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\12.2.5.32\avg.crx [2012-11-19]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-15] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 SuperLyrics; C:\Program Files (x86)\SuperLyrics-soft\SuperLyricsTOB161.exe [142848 2014-05-16] ()
R2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-08-30] ()
R2 WajamUpdaterV2; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe [113152 2013-10-10] (Wajam)

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [31080 2012-08-30] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Tosrfcom; No ImagePath
S3 DIRECTIO; \??\c:\BIT_TEMP\DirectIo.sys [X]
S3 DSDrv4; \??\C:\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys [X]
S3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 NTACCESS; \??\D:\NTACCESS_64.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 15:41 - 2014-06-05 15:41 - 00018790 _____ () C:\Users\Kirstin\Desktop\FRST.txt
2014-06-05 15:41 - 2014-06-05 15:41 - 00000000 ____D () C:\FRST
2014-06-05 15:38 - 2014-06-05 15:38 - 00000478 _____ () C:\Users\Kirstin\Desktop\defogger_disable.log
2014-06-05 15:38 - 2014-06-05 15:38 - 00000000 _____ () C:\Users\Jonathan\defogger_reenable
2014-06-05 15:25 - 2014-06-05 15:25 - 00380416 _____ () C:\Users\Kirstin\Desktop\Gmer-19357.exe
2014-06-05 15:24 - 2014-06-05 15:24 - 02068992 _____ (Farbar) C:\Users\Kirstin\Desktop\FRST64.exe
2014-06-05 15:23 - 2014-06-05 15:23 - 00050477 _____ () C:\Users\Kirstin\Desktop\Defogger.exe
2014-06-02 10:47 - 2014-06-02 10:47 - 00000000 ___RD () C:\Users\Jonathan\AppData\Roaming\Brother
2014-06-01 14:32 - 2014-06-01 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-24 13:13 - 2014-05-24 13:13 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2014-05-24 13:13 - 2014-05-24 13:13 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-17 23:46 - 2014-05-17 23:46 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\PDF24
2014-05-17 23:44 - 2014-05-17 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-05-17 23:43 - 2014-05-17 23:44 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-05-17 07:55 - 2014-05-17 07:55 - 00000000 ____D () C:\ProgramData\Nexon
2014-05-17 07:52 - 2014-05-17 07:52 - 00000000 ____D () C:\ProgramData\NexonEU
2014-05-17 07:39 - 2014-05-17 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEXON
2014-05-17 01:20 - 2014-05-17 01:20 - 00000000 ____D () C:\Program Files (x86)\NEXON
2014-05-16 20:32 - 2014-06-05 13:38 - 00000424 _____ () C:\windows\Tasks\SuperLyrics Update.job
2014-05-16 20:32 - 2014-06-05 13:38 - 00000414 _____ () C:\windows\Tasks\SuperLyrics_wd.job
2014-05-16 20:32 - 2014-05-16 20:32 - 00000000 ____D () C:\Program Files (x86)\SuperLyrics-soft
2014-05-15 23:20 - 2014-05-15 23:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-15 17:32 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-15 17:32 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-15 17:32 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-15 17:32 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-15 17:32 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-15 17:32 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-14 16:47 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-14 16:47 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-14 16:47 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-14 16:47 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-14 16:46 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:46 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-14 16:46 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-14 16:46 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-14 16:46 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-14 16:46 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-14 16:46 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-14 16:46 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-14 16:46 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-14 16:46 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-14 16:46 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-14 16:46 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-14 16:46 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-14 16:46 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-14 16:46 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-14 16:46 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-14 16:46 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-14 16:46 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-14 16:46 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-14 16:46 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-14 16:46 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-14 16:46 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-14 16:46 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-14 16:46 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-14 16:46 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-14 16:46 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:46 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:46 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-14 16:46 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-14 16:46 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-09 17:30 - 2014-05-09 17:30 - 00000000 ____D () C:\ProgramData\Der Stein der Weisen
2014-05-08 19:43 - 2014-05-08 21:25 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\Milinda Wind

==================== One Month Modified Files and Folders =======

2014-06-05 15:42 - 2012-11-19 15:04 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\Temp
2014-06-05 15:41 - 2014-06-05 15:41 - 00018790 _____ () C:\Users\Kirstin\Desktop\FRST.txt
2014-06-05 15:41 - 2014-06-05 15:41 - 00000000 ____D () C:\FRST
2014-06-05 15:38 - 2014-06-05 15:38 - 00000478 _____ () C:\Users\Kirstin\Desktop\defogger_disable.log
2014-06-05 15:38 - 2014-06-05 15:38 - 00000000 _____ () C:\Users\Jonathan\defogger_reenable
2014-06-05 15:38 - 2012-04-17 00:11 - 00000000 ____D () C:\Users\Jonathan
2014-06-05 15:31 - 2012-06-19 00:12 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 15:25 - 2014-06-05 15:25 - 00380416 _____ () C:\Users\Kirstin\Desktop\Gmer-19357.exe
2014-06-05 15:24 - 2014-06-05 15:24 - 02068992 _____ (Farbar) C:\Users\Kirstin\Desktop\FRST64.exe
2014-06-05 15:23 - 2014-06-05 15:23 - 00050477 _____ () C:\Users\Kirstin\Desktop\Defogger.exe
2014-06-05 14:59 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-06-05 14:52 - 2011-07-19 23:34 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 14:35 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 14:35 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 14:21 - 2011-07-19 23:03 - 01162265 _____ () C:\windows\WindowsUpdate.log
2014-06-05 13:42 - 2009-07-14 07:13 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-05 13:38 - 2014-05-16 20:32 - 00000424 _____ () C:\windows\Tasks\SuperLyrics Update.job
2014-06-05 13:38 - 2014-05-16 20:32 - 00000414 _____ () C:\windows\Tasks\SuperLyrics_wd.job
2014-06-05 13:38 - 2013-03-02 17:20 - 00000294 _____ () C:\windows\Tasks\CheckDriveBackgroundGuard.job
2014-06-05 13:38 - 2011-07-19 23:34 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 13:37 - 2012-04-21 19:04 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-06-05 13:37 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-05 13:37 - 2009-07-14 06:51 - 00123537 _____ () C:\windows\setupact.log
2014-06-02 18:37 - 2013-12-06 17:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-02 18:37 - 2011-04-28 05:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-02 18:37 - 2010-11-21 05:47 - 00456752 _____ () C:\windows\PFRO.log
2014-06-02 10:47 - 2014-06-02 10:47 - 00000000 ___RD () C:\Users\Jonathan\AppData\Roaming\Brother
2014-06-01 23:35 - 2012-12-25 16:53 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\CrashDumps
2014-06-01 22:54 - 2011-07-19 23:14 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-01 14:33 - 2014-06-01 14:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-01 02:26 - 2014-02-14 21:01 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Spotify
2014-05-28 14:30 - 2014-02-14 20:27 - 00000332 _____ () C:\windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2014-05-24 13:13 - 2014-05-24 13:13 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2014-05-24 13:13 - 2014-05-24 13:13 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-23 17:28 - 2013-11-13 13:38 - 00000000 _____ () C:\end
2014-05-19 19:46 - 2014-02-18 00:19 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\ControlCenter4
2014-05-18 15:53 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-05-17 23:46 - 2014-05-17 23:46 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\PDF24
2014-05-17 23:44 - 2014-05-17 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-05-17 23:44 - 2014-05-17 23:43 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-05-17 07:55 - 2014-05-17 07:55 - 00000000 ____D () C:\ProgramData\Nexon
2014-05-17 07:52 - 2014-05-17 07:52 - 00000000 ____D () C:\ProgramData\NexonEU
2014-05-17 07:39 - 2014-05-17 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEXON
2014-05-17 01:20 - 2014-05-17 01:20 - 00000000 ____D () C:\Program Files (x86)\NEXON
2014-05-16 20:34 - 2014-03-28 00:13 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\ArcSoft
2014-05-16 20:32 - 2014-05-16 20:32 - 00000000 ____D () C:\Program Files (x86)\SuperLyrics-soft
2014-05-16 20:32 - 2014-02-04 23:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-16 20:32 - 2014-02-04 23:32 - 00000000 ____D () C:\Program Files (x86)\Buzz_Words
2014-05-16 10:09 - 2013-01-13 07:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 10:09 - 2013-01-13 07:22 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-15 23:23 - 2012-11-19 15:05 - 00000000 ___RD () C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 23:23 - 2012-11-19 15:05 - 00000000 ___RD () C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 23:20 - 2014-05-15 23:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-15 17:31 - 2013-08-18 02:36 - 00000000 ____D () C:\windows\system32\MRT
2014-05-15 17:29 - 2013-01-06 03:59 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-15 03:02 - 2012-06-19 00:12 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 03:02 - 2012-06-19 00:12 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-09 17:30 - 2014-05-09 17:30 - 00000000 ____D () C:\ProgramData\Der Stein der Weisen
2014-05-09 14:19 - 2013-12-11 19:44 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\HdO Adventure
2014-05-09 14:18 - 2013-12-11 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-05-09 14:18 - 2013-12-11 19:41 - 00000000 ____D () C:\Program Files (x86)\Purplehills
2014-05-09 08:14 - 2014-05-14 16:47 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 16:47 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-08 21:25 - 2014-05-08 19:43 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\Milinda Wind
2014-05-06 06:40 - 2014-05-15 17:32 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 17:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 17:32 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 17:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 17:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 17:32 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Kirstin\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
3. FRST Additional

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Kirstin at 2014-06-05 15:42:23
Running from C:\Users\Kirstin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

