| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.07.2013, 21:22
| #31 |
 |  Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! mir ist gerade aufgefallen, dass die werbung, die bei instant savings app, also dem programm das ich loswerden will, weg ist. soll ich trotzdem weiter machen? |
|
10.07.2013, 21:24
| #32 |
| /// Malware-holic   | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! ja.
__________________
__________________ |
|
11.07.2013, 19:42
| #33 |
| | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! CCleaner:
__________________Adobe AIR unbekannt Adobe Systems Incorporated 06.04.2013 3.6.0.6090 unbekannt Adobe Reader X (10.1.1) - Deutsch notwendig Adobe Systems Incorporated 01.09.2012 119MB 10.1.1 ANNO 2070 notwendig Ubisoft 15.05.2013 1.0.0.0 notwendig applicationupdater inbekannt Sony Online Entertainment 02.02.2013 notwendig Atheros Bluetooth Suite (64) unbekannt Atheros 01.09.2012 53,6MB 7.4.0.135 unbekannt Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver unbekannt Atheros Communications Inc. 01.09.2012 2.0.14.15 unbekannt Atheros WLAN Client Installation Program unbekannt Atheros 01.09.2012 9.0 unbekannt Avira Free Antivirus notwendig Avira 01.07.2013 129MB 13.0.0.3737 notwendig Battlefield 3™ Electronic Arts 31.03.2013 1.6.0.0 notwendig Battlelog Web Plugins notwendig EA Digital Illusions CE AB 01.04.2013 2.1.3 notwendig BrowserDefender Bit89 Inc 08.07.2013 unbekannt Castle Crashers Demo 08.06.2013 notwendig CCleaner notwendig Piriform 19.06.2013 4.03 unbekannt Conexant HD Audio unbekannt Conexant 01.09.2012 8.54.32.50 unbekannt DAEMON Tools Lite notwendig Disc Soft Ltd 12.05.2013 4.47.1.0333 unbekannt Dolby Advanced Audio v2 Dolby Laboratories Inc 01.09.2012 12,9MB 7.2.7000.11 notwendig Don't Starve Klei Entertainment 05.07.2013 243MB notwendig Dungeon Siege III Obsidian Entertainment 28.04.2013 notwendig Energy Management Lenovo 01.09.2012 26,7MB 7.0.4.1 unbekannt ESN Sonar ESN Social Software AB 01.04.2013 0.70.4 unbekannt gamelauncher-ps2-psg Sony Online Entertainment 31.01.2013 unbekannt Google Chrome Google Inc. 01.09.2012 28.0.1500.71 notwendig Intel AppUp(SM) center Intel 01.09.2012 03.05.11 unbekannt Intel(R) Control Center Intel Corporation 24.05.2013 1.2.1.1007 unbekannt Intel(R) Management Engine Components Intel Corporation 25.05.2013 8.0.3.1427 unbekannt Intel(R) OpenCL CPU Runtime Intel Corporation 25.05.2013 unbekannt Intel(R) Processor Graphics Intel Corporation 25.05.2013 8.15.10.2778 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 24.05.2013 11.0.0.1032 unbekannt Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 25.05.2013 1.0.5.235 Intel® Trusted Connect Service Client Intel Corporation 01.09.2012 10,6MB 1.23.605.1 unbekannt Java(TM) 6 Update 23 Oracle 31.01.2013 97,1MB 6.0.230 notwendig Just Cause 2 Demo Avalanche 24.06.2013 notwendig League of Legends Riot Games 22.05.2013 notwendig 1.3 Lenovo EasyCamera Lenovo EasyCamera 01.09.2012 1.12.204.1 unbekannt Lenovo EE Boot Optimizer Lenovo 01.09.2012 0.0.1.9 unbekannt Lenovo OneKey Recovery CyberLink Corp. 01.09.2012 7.0.0.3712 unbekannt Lenovo pointing device ELAN Microelectronic Corp. 01.09.2012 10.4.2.8 unbekannt Lenovo Registration Lenovo Inc. 01.09.2012 4,13MB 1.0.4 unbekannt Lenovo Solution Center Lenovo Group Limited 03.06.2013 27,7MB 2.1.003.00 unbekannt Lenovo YouCam CyberLink Corp. 01.09.2012 135MB 3.1.3728 unbekannt LockKey Lenovo 01.09.2012 317KB 1.38.1.2 unbekannt LogMeIn Hamachi LogMeIn, Inc. 03.07.2013 2.1.0.374 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 10.07.2013 19,2MB 1.75.0.1300 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 28.02.2011 38,8MB 4.0.30319 unbekannt Microsoft Silverlight Microsoft Corporation 13.03.2013 50,6MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 01.09.2012 1,69MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 04.02.2013 290KB 8.0.56336 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 01.09.2012 620KB 8.0.61000 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 13.04.2013 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 20.03.2013 240KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 01.09.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 01.09.2012 13,8MB 10.0.40219 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 01.09.2012 11,1MB 10.0.40219 unbekannt Might and Magic Heroes VI Demo Blackhole 11.07.2013 notwendig NVIDIA Grafiktreiber 296.73 NVIDIA Corporation 01.09.2012 296.73 unbekannt NVIDIA PhysX-Systemsoftware 9.12.0213 NVIDIA Corporation 01.09.2012 9.12.0213 unbekannt NVIDIA Update 1.7.13 NVIDIA Corporation 01.09.2012 1.7.13 unbekannt OneKey Recovery CyberLink Corp. 25.05.2013 7.0.0.3712 unbekannt OpenOffice.org 3.4.1 Apache Software Foundation 13.04.2013 331MB 3.41.9593 notwendig Origin Electronic Arts, Inc. 20.03.2013 9.1.10.2728 notwendig Pando Media Booster Pando Networks Inc. 04.02.2013 5,46MB 2.6.0.8 unbekannt Plus-HD-2.3 Plus HD 08.07.2013 1.27.153.8 unbekannt Power2Go CyberLink Corp. 01.09.2012 5.6.0.7303 unbekannt PunkBuster Services Even Balance, Inc. 31.03.2013 0.991 unbekannt Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 01.09.2012 6.1.7601.39016 unbekannt Risen Deep Silver 17.02.2013 1.00.0000 notwendig Shared C Run-time for x64 McAfee 02.02.2013 2,78MB 10.0.0 unbekannt SimCity™ Electronic Arts 20.03.2013 283MB 1.0.0.0 notwendig Skype™ 6.3 Skype Technologies S.A. 25.05.2013 21,1MB 6.3.107 notwendig Spotify Spotify AB 08.07.2013 0.9.1.57.ge7405149 notwendig StarCraft II Blizzard Entertainment 12.05.2013 2.0.8.25604 notwendig Steam Valve Corporation 28.04.2013 35,4MB 1.0.0.0 notwendig SugarSync Manager SugarSync, Inc. 01.09.2012 1.9.49.86082 unbekannt TeamSpeak 3 Client TeamSpeak Systems GmbH 11.04.2013 3.0.10 notwendig TeamViewer 8 TeamViewer 12.06.2013 8.0.18930 notwendig Ubisoft Game Launcher UBISOFT 15.05.2013 1.0.0.0 notwendig UserGuide Lenovo 01.09.2012 51,3MB 1.0.0.6 unbekannt VeriFace Lenovo 01.09.2012 4.0.1.1230 notwendig Windows Live Essentials Microsoft Corporation 01.09.2012 15.4.3508.1109 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 01.09.2012 5,57MB 15.4.5722.2 unbekannt Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) Lenovo 01.09.2012 12/15/2011 7.1.0.1 unbekannt mbam: Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.07.10.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 10.07.2013 21:15:38 mbam-log-2013-07-10 (21-15-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1336062 Laufzeit: 2 Stunde(n), 27 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\***\AppData\Local\SWVUPDATER\Updater.exe (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\SysPart\Default\Users\***\AppData\Local\Temp\is1218200230\plus-hd-2-3_DE.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\is1218200230\plus-hd-2-3_DE.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
11.07.2013, 19:51
| #34 |
| /// Malware-holic | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! b Hi, bitte merke dir für die Zukunft. Es ist heut zu Tage immer wichtiger, sich genau anzusehen was man instaliert, lies immer die AGBS, bzw Lizenzverträge, prüfe ob Drittanbietersoftware, wie Toolbars mit instaliert werden sollen, wenn ja, Alternativprogramm suchen. Instaliere immer benutzerdefiniert, damit kann man häufig auch Toolbars erkennen und abwählen. Informiere dich via Google, über Software, die du instalieren willst. es sind 2 Logs zu erstellen, poste sie bitte gleichzeitig. Es ist möglich, dass es bei den folgenen Deinstalationen Probleme gibt, falls ja, nutze den Rewo uninstaller: Revo Uninstaller - Download - Filepony 1. Deinstaliere: applicationupdater BrowserDefender Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Plus-HD Öffne CCleaner, analysieren, starten, PC neustarten. 2. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
neustarten. 3. Lade bitte Hitmanpro: HitmanPro - Download - Filepony Doppelklicken, Scan klicken. Nichts löschen, weiter klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.07.2013, 20:17
| #35 |
| | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! Wenn ich mir CCleaner analysieren will, kommt er relativ schnell zu 42 %. Dann steht da: CCleaner funktioniert nicht mehr. Windows sucht nach einer Lösung, oder so ähnlich. Was kann ich da tun? Noch mal neu runterladen? |
|
11.07.2013, 20:19
| #36 |
| /// Malware-holic | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! Hi, wie siehts aus, wenn du neustartest, f8 drückst, abgesicherter Modus mit Netzwerk wählst, dich in deinem Konto anmeldest, und es dort machst? Danach wieder in den normalen Modus und weiter mit dem Rest.
__________________ --> Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! |
|
11.07.2013, 20:45
| #38 |
| /// Malware-holic | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! ja.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.07.2013, 21:56
| #39 |
| | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! ADWCleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.305 - Datei am 11/07/2013 um 21:53:12 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\DealPlyLive
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\***\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5d6dcd1b46fea46
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=602874E543D879A4&affID=119357&tsp=4937 --> hxxp://www.google.com
-\\ Google Chrome v28.0.1500.71
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2326 octets] - [11/07/2013 21:53:12]
########## EOF - C:\AdwCleaner[S1].txt - [2386 octets] ##########
Hitmanpro: Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . :***-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : ***-PC\***
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-07-11 22:18:13
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 2s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 2637
Objects scanned . . . : 1.041.172
Files scanned . . . . : 10.930
Remnants scanned . . : 205.498 files / 824.744 keys
Suspicious files ____________________________________________________________
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\McChPlg.dll
Size . . . . . . . : 137.424 bytes
Age . . . . . . . : 1.3 days (2013-07-10 15:31:27)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 7E43BCCC9EEEE622EACE04CC770659D0321B59DED4AE1BAF624049328145F75A
Product . . . . . : McAfee SiteAdvisor
Publisher . . . . : McAfee, Inc.
Description . . . : SiteAdvisor
Version . . . . . : 3,4,1,122
Copyright . . . . : Copyright © 2011 McAfee, Inc.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\
-0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Background.html
-0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\ContentOnDocStart.js
-0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
-0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\ContentScript.js
-0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\128.png
-0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\manifest.json
-0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\manifest.json
0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\McChPlg.dll
0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\popup.html
0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\
0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_black.gif
0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_black_lock.gif
0.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_black_small.GIF
0.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_disabled.gif
0.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_green.gif
0.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_green_lock.gif
0.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_grey.gif
0.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
0.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_grey_lock.gif
0.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_hs.gif