20.000 Meilen unter dem Meer (HKLM-x32\...\{6692A6CC-6EDA-40C3-8F57-1E8ECD5AE2E0}) (Version: 1.00.0000 - Purplehills)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AION Free-To-Play (HKLM-x32\...\InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}) (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0420.1613.27244 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.322 - ArcSoft)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{5BFBC3C9-A4F2-E7F9-E8B2-1495D3928068}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Basic Operation Guide EPSON SX430 Series (HKLM-x32\...\EPSON SX430 Series Bog) (Version:  - )
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-J4110DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0420.1613.27244 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0420.1613.27244 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help English (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help French (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help German (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0420.1612.27244 - ATI) Hidden
ccc-utility64 (Version: 2011.0420.1613.27244 - ATI) Hidden
ChatZum Toolbar (HKLM-x32\...\ChatZum Toolbar) (Version: 1.0.14 - ChatZum)
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.871 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Der Stein der Weisen (HKLM-x32\...\Der Stein der Weisen) (Version:  - )
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
Europe MapleStory (HKLM-x32\...\Europe MapleStory_is1) (Version:  - Nexon)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Frankenstein (HKLM-x32\...\{610B773E-3183-43D5-B01D-862EFF276B81}) (Version: 1.00.0000 - Ihr Firmenname)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Holly im Wunderland (HKLM-x32\...\Holly im Wunderland) (Version:  - )
Hollywood - Directors Cut (HKLM-x32\...\{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}) (Version: 1.00.0000 - Purplehills)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.06.20130913 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Magellan Communicator (HKLM-x32\...\InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}) (Version: 1.15.020 - Magellan Navigation, Inc.)
Magellan Communicator (x32 Version: 1.15.020 - Magellan Navigation, Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery 2 (HKLM-x32\...\Mystery 2) (Version:  - )
Mysteryville 2 (HKLM-x32\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version:  - NCsoft)
NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)
Network Guide EPSON SX430 Series (HKLM-x32\...\EPSON SX430 Series Netg) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PirateVille (HKLM-x32\...\PirateVille) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.3 - betwikx LLC) <==== ATTENTION
QuickShare (HKLM-x32\...\{2B0ECB7D-EA9A-422A-9651-FC195136B031}) (Version: 10.204.60.14277 - Linkury Inc.) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6289 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Secrets of Vatican (HKLM-x32\...\{66B76A83-4B3A-4218-82A4-862E26B745CA}) (Version: 1.00.0000 - Purplehills)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SuperLyrics (HKLM-x32\...\5971B664-B0B6-29A6-471B-573AF10D9333) (Version:  - SuperLyrics-software) <==== ATTENTION
sv.net (HKLM-x32\...\sv.net) (Version: 14.0 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Time Machine (HKLM-x32\...\{9F9D845C-A5F0-423B-9820-240771C7645D}) (Version: 1.00.0000 - Purplehills)
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
User's Guide EPSON SX430 Series (HKLM-x32\...\EPSON SX430 Series Useg) (Version:  - )
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 2.32.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 2.32.0000 - Magellan Navigation, Inc.) Hidden
Wajam (HKLM-x32\...\Wajam) (Version: 2.02 - Wajam) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\CheckDriveBackgroundGuard.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => ?
Task: C:\windows\Tasks\SuperLyrics Update.job => ?
Task: C:\windows\Tasks\SuperLyrics_wd.job => ?

==================== Loaded Modules (whitelisted) =============

2011-04-21 01:11 - 2011-04-21 01:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 19:17 - 2011-03-22 19:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2014 01:39:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 10:31:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106

Error: (06/03/2014 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106

Error: (06/03/2014 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2014 07:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1108

Error: (06/03/2014 07:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1108

Error: (06/03/2014 07:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2014 10:49:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15444

Error: (06/03/2014 10:49:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15444


System errors:
=============
Error: (06/03/2014 06:43:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WajamUpdaterV2 service terminated with the following error: 
%%2

Error: (06/03/2014 01:54:06 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JONATHAN-PC    :20" could not be registered on the interface with IP address 192.168.0.14.
The computer with the IP address 192.168.0.12 did not allow the name to be claimed by
this computer.

Error: (06/03/2014 01:54:06 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JONATHAN-PC    :0" could not be registered on the interface with IP address 192.168.0.14.
The computer with the IP address 192.168.0.12 did not allow the name to be claimed by
this computer.

Error: (06/03/2014 01:54:06 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{92D1B5A5-5ED5-430F-B188-F92E0EBC3E12} because another computer on the network has the same name.  The server could not start.

Error: (06/02/2014 04:04:57 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JONATHAN-PC    :0" could not be registered on the interface with IP address 192.168.0.14.
The computer with the IP address 192.168.0.12 did not allow the name to be claimed by
this computer.

Error: (06/02/2014 04:04:57 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JONATHAN-PC    :20" could not be registered on the interface with IP address 192.168.0.14.
The computer with the IP address 192.168.0.12 did not allow the name to be claimed by
this computer.

Error: (06/02/2014 04:04:57 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{92D1B5A5-5ED5-430F-B188-F92E0EBC3E12} because another computer on the network has the same name.  The server could not start.

Error: (05/27/2014 04:13:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.175.432.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.5.0216.00

	Source Path: 4.5.0216.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (05/27/2014 02:42:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.175.432.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.5.0216.00

	Source Path: 4.5.0216.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (05/27/2014 02:42:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.175.432.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.5.0216.00

	Source Path: 4.5.0216.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (06/05/2014 01:39:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 10:31:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106

Error: (06/03/2014 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106

Error: (06/03/2014 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2014 07:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1108

Error: (06/03/2014 07:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1108

Error: (06/03/2014 07:11:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2014 10:49:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15444

Error: (06/03/2014 10:49:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15444


CodeIntegrity Errors:
===================================
  Date: 2014-03-25 21:18:27.265
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-25 21:18:27.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-25 21:18:26.595
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-25 21:18:26.475
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-25 20:51:59.077
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\NTGLM7X.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-25 20:51:58.939
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\NTGLM7X.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-25 20:51:57.060
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install\GMSIPCI.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-25 20:51:56.907
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install\GMSIPCI.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-25 20:30:37.840
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\NTGLM7X.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-25 20:30:37.698
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\NTGLM7X.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 5610.12 MB
Available physical RAM: 3297.38 MB
Total Pagefile: 11218.42 MB
Available Pagefile: 7544.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106164W0D) (Fixed) (Total:581.37 GB) (Free:375.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HOW_I_MET_YOUR_MOTHER) (CDROM) (Total:7.26 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         

4. GMER

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-05 16:00:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK6476GSXN rev.GB001M 596.17GB
Running: Gmer-19357.exe; Driver: C:\Users\Jonathan\AppData\Local\Temp\kwdcrkod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                     fffff800031ec000 65 bytes [B7, 45, 2A, A8, 01, 0F, 84, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 723                                                                                     fffff800031ec0c3 1 byte [3D]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1812] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         00000000773c1465 2 bytes [3C, 77]
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1812] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000773c14bb 2 bytes [3C, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\SuperLyrics-soft\SuperLyricsTOB161.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000773c1465 2 bytes [3C, 77]
.text     C:\Program Files (x86)\SuperLyrics-soft\SuperLyricsTOB161.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000773c14bb 2 bytes [3C, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe[2496] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  00000000773c1465 2 bytes [3C, 77]
.text     C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe[2496] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000773c14bb 2 bytes [3C, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2836] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000773c1465 2 bytes [3C, 77]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2836] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000773c14bb 2 bytes [3C, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3832] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              00000000773c1465 2 bytes [3C, 77]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3832] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000773c14bb 2 bytes [3C, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4304] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          00000000773c1465 2 bytes [3C, 77]
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4304] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000773c14bb 2 bytes [3C, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Browny02\BrYNSvc.exe[4500] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              00000000773c1465 2 bytes [3C, 77]
.text     C:\Program Files (x86)\Browny02\BrYNSvc.exe[4500] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             00000000773c14bb 2 bytes [3C, 77]
.text     ...                                                                                                                                                    * 2

---- EOF - GMER 2.1 ----
         
Nachdem ich dieses Prozedere durchlaufen habe, Internet wieder on, habe ich mir die .txt
Dateien angesehen und dann hatte ich plötzlich einen bluescreen.
Habe dann erst mal im abgesicherten Modus ohne Netz hochgefahren, dann wieder normal restartet.

Ich benutze Microsoft Security Essentials als Virenscanner, der ist immer auf dem Laufenden und hat nichts gefunden. Den konnte ich auch während des Laufs der Analyseprogramme nicht abschalten.

Bitte habt Verständnis, wenn das alles nicht so professionell formuliert ist, aber ich würde mich lediglich als "bemühter Laie" in Sachen Computer bezeichnen. Ich bitte daher auch um möglichst verständliche Anleitung bei Eurer Hilfe. Dafür schon vorab lieben Dank!!!

kiki-berlin

Alt 05.06.2014, 18:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



hi,

unsere Tools brauchen immer Adminrechte.


Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 05.06.2014, 21:19   #3
kiki-berlin
 
SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Hallo Schrauber,

Danke für die Turboschnelle Antwort.

Ich habe den ersten Schritt mit dem Revo Uninstaller ausgeführt und Juchuuuu, es ist weg!
Ich konnte alle "Attention-Programme" deinstallieren, also brauche ich ja den zweiten Schritt mit dem Combofix nicht mehr zu machen, oder habe ich da was falsch verstanden?

Einen Neustart habe ich erfolgreich und problemlos machen können. Falls es das dann war, sage ich schon mal DANKE DANKE DANKE DANKE DANKE DANKE DANKE DANKE

kiki-berlin
__________________

Alt 06.06.2014, 19:56   #4
schrauber
/// the machine
/// TB-Ausbilder
 

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



doch auf jeden Fall machen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.06.2014, 18:56   #5
kiki-berlin
 
SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Hallo Schrauber,

habe nun Combofix auch noch laufen lassen. Er hat gemeckert, weil ich Microsoft Essentials nicht ausgeschaltet habe, aber ehrlicherweise habe ich keine Möglichkeit dazu gefunden. Habe folgende log.datei erhalten:

Code:
ATTFilter
ComboFix 14-06-10.01 - Jonathan 06/10/2014  18:35:13.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1033.18.5610.3323 [GMT 2:00]
ausgeführt von:: c:\users\Jonathan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-10 bis 2014-06-10  ))))))))))))))))))))))))))))))
.
.
2014-06-10 16:44 . 2014-06-10 16:44	--------	d-----w-	c:\users\Kirstin\AppData\Local\temp
2014-06-10 16:44 . 2014-06-10 16:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-10 16:28 . 2014-06-10 16:28	--------	d-----w-	c:\users\Jonathan\AppData\Local\Razer
2014-06-09 20:55 . 2014-06-09 20:55	--------	d-----w-	c:\programdata\Razer
2014-06-09 20:54 . 2014-06-10 16:27	--------	d-----w-	c:\program files (x86)\Razer
2014-06-09 20:50 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B689FF5C-D140-45CA-80A4-12BE45CEA2E6}\mpengine.dll
2014-06-09 20:37 . 2014-06-09 20:37	--------	d-----w-	c:\users\Jonathan\AppData\Roaming\LG Electronics
2014-06-08 01:48 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-05 18:32 . 2014-06-05 18:32	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-06-05 13:41 . 2014-06-05 13:42	--------	d-----w-	C:\FRST
2014-06-05 12:36 . 2014-06-06 01:32	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-05 11:50 . 2014-05-02 16:58	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54CE2398-B4A0-40D8-B829-D6EBEF37B83D}\gapaengine.dll
2014-06-02 08:47 . 2014-06-02 08:47	--------	d-----r-	c:\users\Jonathan\AppData\Roaming\Brother
2014-05-29 05:32 . 2014-05-29 05:32	80384	----a-w-	c:\windows\system32\RazerCoinstaller.dll
2014-05-24 02:33 . 2014-05-24 02:33	864256	----a-w-	c:\windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33 . 2014-05-24 02:33	325120	----a-w-	c:\windows\SysWow64\rzaudiodll.dll
2014-05-19 06:47 . 2014-05-19 06:47	155816	----a-w-	c:\windows\system32\drivers\rzudd.sys
2014-05-19 06:26 . 2014-05-19 06:26	89088	----a-w-	c:\windows\SysWow64\rzdevinfo.dll
2014-05-19 06:26 . 2014-05-19 06:26	155136	----a-w-	c:\windows\SysWow64\rztouchdll.dll
2014-05-19 06:26 . 2014-05-19 06:26	117248	----a-w-	c:\windows\SysWow64\rzdisplaydll.dll
2014-05-19 02:58 . 2014-05-19 02:58	--------	d-sh--w-	c:\users\Jonathan\AppData\Local\EmieUserList
2014-05-19 02:58 . 2014-05-19 02:58	--------	d-sh--w-	c:\users\Jonathan\AppData\Local\EmieSiteList
2014-05-17 21:46 . 2014-05-17 21:46	--------	d-----w-	c:\users\Kirstin\AppData\Local\PDF24
2014-05-17 21:43 . 2014-05-17 21:44	--------	d-----w-	c:\program files (x86)\PDF24
2014-05-17 05:55 . 2014-05-17 05:55	--------	d-----w-	c:\programdata\Nexon
2014-05-16 23:20 . 2014-05-16 23:20	--------	d-----w-	c:\program files (x86)\NEXON
2014-05-16 21:30 . 2014-05-16 21:30	--------	d-----w-	c:\users\Jonathan\AppData\Local\Akamai
2014-05-15 21:20 . 2014-05-15 21:20	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-15 15:32 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-15 15:32 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-15 15:32 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-15 15:32 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-14 14:47 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-05-14 14:47 . 2014-05-09 06:14	477184	----a-w-	c:\windows\system32\aepdu.dll
2014-05-14 14:47 . 2014-05-09 06:11	424448	----a-w-	c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 15:29 . 2013-01-06 01:59	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-15 14:43 . 2014-03-25 20:36	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-05-15 14:43 . 2014-03-25 20:36	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-05-15 14:43 . 2014-03-25 20:36	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-05-15 01:02 . 2012-06-18 22:12	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 01:02 . 2012-06-18 22:12	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 16:58 . 2013-03-12 19:21	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-15 18:53 . 2014-03-27 21:47	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-04-15 18:53 . 2014-03-27 21:47	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-04-15 18:53 . 2014-03-29 13:44	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-03-25 20:36 . 2014-03-25 20:36	736952	----a-w-	c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}"= "c:\program files (x86)\ChatZum Toolbar\tbunscFD01.tmp\tbcore3.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{37d48d9c-3f7e-412f-b5bf-611be7ccfca1}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"VantagePointLite.exe"="c:\program files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe" [2012-12-03 155136]
"Spotify"="c:\users\Jonathan\AppData\Roaming\Spotify\spotify.exe" [2014-02-14 6118400]
"Spotify Web Helper"="c:\users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-02-14 1171968]
"Akamai NetSession Interface"="c:\users\Jonathan\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-05-14 191016]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-05-31 585048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2014-3-28 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys;c:\bit_temp\DirectIo.sys [x]
R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys;c:\program files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 SetupNTGLM7X;SetupNTGLM7X;d:\ntglm7x.sys;d:\NTGLM7X.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-27 12:32	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 01:02]
.
2014-06-10 c:\windows\Tasks\CheckDriveBackgroundGuard.job
- c:\program files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2013-03-02 16:10]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19 21:34]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19 21:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:13856
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e0c165bc-a2e7-b558-8025-dfa716070f18&searchtype=ds&q={searchTerms}&installDate=20/10/2013
IE: {{9FB232C5-6909-4F81-99B4-BAB4998940F2}
TCP: DhcpNameServer = 192.168.0.3
FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\cmb6y5pz.default\
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ChatZum Toolbar - c:\program files (x86)\ChatZum Toolbar\tbunscFD01.tmp\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-10  18:47:28
ComboFix-quarantined-files.txt  2014-06-10 16:47
ComboFix2.txt  2014-06-10 16:17
.
Vor Suchlauf: 403,066,146,816 bytes free
Nach Suchlauf: 403,011,813,376 bytes free
.
- - End Of File - - AD974526BD1BC8645873D7592117514B
5B5E648D12FCADC244C1EC30318E1EB9
         
Ein Neustart hat problemlos funktioniert.

Vielen Dank

kiki


Alt 11.06.2014, 09:55   #6
schrauber
/// the machine
/// TB-Ausbilder
 

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich

Alt 11.06.2014, 17:08   #7
kiki-berlin
 
SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Hallo Schrauber!

Wie beende ich denn Microsoft Security Essentials. Ich finde da keine Möglichkeit ausser die Anwendung zu deinstallieren. Das muss doch auch anders gehen, oder?!

Danke

kiki

Alt 12.06.2014, 09:00   #8
schrauber
/// the machine
/// TB-Ausbilder
 

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



MSE öffnen, Schutz unterbrechen, da ist extra ne Option für
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2014, 13:32   #9
kiki-berlin
 
SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Hallo Schrauber,

vielen Dank vorab für die vorzügliche Betreuung hier, da werde ich wohl auch mein eigenes Laptop mal durchecken. Ich staune, was sich so für Müll ansammelt....

Habe die letzten Arbeitsaufgaben abgearbeitet:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 6/19/2014
Suchlauf-Zeit: 11:58:35 AM
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.19.04
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Jonathan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 327391
Verstrichene Zeit: 26 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 23
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [0b4538423348999db88b8ceeb64c03fd], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [0b4538423348999db88b8ceeb64c03fd], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, In Quarantäne, [73dd9bdfbfbce6509fd75d1c43bf857b], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [73dd9bdfbfbce6509fd75d1c43bf857b], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [73dd9bdfbfbce6509fd75d1c43bf857b], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [73dd9bdfbfbce6509fd75d1c43bf857b], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [73dd9bdfbfbce6509fd75d1c43bf857b], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [73dd9bdfbfbce6509fd75d1c43bf857b], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [73dd9bdfbfbce6509fd75d1c43bf857b], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [a8a893e76c0f4fe7b9170d39b84ae21e], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [a8a893e76c0f4fe7b9170d39b84ae21e], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [a8a893e76c0f4fe7b9170d39b84ae21e], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [a8a893e76c0f4fe7b9170d39b84ae21e], 
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [c68acdadde9d30067e7b41378d759c64], 
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [c68acdadde9d30067e7b41378d759c64], 
PUP.Optional.PricePeep.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, In Quarantäne, [361acab029523006e2d75226f0128779], 
PUP.Optional.PricePeep.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, In Quarantäne, [361acab029523006e2d75226f0128779], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [75db0e6cfc7f0630ee5bdde9be449967], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [b49c6b0f384356e0cc8706d6907339c7], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [7cd4d0aa2259f640a255f9bb956d36ca], 
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, In Quarantäne, [5af6b5c576055cda88d00cd10bf8639d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [a0b0f28835460c2abe0e35bbef14f20e], 
PUP.Optional.Lyrics.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SuperLyrics-16, In Quarantäne, [ca86e892b5c6e94d41652690f70b6799], 

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1R1Q1O0G2Z1I1E, In Quarantäne, [b49c6b0f384356e0cc8706d6907339c7]