0.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\128.png
0.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\16.png
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_hs_lock.gif
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\32.png
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_red.gif
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_red_lock.gif
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\48.png
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\128.png
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\24.png
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_yellow.gif
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\manifest.json
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\48.png
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\Resources\button_yellow_lock.gif
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\manifest.json
0.2s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\
0.3s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\
0.3s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ar\
0.3s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ar\
0.3s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ar\messages.json
0.3s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ar\messages.json
0.3s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\bg\
0.3s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\bg\
0.3s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\bg\messages.json
0.3s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\bg\messages.json
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ca\
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ca\
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ca\messages.json
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ca\messages.json
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\cs\
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\cs\
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\cs\messages.json
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\cs\messages.json
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\da\
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\da\
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\da\messages.json
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\da\messages.json
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\de\
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\de\
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\de\messages.json
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\de\messages.json
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\el\
0.4s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\el\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\el\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\el\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\en\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\en\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_GB\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\es\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_GB\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\es\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_US\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fi\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fil\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_US\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fil\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fi\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es_419\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fr\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fr\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es_419\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hi\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hi\messages.json
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\et\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hr\
0.5s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\et\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hr\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fi\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hu\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fil\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hu\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fil\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\id\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fi\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\id\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fr\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\it\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fr\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\it\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\he\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ja\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\he\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ja\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hi\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ko\
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hi\messages.json
0.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ko\messages.json
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hr\
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lt\
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lt\messages.json
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hr\messages.json
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lv\
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hu\
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lv\messages.json
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hu\messages.json
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\nl\
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\id\