Registrierungsdaten: 6
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=),Ersetzt,[95bb2d4d68137cba8683e29b7292639d]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=),Ersetzt,[2a26fc7e3645e0569f6a3a43758f47b9]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=),Ersetzt,[321ec2b891eaf54126e27d0005ff32ce]
PUP.Optional.Snapdo, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e0c165bc-a2e7-b558-8025-dfa716070f18&searchtype=ds&q={searchTerms}&installDate=20/10/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e0c165bc-a2e7-b558-8025-dfa716070f18&searchtype=ds&q={searchTerms}&installDate=20/10/2013),Ersetzt,[bd937ffbbcbfba7cef21de9f20e4718f]
PUP.Optional.Snapdo, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e0c165bc-a2e7-b558-8025-dfa716070f18&searchtype=ds&q={searchTerms}&installDate=20/10/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e0c165bc-a2e7-b558-8025-dfa716070f18&searchtype=ds&q={searchTerms}&installDate=20/10/2013),Ersetzt,[8ec27a007ffce0564dc43f3e768e23dd]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2287927430-2481497565-1371983633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e0c165bc-a2e7-b558-8025-dfa716070f18&searchtype=ds&q={searchTerms}&installDate=20/10/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e0c165bc-a2e7-b558-8025-dfa716070f18&searchtype=ds&q={searchTerms}&installDate=20/10/2013),Ersetzt,[ba96f08a4a31de586b3ea2d147bd1ce4]

Ordner: 14
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\components, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\META-INF, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc, In Quarantäne, [f8581862ccafbb7ba34f72228280d52b], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc, In Quarantäne, [e46c374312692412ce24256f9969758b], 

Dateien: 208
PUP.Optional.DomaIQ, C:\Users\Jonathan\Downloads\Java.exe, In Quarantäne, [80d076040b70a98d07875bcec04148b8], 
PUP.Optional.InstallCore.A, C:\Users\Kirstin\Downloads\7-zip.exe, In Quarantäne, [044c8feb8cefdf57281540122fd5748c], 
PUP.Optional.InstallCore.A, C:\Users\Kirstin\Downloads\presto-pvr.exe, In Quarantäne, [0e42fb7fff7cb284182519397d8738c8], 
PUP.Optional.BundleInstaller.A, C:\Users\Kirstin\Downloads\Setup.exe, In Quarantäne, [63edff7bd1aa55e107e08ea31ae7bd43], 
PUP.Optional.LiveLyrics.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [4a06f08aef8c1b1bca6fd6d5f70be917], 
PUP.Optional.LiveLyrics.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [6ce48deddaa17bbbcb6ea00b0cf6ac54], 
PUP.Optional.LiveLyrics.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [e66a1a600d6e61d586f8733ae71be020], 
PUP.Optional.LiveLyrics.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [8dc3c5b59edd2214d1adeebf758da25e], 
PUP.Optional.Superfish.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [f060c5b5b9c28babd9a6763744be34cc], 
PUP.Optional.Superfish.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [60f0bcbe25566fc7b1cec1ecf60c52ae], 
PUP.Optional.Superfish.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [4808601ae9925cdaf986367772908977], 
PUP.Optional.Superfish.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [60f0275317644fe7017e238a53af5ba5], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi, In Quarantäne, [76da790185f656e0638f3f7523dfd030], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage, In Quarantäne, [1739fa803c3f2511fc9ff1c5a35f50b0], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage-journal, In Quarantäne, [64ec8eece09b92a4beddaa0c877b7a86], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage, In Quarantäne, [d27e324807745fd73d5e9f1779891ee2], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage-journal, In Quarantäne, [4e02fc7eeb90cc6a4d4e4a6c689af010], 
PUP.Optional.FunMoods.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage, In Quarantäne, [93bdcfab2457a88eff7e5194f2118f71], 
PUP.Optional.PricePeep.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage, In Quarantäne, [9ab63e3c85f6d5613d5eee0c93701ce4], 
PUP.Optional.PricePeep.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage-journal, In Quarantäne, [1739344602790630f9a28d6d06fda65a], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.html, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\manifest.json, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.htm, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.html, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.html, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS\border.css, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-1.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-2.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-3.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fb.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fblike.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\gmail.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\google.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\googleplus.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-1.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-2.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-3.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\left.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-1.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-2.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-3.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\mgsplusvideo.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-1.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-2.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-3.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\PBQuickShare.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\pinit.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\right.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\searchBox.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\searchBoxQs.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-1.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-2.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-3.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\twitter.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-1.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-2.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-3.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\BackPageRemove.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\defaultBlockList.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\documentEvents.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\externalJS.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\FBImagePreview.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\InternalJS.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\jquery-1.9.0.min.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\PluginWrapper.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\publisherDefinitions.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\tabReload.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\TopFrameJS.js, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\QuickShare.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\QuickShare128.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\QuickShare16.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.SnapDo.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\QuickShare48.png, In Quarantäne, [ec64d0aa7ffceb4b426bd1be9a685ba5], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\chrome.manifest, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\install.rdf, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\components\FFDisp.dll, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\dpk.htm, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\hlprs.js, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\loader.xul, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\mtstart.js, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.css, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.xul, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\serp.js, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\tmplt.js, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\arwDwn.gif, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\closeo.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\help_16.gif, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\home.gif, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\icon_seperator.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\logo.PNG, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\privecy_16_hot.gif, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\sign.jpg, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\specialoffer.gif, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\tellafriend.gif, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ae.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\bg.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ch.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cn.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cz.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\de.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\eg.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\en.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\es.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\fr.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\gr.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\he.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\il.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\it.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ja.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\jp.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\nl.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\no.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pl.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pt.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ro.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ru.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sa.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\se.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sv.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\tr.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ua.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\us.png, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\META-INF\manifest.mf, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.rsa, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.sf, In Quarantäne, [1a3638420a718bab8cb26032936f30d0], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000044.log, In Quarantäne, [f8581862ccafbb7ba34f72228280d52b], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000045.ldb, In Quarantäne, [f8581862ccafbb7ba34f72228280d52b], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\CURRENT, In Quarantäne, [f8581862ccafbb7ba34f72228280d52b], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOCK, In Quarantäne, [f8581862ccafbb7ba34f72228280d52b], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG, In Quarantäne, [f8581862ccafbb7ba34f72228280d52b], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG.old, In Quarantäne, [f8581862ccafbb7ba34f72228280d52b], 
PUP.Optional.CrossRider.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\MANIFEST-000042, In Quarantäne, [f8581862ccafbb7ba34f72228280d52b], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000019.ldb, In Quarantäne, [e46c374312692412ce24256f9969758b], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000021.ldb, In Quarantäne, [e46c374312692412ce24256f9969758b], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000022.log, In Quarantäne, [e46c374312692412ce24256f9969758b], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\CURRENT, In Quarantäne, [e46c374312692412ce24256f9969758b], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOCK, In Quarantäne, [e46c374312692412ce24256f9969758b], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG, In Quarantäne, [e46c374312692412ce24256f9969758b], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG.old, In Quarantäne, [e46c374312692412ce24256f9969758b], 
PUP.Optional.CrossRider.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\MANIFEST-000020, In Quarantäne, [e46c374312692412ce24256f9969758b], 
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=", "", "https://zynga.com/play/castleville/?src=company&aff=games&crt=company.zynga.com/games/castleville" ],), Ersetzt,[341cfb7f3e3d6bcb88b96547df25827e]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.AL", 2);), Ersetzt,[65eb304ac9b22b0bf37f19920004ce32]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.aflt", "ir_14_13_ch");), Ersetzt,[0c44ccae7a01999d30423c6f4eb602fe]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Ersetzt,[ed635e1c2457c4729ed4baf1d034c33d]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q");), Ersetzt,[92be17634239ba7c1b57c5e659aba15f]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cntry", "DE");), Ersetzt,[1838bdbd5a2159dde88af2b9937143bd]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cr", "306731090");), Ersetzt,[68e81e5c26551f170b67dccffd076c94]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltLng", "");), Ersetzt,[87c97a00661589adc7abb3f8c93b3dc3]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltSrch", true);), Ersetzt,[9cb46218354678beea888c1fd0347b85]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dnsErr", true);), Ersetzt,[52fe3842463574c22f43ebc0d4301ce4]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");), Ersetzt,[351b4733c2b93006e191b5f6f50f0cf4]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.excTlbr", false);), Ersetzt,[7ad6a9d16417f046e58d3b701fe522de]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hdrMd5", "F52DD00EC676CB5DCAA164695B0EA18C");), Ersetzt,[7fd10377384387afa3cf1497cc38d42c]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpg", true);), Ersetzt,[78d84f2b6219fe38244e4d5e19ebf709]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=");), Ersetzt,[b39d502a48333ef884eedccffd0723dd]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.id", "38607716FECA9928");), Ersetzt,[1739b6c4f487e056472b911af1137789]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlDay", "16154");), Ersetzt,[b59bc0ba0b70a78f353d4863aa5a48b8]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlRef", "140305_b");), Ersetzt,[262aa7d30e6d60d64929e0cbdc28b64a]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=");), Ersetzt,[76da7208ea918aac254d6d3e9470bd43]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastVrsnTs", "");), Ersetzt,[bb95cdad9fdca4928ae8a9027f85f40c]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=");), Ersetzt,[6be56614a9d27eb882f02f7cba4a3cc4]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");), Ersetzt,[8cc4ff7b2e4d3bfb1a584566669eb44c]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Ersetzt,[212ff1892e4dab8ba8cacfdc7391d927]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Ersetzt,[450b6f0bc7b43501e78bdad15aaaa759]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.sg", "{smplGrp}");), Ersetzt,[ef61cdad2c4fe353f77b406ba85c41bf]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Ersetzt,[c987522898e384b2135fa50638ccc040]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrId", "base");), Ersetzt,[d67a3941abd02a0cbfb33b70a95b2dd3]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=&q=");), Ersetzt,[9db3ff7ba4d76fc77bf7bbf0c1436d93]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");), Ersetzt,[ff51196194e786b0db97a6059173aa56]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");), Ersetzt,[7fd1106aaad1bf777df5cae134d09769]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.newTab", false);), Ersetzt,[b79994e6adce013586ecc9e216ee857b]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Ersetzt,[cd83fe7cb4c751e53e34218a27dd27d9]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.016:6:27");), Ersetzt,[be92f783b6c5dd59f87af7b4da2ae61a]
PUP.Optional.MySearch.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.aflt", "ir_14_13_ch");), Ersetzt,[b79996e40f6c2d0962087c2fe71d9d63]
PUP.Optional.MySearch.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.instlRef", "140305_b");), Ersetzt,[3f115624ed8e12240565862537cd50b0]
PUP.Optional.MySearch.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.cr", "306731090");), Ersetzt,[e36d4c2e4a3167cfb1b9446771938779]
PUP.Optional.MySearch.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q");), Ersetzt,[d27e2951314a9c9a4921852634d00df3]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpg", true);), Ersetzt,[68e86812b9c2b6803241fbb070940ef2]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=");), Ersetzt,[85cb38429dde4beb88eb3b7026de8b75]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltSrch", true);), Ersetzt,[2f21ed8dfe7d45f103708328a06423dd]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Ersetzt,[ff5158223942aa8c264d5f4ca06412ee]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dnsErr", true);), Ersetzt,[fd5391e91e5d50e60d66a506df2501ff]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.newTab", false);), Ersetzt,[cc8412680b70ba7ccca77b30b450629e]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=");), Ersetzt,[6fe185f50a71b185d79cdfccb05402fe]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=&q=");), Ersetzt,[b69a5a2022593bfba9cacae13fc5b749]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.id", "38607716FECA9928");), Ersetzt,[e66a2357e8935dd974ff9b102dd7659b]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlDay", "16154");), Ersetzt,[b59b1961b8c33ef876fd09a24db7e31d]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");), Ersetzt,[49073c3ef4877cba482b5a51a65ecd33]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");), Ersetzt,[75dbb5c55a210036ed861f8cd23243bd]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.016:6:27");), Ersetzt,[f858770391eac76f7300cae1ca3ac13f]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Ersetzt,[61efe49681fa1c1ac1b2e0cbdb298d73]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Ersetzt,[cc8465158bf01323066d2c7f84808a76]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.aflt", "ir_14_13_ch");), Ersetzt,[8fc10377c7b47fb792e1c4e7df25dd23]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Ersetzt,[dc74abcfe596bf77d99a971455af2fd1]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrId", "base");), Ersetzt,[67e9087207746accc0b3505b6c987a86]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlRef", "140305_b");), Ersetzt,[68e81763700bdc5a7cf7b6f510f4aa56]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltLng", "");), Ersetzt,[5cf4f38788f3df57bab9f2b9a064ad53]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Ersetzt,[e46ce59506751c1aabc8b7f43bc9d22e]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.excTlbr", false);), Ersetzt,[9ab687f373083bfb9bd83774729207f9]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cr", "306731090");), Ersetzt,[93bd9fdb0972270f581b00abe91b847c]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q");), Ersetzt,[2f2197e396e59a9cc8ab218ae81cf20e]
PUP.Optional.MySearchDial.A, C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.AL", 2);), Ersetzt,[88c8e79306753df97bf85358d133e51b]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.212 - Report created 19/06/2014 at 12:43:54
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jonathan - JONATHAN-PC
# Running from : C:\Users\Jonathan\Downloads\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Jonathan\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Jonathan\Documents\Optimizer Pro
Folder Deleted : C:\Users\Kirstin\AppData\Roaming\Optimizer Pro
File Deleted : C:\chatzum_nt.exe
File Deleted : C:\END
File Deleted : C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\cmb6y5pz.default\user.js
File Deleted : C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\user.js
File Deleted : C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0
File Deleted : C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0.localstorage
File Deleted : C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage
File Deleted : C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbpcjmidkkgldeplajgnbpjkfpmpeepb_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_300-the-movie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_300-the-movie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_slender-the-eight-pages_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_slender-the-eight-pages_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\ChatZum Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v29.0.1 (de)