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\nl\messages.json
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\id\messages.json
0.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\no\
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\no\messages.json
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\it\
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pl\
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\it\messages.json
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pl\messages.json
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ja\
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ja\messages.json
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_BR\
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_BR\messages.json
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ko\
0.8s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_PT\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ko\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_PT\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ro\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lt\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ro\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lt\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lv\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ru\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lv\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ru\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\nl\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\se\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\nl\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\se\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sk\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\no\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sk\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\no\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sl\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pl\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sl\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pl\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_BR\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sr\
0.9s C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_BR\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sr\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_PT\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\th\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_PT\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\th\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\tr\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ro\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\tr\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ro\messages.json
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\uk\
0.9s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ru\
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\uk\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ru\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sk\
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\vi\
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sk\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\vi\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sl\
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_CN\
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sl\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_CN\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sr\
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_TW\
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sr\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_TW\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sv\
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sv\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\th\
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\th\messages.json
1.0s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\tr\
1.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\tr\messages.json
1.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\uk\
1.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\uk\messages.json
1.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\vi\
1.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\vi\messages.json
1.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_CN\
1.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_CN\messages.json
1.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_TW\
1.1s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_TW\messages.json
1.6s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\
1.7s C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\
C:\Windows\system32\drivers\AVIPBB.sys
Size . . . . . . . : 129.216 bytes
Age . . . . . . . : 161.0 days (2013-01-31 21:24:09)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 22AA33B1276C2B0FB36F22371FA43BFB8987CED0E81947D6DCC5F134B28E64B6
Product . . . . . : Avira Professional Security
Publisher . . . . : Avira Operations GmbH & Co. KG
Description . . . : Avira Driver for Security Enhancement
Version . . . . . : 13.05.01.04
Copyright . . . . : Copyright © 2000 - 2013 Avira Operations GmbH & Co. KG. All rights reserved.
Fuzzy . . . . . . : 42.0
The file is hidden from Windows API. This is typical for malware.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\AVKMGR.sys
Size . . . . . . . : 27.800 bytes
Age . . . . . . . : 161.0 days (2013-01-31 21:24:09)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F9C76B8F100F7CF2A95F451445A4BAEB83BC43C5CF4126175CAE065E0E2A2EEB
Product . . . . . : Avira Professional Security
Publisher . . . . : Avira Operations GmbH & Co. KG
Description . . . : Avira Manager Driver
Version . . . . . : 13.04.00.03
Copyright . . . . : Copyright © 2000 - 2013 Avira Operations GmbH & Co. KG. All rights reserved.