[ File : C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\cmb6y5pz.default\prefs.js ]


[ File : C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\iepdmbb5.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1");
Line Deleted : user_pref("extensions.irmysearch.aflt", "ir_14_13_ch");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAt[...]
Line Deleted : user_pref("extensions.irmysearch.cr", "306731090");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_b");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e0c165bc-a2e7-b558-8025-dfa716070f18&searchtype=ds&q={searchTerms}&installDate=20/10/2013
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=
Deleted [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl

[ File : C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBtCyC0F0E0C0AzyzytBzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyB0A0EyDyB0A0FtGyC0AtAtAtGtA0F0FyBtGtByCyDyEtGyCtDzztDyDyB0CyE0FtA0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DtB0FtAtDyE0CtGtA0AyC0EtGyC0A0ByEtG0EyCtByCtGyDtB0A0D0B0FtCtCzztD0F0C2Q&cr=306731090&ir=

*************************

AdwCleaner[R0].txt - [8759 octets] - [19/06/2014 12:40:22]
AdwCleaner[S0].txt - [8363 octets] - [19/06/2014 12:43:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8423 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jonathan on Thu 06/19/2014 at 12:53:32.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SuperLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SuperLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B65B0C7E-7819-4D3A-808B-6F3D43726FFC}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{B839E20A-02D4-4F60-BD2E-405E67C48B6B}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/19/2014 at 13:04:45.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Jonathan (administrator) on JONATHAN-PC on 19-06-2014 13:10:20
Running from C:\Users\Jonathan\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Magellan Navigation, Inc.) C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-28] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKU\S-1-5-21-2287927430-2481497565-1371983633-1000\...\Run: [VantagePointLite.exe] => C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe [155136 2012-12-03] (Magellan Navigation, Inc.)
HKU\S-1-5-21-2287927430-2481497565-1371983633-1000\...\Run: [Spotify] => C:\Users\Jonathan\AppData\Roaming\Spotify\spotify.exe [6118400 2014-02-14] (Spotify Ltd)
HKU\S-1-5-21-2287927430-2481497565-1371983633-1000\...\Run: [Spotify Web Helper] => C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-14] (Spotify Ltd)
HKU\S-1-5-21-2287927430-2481497565-1371983633-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:13856
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9E473A89-2AF4-41E6-A9DB-A6E07294905B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9E473A89-2AF4-41E6-A9DB-A6E07294905B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {9E473A89-2AF4-41E6-A9DB-A6E07294905B} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\cmb6y5pz.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files (x86)\SuperLyrics-soft\161.xpi []

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-17]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-17]
CHR Extension: (BetterAds) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cacclhdpfoingihegojhoipnihfnoaki [2013-03-17]
CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-17]
CHR Extension: (AdBlock) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-17]
CHR HKLM-x32\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\Jonathan\AppData\Local\MediaBA\betterads.crx [2012-10-09]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-15] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [31080 2012-08-30] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\c:\BIT_TEMP\DirectIo.sys [X]
S3 DSDrv4; \??\C:\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys [X]
S3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 NTACCESS; \??\D:\NTACCESS_64.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-19 13:10 - 2014-06-19 13:10 - 00017141 _____ () C:\Users\Jonathan\Downloads\FRST.txt
2014-06-19 13:09 - 2014-06-19 13:10 - 02082304 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2014-06-19 12:53 - 2014-06-19 12:53 - 00000000 ____D () C:\windows\ERUNT
2014-06-19 12:50 - 2014-06-19 12:50 - 01016261 _____ (Thisisu) C:\Users\Jonathan\Downloads\JRT.exe
2014-06-19 12:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-19 12:40 - 2014-06-19 12:44 - 00000000 ____D () C:\AdwCleaner
2014-06-19 12:38 - 2014-06-19 12:39 - 01333465 _____ () C:\Users\Jonathan\Downloads\adwcleaner_3.212.exe
2014-06-19 12:22 - 2014-06-19 13:05 - 00000000 ____D () C:\Users\Jonathan\Desktop\Troyaner board
2014-06-19 11:57 - 2014-06-19 12:34 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 11:57 - 2014-06-19 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 11:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-19 11:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-19 11:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-19 11:53 - 2014-06-19 11:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jonathan\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-19 11:41 - 2014-06-19 11:43 - 00000000 ____D () C:\Users\Kirstin\Desktop\Troyaner-board
2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\Razer
2014-06-11 16:26 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 16:26 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-11 16:26 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 16:26 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 16:26 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-11 16:26 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-11 16:26 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 16:26 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 16:26 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 16:26 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 16:26 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 16:26 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-11 16:26 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 16:26 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 16:26 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 16:26 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 16:26 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-11 16:26 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 16:26 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-11 16:26 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-11 16:26 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 16:26 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 16:26 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 16:26 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 16:26 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 16:26 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 16:26 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 16:26 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-11 16:26 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 16:26 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 16:26 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 16:26 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 16:26 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-11 16:26 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 16:26 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-11 16:26 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-11 16:26 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 16:26 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:26 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-11 16:26 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-11 16:26 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-11 16:26 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 16:26 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-11 16:26 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 16:26 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-11 16:26 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-11 16:25 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 16:25 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-11 16:25 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 16:25 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 16:25 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-11 16:25 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-11 16:25 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-11 16:25 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-11 16:25 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 16:25 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 16:25 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 16:25 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-11 16:25 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 16:25 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-11 16:25 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 16:25 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 16:25 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 16:25 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 16:25 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-11 16:25 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 16:24 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 16:24 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-10 18:47 - 2014-06-10 18:47 - 00023481 _____ () C:\ComboFix.txt
2014-06-10 18:28 - 2014-06-10 18:28 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Razer
2014-06-10 18:00 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-06-10 18:00 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-06-10 18:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-06-10 18:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-06-10 18:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-06-10 18:00 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-06-10 18:00 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-06-10 18:00 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-06-10 17:57 - 2014-06-10 18:47 - 00000000 ____D () C:\Qoobox
2014-06-10 17:56 - 2014-06-10 18:15 - 00000000 ____D () C:\windows\erdnt
2014-06-10 17:54 - 2014-06-10 17:55 - 05205915 ____R (Swearware) C:\Users\Jonathan\Downloads\ComboFix.exe
2014-06-09 23:07 - 2014-06-09 23:07 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Razer_Inc
2014-06-09 23:04 - 2014-06-09 23:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-06-09 23:01 - 2014-06-09 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-06-09 22:55 - 2014-06-09 22:55 - 00000000 ____D () C:\ProgramData\Razer
2014-06-09 22:54 - 2014-06-10 18:27 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-06-09 22:37 - 2014-06-09 22:37 - 00000733 _____ () C:\Users\Jonathan\Desktop\lol.launcher - Shortcut.lnk
2014-06-09 22:37 - 2014-06-09 22:37 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\LG Electronics
2014-06-05 20:32 - 2014-06-05 20:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-05 16:06 - 2014-06-05 16:06 - 00275592 _____ () C:\windows\Minidump\060514-33072-01.dmp
2014-06-05 15:41 - 2014-06-19 13:10 - 00000000 ____D () C:\FRST
2014-06-05 15:38 - 2014-06-05 15:38 - 00000000 _____ () C:\Users\Jonathan\defogger_reenable
2014-06-02 10:47 - 2014-06-02 10:47 - 00000000 ___RD () C:\Users\Jonathan\AppData\Roaming\Brother
2014-06-01 14:32 - 2014-06-01 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 07:32 - 2014-05-29 07:32 - 00080384 _____ (Razer Inc) C:\windows\system32\RazerCoinstaller.dll
2014-05-24 13:13 - 2014-05-24 13:13 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2014-05-24 13:13 - 2014-05-24 13:13 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-24 04:33 - 2014-05-24 04:33 - 00864256 _____ (Razer Inc) C:\windows\SysWOW64\rzdevicedll.dll
2014-05-24 04:33 - 2014-05-24 04:33 - 00325120 _____ (Razer Inc) C:\windows\SysWOW64\rzaudiodll.dll

==================== One Month Modified Files and Folders =======

2014-06-19 13:11 - 2014-06-19 13:10 - 00017141 _____ () C:\Users\Jonathan\Downloads\FRST.txt
2014-06-19 13:10 - 2014-06-19 13:09 - 02082304 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2014-06-19 13:10 - 2014-06-05 15:41 - 00000000 ____D () C:\FRST
2014-06-19 13:07 - 2013-10-18 15:58 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Apps\2.0
2014-06-19 13:05 - 2014-06-19 12:22 - 00000000 ____D () C:\Users\Jonathan\Desktop\Troyaner board
2014-06-19 13:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-06-19 12:53 - 2014-06-19 12:53 - 00000000 ____D () C:\windows\ERUNT
2014-06-19 12:53 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 12:53 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 12:50 - 2014-06-19 12:50 - 01016261 _____ (Thisisu) C:\Users\Jonathan\Downloads\JRT.exe
2014-06-19 12:48 - 2014-02-14 21:01 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Spotify
2014-06-19 12:46 - 2013-03-02 17:20 - 00000294 _____ () C:\windows\Tasks\CheckDriveBackgroundGuard.job
2014-06-19 12:46 - 2012-04-21 19:04 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-06-19 12:46 - 2011-07-19 23:34 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 12:46 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-19 12:45 - 2011-07-19 23:03 - 01716739 _____ () C:\windows\WindowsUpdate.log
2014-06-19 12:45 - 2010-11-21 05:47 - 00523594 _____ () C:\windows\PFRO.log
2014-06-19 12:45 - 2009-07-14 06:51 - 00125245 _____ () C:\windows\setupact.log
2014-06-19 12:44 - 2014-06-19 12:40 - 00000000 ____D () C:\AdwCleaner
2014-06-19 12:39 - 2014-06-19 12:38 - 01333465 _____ () C:\Users\Jonathan\Downloads\adwcleaner_3.212.exe
2014-06-19 12:34 - 2014-06-19 11:57 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 12:31 - 2012-06-19 00:12 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 12:21 - 2011-07-19 23:34 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-19 11:57 - 2014-06-19 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 11:54 - 2014-06-19 11:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jonathan\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-19 11:43 - 2014-06-19 11:41 - 00000000 ____D () C:\Users\Kirstin\Desktop\Troyaner-board
2014-06-19 00:21 - 2014-04-10 13:24 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\SoftGrid Client
2014-06-18 16:17 - 2009-07-14 07:13 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-18 16:16 - 2011-07-19 23:34 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 16:16 - 2011-07-19 23:34 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-14 14:53 - 2013-08-18 02:36 - 00000000 ____D () C:\windows\system32\MRT
2014-06-14 14:49 - 2013-01-06 03:59 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-14 14:44 - 2014-05-15 23:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\Razer
2014-06-14 14:40 - 2012-11-19 15:06 - 00067616 _____ () C:\Users\Kirstin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-10 18:47 - 2014-06-10 18:47 - 00023481 _____ () C:\ComboFix.txt
2014-06-10 18:47 - 2014-06-10 17:57 - 00000000 ____D () C:\Qoobox
2014-06-10 18:44 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-06-10 18:28 - 2014-06-10 18:28 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Razer
2014-06-10 18:27 - 2014-06-09 22:54 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-06-10 18:27 - 2009-07-14 06:45 - 00329936 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-10 18:25 - 2012-04-17 02:47 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Skype
2014-06-10 18:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-06-10 18:15 - 2014-06-10 17:56 - 00000000 ____D () C:\windows\erdnt
2014-06-10 18:12 - 2012-04-17 00:11 - 00000000 ____D () C:\Users\Jonathan
2014-06-10 17:55 - 2014-06-10 17:54 - 05205915 ____R (Swearware) C:\Users\Jonathan\Downloads\ComboFix.exe
2014-06-09 23:45 - 2012-04-17 00:15 - 00067616 _____ () C:\Users\Jonathan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-09 23:07 - 2014-06-09 23:07 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Razer_Inc
2014-06-09 23:04 - 2014-06-09 23:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-06-09 23:04 - 2011-07-19 23:18 - 00054826 _____ () C:\windows\DPINST.LOG
2014-06-09 23:01 - 2014-06-09 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-06-09 22:55 - 2014-06-09 22:55 - 00000000 ____D () C:\ProgramData\Razer
2014-06-09 22:37 - 2014-06-09 22:37 - 00000733 _____ () C:\Users\Jonathan\Desktop\lol.launcher - Shortcut.lnk
2014-06-09 22:37 - 2014-06-09 22:37 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\LG Electronics
2014-06-08 11:13 - 2014-06-11 16:24 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 16:24 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-05 20:46 - 2014-02-04 23:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-05 20:32 - 2014-06-05 20:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-05 16:06 - 2014-06-05 16:06 - 00275592 _____ () C:\windows\Minidump\060514-33072-01.dmp
2014-06-05 16:06 - 2013-06-21 12:13 - 650117063 _____ () C:\windows\MEMORY.DMP
2014-06-05 16:06 - 2013-06-21 12:13 - 00000000 ____D () C:\windows\Minidump
2014-06-05 15:38 - 2014-06-05 15:38 - 00000000 _____ () C:\Users\Jonathan\defogger_reenable
2014-06-02 18:37 - 2013-12-06 17:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-02 18:37 - 2011-04-28 05:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-02 10:47 - 2014-06-02 10:47 - 00000000 ___RD () C:\Users\Jonathan\AppData\Roaming\Brother
2014-06-01 23:35 - 2012-12-25 16:53 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\CrashDumps
2014-06-01 22:54 - 2011-07-19 23:14 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-01 14:33 - 2014-06-01 14:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-30 12:21 - 2014-06-11 16:25 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 16:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 16:26 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 16:26 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 16:26 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-30 11:39 - 2014-06-11 16:25 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-30 11:38 - 2014-06-11 16:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 16:25 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 16:25 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 16:25 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 16:26 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-11 16:25 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-11 16:25 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 16:26 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 16:25 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 16:25 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 16:26 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 16:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 16:26 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 16:25 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 16:25 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 16:25 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 16:25 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 16:26 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 16:26 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 16:26 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 16:26 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 16:26 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 16:26 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 16:26 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 16:26 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 16:26 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 16:26 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 16:25 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 16:26 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 16:26 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 16:26 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 16:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 16:26 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 16:26 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 16:26 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 16:25 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 16:26 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 16:26 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 16:26 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 16:25 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 16:26 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 16:26 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 16:25 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 16:26 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 16:25 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 16:25 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-29 07:32 - 2014-05-29 07:32 - 00080384 _____ (Razer Inc) C:\windows\system32\RazerCoinstaller.dll
2014-05-26 00:37 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-05-24 13:13 - 2014-05-24 13:13 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2014-05-24 13:13 - 2014-05-24 13:13 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-24 04:33 - 2014-05-24 04:33 - 00864256 _____ (Razer Inc) C:\windows\SysWOW64\rzdevicedll.dll
2014-05-24 04:33 - 2014-05-24 04:33 - 00325120 _____ (Razer Inc) C:\windows\SysWOW64\rzaudiodll.dll
2014-05-24 04:08 - 2012-04-22 06:55 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\CrashDumps
2014-05-23 18:23 - 2013-10-18 16:03 - 00000000 ____D () C:\Users\Jonathan\Downloads\FM cata

Some content of TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 03:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---





Frage am Rande: als ich MSE installierte, wurde es mir wärmstens empfohlen. Bin ich denn damit noch immer gut beraten?

Vielen Dank

kiki

Alt 20.06.2014, 15:09   #10
schrauber
/// the machine
/// TB-Ausbilder
 

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



MSE geht, wenn es unbedingt Freeware sein muss.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.07.2014, 09:23   #11
kiki-berlin
 
SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Hallo Schrauber,

sorry, das ist jetzt urlaubsbedingt ein wenig später geworden.
Habe alle Arbeitsaufträge hoffentlich richtig abgearbeitet:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a77ac60a4830184a8d8dbe4190051d40
# engine=19133
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-11 08:51:03
# local_time=2014-07-11 10:51:03 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7856497 76380285 0 0
# scanned=54482
# found=1
# cleaned=0
# scan_time=22376
sh=C887157C0193E8F13A4BAA4CCEE2FB4BA05CBB0A ft=1 fh=14d925a6106a41f1 vn="OSX/ChatZum.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\chatzum_nt.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
         
Code:
ATTFilter
Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 20  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox 29.0.1 Firefox out of Date!  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Jonathan (administrator) on JONATHAN-PC on 12-07-2014 08:55:02
Running from C:\Users\Jonathan\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Magellan Navigation, Inc.) C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe
(Spotify Ltd) C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-28] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-2287927430-2481497565-1371983633-1000\...\Run: [VantagePointLite.exe] => C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe [155136 2012-12-03] (Magellan Navigation, Inc.)
HKU\S-1-5-21-2287927430-2481497565-1371983633-1000\...\Run: [Spotify] => C:\Users\Jonathan\AppData\Roaming\Spotify\spotify.exe [6118400 2014-02-14] (Spotify Ltd)
HKU\S-1-5-21-2287927430-2481497565-1371983633-1000\...\Run: [Spotify Web Helper] => C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-14] (Spotify Ltd)
HKU\S-1-5-21-2287927430-2481497565-1371983633-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:13856
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9E473A89-2AF4-41E6-A9DB-A6E07294905B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9E473A89-2AF4-41E6-A9DB-A6E07294905B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {9E473A89-2AF4-41E6-A9DB-A6E07294905B} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\cmb6y5pz.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files (x86)\SuperLyrics-soft\161.xpi []

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-17]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-17]
CHR Extension: (BetterAds) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cacclhdpfoingihegojhoipnihfnoaki [2013-03-17]
CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-17]
CHR Extension: (AdBlock) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-17]
CHR HKLM-x32\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\Jonathan\AppData\Local\MediaBA\betterads.crx [2012-10-09]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-15] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [31080 2012-08-30] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Tosrfcom; No ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\c:\BIT_TEMP\DirectIo.sys [X]
S3 DSDrv4; \??\C:\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys [X]
S3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 NTACCESS; \??\D:\NTACCESS_64.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-12 08:54 - 2014-07-12 08:54 - 00000000 ____D () C:\Users\Jonathan\Downloads\FRST-OlderVersion
2014-07-12 08:48 - 2014-07-12 08:48 - 00001145 _____ () C:\Users\Jonathan\Desktop\checkup.txt
2014-07-12 08:34 - 2014-07-12 08:34 - 00854390 _____ () C:\Users\Jonathan\Downloads\SecurityCheck.exe
2014-07-11 16:36 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-11 16:36 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-11 16:35 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-11 16:35 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-11 16:35 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-11 16:35 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-11 16:35 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-11 16:35 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-11 16:35 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-11 16:35 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-11 16:35 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-11 16:35 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-11 16:35 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-11 16:35 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-11 16:35 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-11 16:35 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-11 16:35 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-11 16:35 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-11 16:35 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-11 16:35 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-11 16:35 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-11 16:35 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-11 16:35 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-11 16:35 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-11 16:35 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-11 16:35 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-11 16:35 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-11 16:35 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-11 16:35 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-11 16:35 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-11 16:35 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-11 16:35 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-11 16:35 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-11 16:35 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-11 16:35 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-11 16:35 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-11 16:35 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-11 16:35 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-11 16:35 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-11 16:35 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-11 16:35 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-11 16:35 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-11 16:35 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-11 16:35 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-11 16:35 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-11 16:35 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-11 16:35 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-11 16:35 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-11 16:35 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-11 16:35 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-11 16:35 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-11 16:35 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-11 16:35 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-11 16:35 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-11 16:34 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-11 16:34 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-11 16:34 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-11 16:34 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-11 16:34 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-11 16:34 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-11 16:34 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-11 16:34 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-11 16:34 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-11 16:34 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-11 16:34 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-11 16:34 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-11 16:34 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-11 16:34 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-11 16:34 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-11 16:34 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-11 16:34 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-11 16:34 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-11 16:34 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-11 16:34 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-11 16:34 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-11 16:34 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-11 16:34 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-11 16:34 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-11 16:34 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-11 16:34 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-11 16:34 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-11 16:28 - 2014-07-11 16:28 - 02347384 _____ (ESET) C:\Users\Jonathan\Downloads\esetsmartinstaller_deu.exe
2014-06-24 19:36 - 2014-06-24 19:36 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-24 19:36 - 2014-06-24 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-24 19:34 - 2014-06-24 19:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-24 19:34 - 2014-06-24 19:35 - 00000000 ____D () C:\Program Files\iTunes
2014-06-24 19:34 - 2014-06-24 19:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-24 19:34 - 2014-06-24 19:34 - 00000000 ____D () C:\Program Files\iPod
2014-06-24 10:51 - 2014-06-24 10:51 - 00000000 ____D () C:\CloneDVDTemp
2014-06-24 10:48 - 2014-06-24 10:48 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-06-24 10:47 - 2014-06-24 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-06-24 10:47 - 2014-06-24 10:47 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-06-24 10:46 - 2014-06-24 10:46 - 05185720 _____ () C:\Users\Jonathan\Desktop\SetupCloneDVD_2.9.3.exe
2014-06-24 10:44 - 2014-06-24 10:44 - 00360792 _____ (Softonic) C:\Users\Kirstin\Downloads\SoftonicDownloader_fuer_clonedvd.exe
2014-06-19 13:10 - 2014-07-12 08:55 - 00017324 _____ () C:\Users\Jonathan\Downloads\FRST.txt
2014-06-19 13:09 - 2014-07-12 08:54 - 02084864 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2014-06-19 12:53 - 2014-06-19 12:53 - 00000000 ____D () C:\windows\ERUNT
2014-06-19 12:50 - 2014-06-19 12:50 - 01016261 _____ (Thisisu) C:\Users\Jonathan\Downloads\JRT.exe
2014-06-19 12:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-19 12:40 - 2014-06-19 12:44 - 00000000 ____D () C:\AdwCleaner
2014-06-19 12:38 - 2014-06-19 12:39 - 01333465 _____ () C:\Users\Jonathan\Downloads\adwcleaner_3.212.exe
2014-06-19 12:22 - 2014-06-19 13:13 - 00000000 ____D () C:\Users\Jonathan\Desktop\Trojaner board
2014-06-19 11:57 - 2014-06-19 13:18 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 11:57 - 2014-06-19 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 11:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-19 11:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-19 11:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-19 11:53 - 2014-06-19 11:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jonathan\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-19 11:41 - 2014-06-19 11:43 - 00000000 ____D () C:\Users\Kirstin\Desktop\Troyaner-board
2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\Razer

==================== One Month Modified Files and Folders =======

2014-07-12 08:55 - 2014-06-19 13:10 - 00017324 _____ () C:\Users\Jonathan\Downloads\FRST.txt
2014-07-12 08:55 - 2014-06-05 15:41 - 00000000 ____D () C:\FRST
2014-07-12 08:54 - 2014-07-12 08:54 - 00000000 ____D () C:\Users\Jonathan\Downloads\FRST-OlderVersion
2014-07-12 08:54 - 2014-06-19 13:09 - 02084864 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2014-07-12 08:48 - 2014-07-12 08:48 - 00001145 _____ () C:\Users\Jonathan\Desktop\checkup.txt
2014-07-12 08:34 - 2014-07-12 08:34 - 00854390 _____ () C:\Users\Jonathan\Downloads\SecurityCheck.exe
2014-07-12 08:31 - 2012-06-19 00:12 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-12 08:26 - 2014-02-14 21:01 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Spotify
2014-07-12 08:26 - 2011-07-19 23:03 - 01052185 _____ () C:\windows\WindowsUpdate.log
2014-07-12 08:25 - 2013-03-02 17:20 - 00000294 _____ () C:\windows\Tasks\CheckDriveBackgroundGuard.job
2014-07-12 08:25 - 2011-07-19 23:34 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-12 08:25 - 2011-07-19 23:34 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-12 08:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-07-12 03:35 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 03:35 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 03:29 - 2012-04-21 19:04 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-07-12 03:29 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-12 03:29 - 2009-07-14 06:51 - 00125861 _____ () C:\windows\setupact.log
2014-07-12 03:29 - 2009-07-14 06:45 - 00329936 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-12 03:27 - 2014-05-15 23:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-12 03:27 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 03:27 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-12 03:27 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-12 03:05 - 2013-08-18 02:36 - 00000000 ____D () C:\windows\system32\MRT
2014-07-12 03:05 - 2013-01-06 03:59 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 17:31 - 2012-06-19 00:12 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-11 17:31 - 2012-06-19 00:12 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 17:31 - 2012-06-19 00:12 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-11 16:28 - 2014-07-11 16:28 - 02347384 _____ (ESET) C:\Users\Jonathan\Downloads\esetsmartinstaller_deu.exe
2014-06-30 04:09 - 2014-07-11 16:36 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-11 16:36 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-24 22:39 - 2012-04-17 02:47 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Skype
2014-06-24 19:36 - 2014-06-24 19:36 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-24 19:36 - 2014-06-24 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-24 19:35 - 2014-06-24 19:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-24 19:35 - 2014-06-24 19:34 - 00000000 ____D () C:\Program Files\iTunes
2014-06-24 19:35 - 2014-06-24 19:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-24 19:34 - 2014-06-24 19:34 - 00000000 ____D () C:\Program Files\iPod
2014-06-24 19:29 - 2012-08-02 16:08 - 00000000 ____D () C:\ProgramData\Apple
2014-06-24 19:25 - 2009-07-14 07:13 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-24 10:51 - 2014-06-24 10:51 - 00000000 ____D () C:\CloneDVDTemp
2014-06-24 10:48 - 2014-06-24 10:48 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-06-24 10:47 - 2014-06-24 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-06-24 10:47 - 2014-06-24 10:47 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-06-24 10:46 - 2014-06-24 10:46 - 05185720 _____ () C:\Users\Jonathan\Desktop\SetupCloneDVD_2.9.3.exe
2014-06-24 10:44 - 2014-06-24 10:44 - 00360792 _____ (Softonic) C:\Users\Kirstin\Downloads\SoftonicDownloader_fuer_clonedvd.exe
2014-06-20 22:14 - 2014-07-11 16:35 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-11 16:35 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-20 03:09 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-06-19 13:18 - 2014-06-19 11:57 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 13:13 - 2014-06-19 12:22 - 00000000 ____D () C:\Users\Jonathan\Desktop\Trojaner board
2014-06-19 13:07 - 2013-10-18 15:58 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Apps\2.0
2014-06-19 12:53 - 2014-06-19 12:53 - 00000000 ____D () C:\windows\ERUNT
2014-06-19 12:50 - 2014-06-19 12:50 - 01016261 _____ (Thisisu) C:\Users\Jonathan\Downloads\JRT.exe
2014-06-19 12:45 - 2010-11-21 05:47 - 00523594 _____ () C:\windows\PFRO.log
2014-06-19 12:44 - 2014-06-19 12:40 - 00000000 ____D () C:\AdwCleaner
2014-06-19 12:39 - 2014-06-19 12:38 - 01333465 _____ () C:\Users\Jonathan\Downloads\adwcleaner_3.212.exe
2014-06-19 11:57 - 2014-06-19 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 11:54 - 2014-06-19 11:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jonathan\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-19 11:43 - 2014-06-19 11:41 - 00000000 ____D () C:\Users\Kirstin\Desktop\Troyaner-board
2014-06-19 03:39 - 2014-07-11 16:34 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-11 16:35 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-11 16:35 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-11 16:35 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-11 16:35 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:42 - 2014-07-11 16:34 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:41 - 2014-07-11 16:35 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:41 - 2014-07-11 16:34 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:32 - 2014-07-11 16:34 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-11 16:35 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-11 16:34 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-11 16:35 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:24 - 2014-07-11 16:34 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:23 - 2014-07-11 16:34 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-11 16:35 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-11 16:34 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-11 16:35 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-11 16:35 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-11 16:35 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-11 16:34 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-11 16:34 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-11 16:34 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-11 16:34 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-11 16:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-11 16:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-11 16:35 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-11 16:35 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-11 16:34 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-11 16:35 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-11 16:35 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-11 16:35 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-11 16:35 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-11 16:35 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-11 16:34 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-11 16:35 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-11 16:34 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-11 16:35 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-11 16:35 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-11 16:35 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-11 16:34 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-11 16:35 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-11 16:35 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:58 - 2014-07-11 16:34 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:52 - 2014-07-11 16:34 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-11 16:34 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-11 16:35 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-11 16:34 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-11 16:35 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-11 16:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-11 16:35 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:21 - 2014-04-10 13:24 - 00000000 ____D () C:\Users\Kirstin\AppData\Roaming\SoftGrid Client
2014-06-19 00:15 - 2014-07-11 16:34 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-11 16:34 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-11 16:35 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-11 16:34 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 16:16 - 2011-07-19 23:34 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 16:16 - 2011-07-19 23:34 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 04:18 - 2014-07-11 16:35 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-11 16:35 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-11 16:35 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\Users\Kirstin\AppData\Local\Razer
2014-06-14 14:40 - 2012-11-19 15:06 - 00067616 _____ () C:\Users\Kirstin\AppData\Local\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\Jonathan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-20 03:01

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Ich habe den Eindruck, dass jetzt alles wieder sauber ist, jedenfalls macht das Arbeiten wieder Spaß!!!

Vielen Dank für die umfassende Betreuung :


kiki

Alt 13.07.2014, 09:11   #12
schrauber
/// the machine
/// TB-Ausbilder
 

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Java, Adobe und Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=127.0.0.1:13856
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2014, 17:15   #13
kiki-berlin
 
SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Hallo Schrauber,

vielen Dank für die umfassende Betreuung, das gute Stück ist wieder "sauber" und funktioniert wunderbar.



kiki

Alt 16.07.2014, 11:50   #14
schrauber
/// the machine
/// TB-Ausbilder
 

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Standard

SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich
abelssoft, administrator, association, branding, device driver, flash player, homepage, installation, linkury, pup.optional.bundleinstaller.a, pup.optional.crossrider.a, pup.optional.domaiq, pup.optional.funmoods.a, pup.optional.installcore.a, pup.optional.livelyrics.a, pup.optional.lyrics.a, pup.optional.mysearchdial.a, pup.optional.pricepeep.a, pup.optional.quickshare.a, pup.optional.snapdo, pup.optional.snapdo.a, pup.optional.softonic.a, pup.optional.superfish.a, pup.optional.wajam.a, secure search, services.exe, superlyrics, umleitung auf unerwünschte seiten, unerwünsche werbung, vtoolbarupdater, werbefenster, windows



Ähnliche Themen: SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich


  1. unmöglich im Internet zu arbeiten! Ständig Popups und ads...drehe noch durch
    Plagegeister aller Art und deren Bekämpfung - 06.09.2015 (18)
  2. Umleitung auf dubiose Sexseiten
    Plagegeister aller Art und deren Bekämpfung - 29.05.2015 (13)
  3. Windows 7: Auf allen Webseiten erscheinen aus allen richtungen Werbebanner und neue Werbefenster werden automatisch göffnet.
    Log-Analyse und Auswertung - 26.04.2015 (7)
  4. Windows 7: Umleitung auf Werbe-Webseiten ("Glückwunsch! Sie wurden ausgewählt..." etc.)
    Log-Analyse und Auswertung - 19.11.2014 (11)
  5. Proxy Server stehlt sich selber ein und produziert immer Werbebanner auf den besuchten Webseiten.
    Log-Analyse und Auswertung - 25.10.2014 (12)
  6. malwarebytes macht kein Update mehr hin und wieder Werbebanner auf Webseiten
    Log-Analyse und Auswertung - 26.09.2014 (17)
  7. Win 7 - Webseiten enthalten zusätzliche Werbebanner und werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 23.06.2014 (10)
  8. Windows 8: Werbetafeln auf Webseiten und Umleitung auf Werbeseiten
    Log-Analyse und Auswertung - 21.05.2014 (13)
  9. dubiose Umleitung bei file-upolad.net link
    Plagegeister aller Art und deren Bekämpfung - 05.05.2014 (25)
  10. Windows 7 : grüne ungewollte Links im Text, Umleitung auf Webseiten mit Werbung
    Log-Analyse und Auswertung - 04.03.2014 (9)
  11. Superlyrics -und unerwünschte Weiterleitung auf diverse Internetseiten in Chrome
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (9)
  12. Übermäßg viel Werbung "Ads by SuperLyrics"
    Log-Analyse und Auswertung - 31.10.2013 (13)
  13. Werbe-Popupfenster machen "surfen" im Internet unmöglich
    Plagegeister aller Art und deren Bekämpfung - 19.08.2013 (9)
  14. Einloggen unmöglich Weiterleitung auf falsche Webseiten
    Plagegeister aller Art und deren Bekämpfung - 11.11.2011 (3)
  15. Umleitung zu anderen Webseiten
    Log-Analyse und Auswertung - 21.06.2010 (1)
  16. Microsoft Hilfe- und Supportcenter öffnet ohne Grund und macht ein Arbeiten unmöglich
    Log-Analyse und Auswertung - 26.08.2008 (1)
  17. AntiSpam-Programme: Von der Kunst, das Einfachste kompliziert und unmöglich zu machen
    Antiviren-, Firewall- und andere Schutzprogramme - 11.08.2006 (4)

Zum Thema SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich - Hallo Forum! Habe da ein großes Problem: mein Sohn hat mir übergangsweise sein in den USA gekauften Laptop überlassen und nun ist ein Arbeiten an diesem Gerät kaum noch möglich: - SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich...
Archiv
Du betrachtest: SuperLyrics Werbebanner und Umleitung auf dubiose Webseiten machen Arbeiten unmöglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.