Fuzzy . . . . . . : 42.0
The file is hidden from Windows API. This is typical for malware.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\cfwids.sys
Size . . . . . . . : 65.264 bytes
Age . . . . . . . : 635.4 days (2011-10-15 12:16:16)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 096F50891302F84E2543F32F2D5A51E0183A12900B920A2DD8976459B4B2C051
Needs elevation . : Yes
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : McAfee Personal Firewall IDS Plugin
Version . . . . . : SYSCORE.14.4.0.478
Copyright . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\mfeapfk.sys
Size . . . . . . . : 160.280 bytes
Age . . . . . . . : 635.4 days (2011-10-15 12:16:16)
Entropy . . . . . : 6.3
SHA-256 . . . . . : C7728392FADE8AE792458224C40E9AED4789F9DA4233C34E0A0B303DE33ABE86
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : Access Protection Filter Driver
Version . . . . . : SYSCORE.14.4.0.478
Copyright . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\mfeavfk.sys
Size . . . . . . . : 229.528 bytes
Age . . . . . . . : 635.4 days (2011-10-15 12:16:16)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 986EBE286B34AC6E39F70E069AD6D1069538C23B0F2D47771C5A8FB8B1C5B5BB
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : Anti-Virus File System Filter Driver
Version . . . . . : SYSCORE.14.4.0.478
Copyright . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\mfeclnk.sys
Size . . . . . . . : 10.248 bytes
Age . . . . . . . : 313.9 days (2012-09-01 00:37:57)
Entropy . . . . . : 6.7
SHA-256 . . . . . : E7A513683AC0CAA950DF126B4D87FBD4FCD766B67AFCEC4EC9E4FB7198DA3116
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : McAfee Driver Cleaning Driver
Version . . . . . : SYSCORE.14.4.0.478
Copyright . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\mfefirek.sys
Size . . . . . . . : 481.768 bytes
Age . . . . . . . : 635.4 days (2011-10-15 12:16:16)
Entropy . . . . . : 6.3
SHA-256 . . . . . : C3CBFD0FABA4E165C2485A21D61A2B7E39083E6DBFB62423DAF1C2CDB1817164
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : McAfee Core Firewall Engine Driver
Version . . . . . : SYSCORE.14.4.0.478
Copyright . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\mfehidk.sys
Size . . . . . . . : 771.096 bytes
Age . . . . . . . : 159.1 days (2013-02-02 19:07:44)
Entropy . . . . . : 6.1
SHA-256 . . . . . : D736EBCA40097A135AC1463E73457FDB7C5BC5D1620583865F70E2B94795B316
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : McAfee Link Driver
Version . . . . . : SYSCORE.15.1.0.594
Copyright . . . . : Copyright© 1995-2012 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\mfenlfk.sys
Size . . . . . . . : 75.808 bytes
Age . . . . . . . : 635.4 days (2011-10-15 12:16:16)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 505EE789B4BC47721B6224B48C0FFA9B2BB002FAC8E451F2612428430596A2C9
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : McAfee NDIS Light Filter Driver
Version . . . . . : SYSCORE.14.4.0.478
Copyright . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\mferkdet.sys
Size . . . . . . . : 100.912 bytes
Age . . . . . . . : 635.4 days (2011-10-15 12:16:16)
Entropy . . . . . : 6.3
SHA-256 . . . . . : E16D442E51D37F4024FA4B1573167BA3C13A5F22FEC86B32021F7A2C8A749C71
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : McAfee Code Analysis Driver
Version . . . . . : SYSCORE.14.4.0.478
Copyright . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\drivers\mfewfpk.sys
Size . . . . . . . : 339.776 bytes
Age . . . . . . . : 159.1 days (2013-02-02 19:07:39)
Entropy . . . . . : 4.9
SHA-256 . . . . . : B7ED3FB5FAA70F6C4298AA480CF3494BEF09FB07E87594C376BA60D9E082327A
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : Anti-Virus Mini-Firewall Driver
Version . . . . . : SYSCORE.15.1.0.594
Copyright . . . . : Copyright© 1995-2012 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
C:\Windows\system32\mfevtps.exe
Size . . . . . . . : 161.168 bytes
Age . . . . . . . : 313.9 days (2012-09-01 00:37:55)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 17D23D0BCC3BB9C29ACB0163E4C9B2C550085A215A6688F1D98E204A37DDC0F0
Needs elevation . : Yes
Product . . . . . : SYSCORE
Publisher . . . . : McAfee, Inc.
Description . . . : McAfee Process Validation Service
Version . . . . . : SYSCORE.14.4.0.478
Copyright . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
Cookies _____________________________________________________________________
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:4porn.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:4tube.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.comunio.de
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.dkelseymedia.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.eurogamer.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.jinkads.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pornerbros.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.smartstream.tv
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.sport1games.de
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.thehiveworks.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultadworld.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:anyporn.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:anysex.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:brandporno.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:cmp.112.2o7.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:cnt.winporn.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:cougarporn.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas4.emediate.eu
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:fr.sitestat.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:free18sex.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:freepornstreams.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:geilesexgeschichten.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:hardsextube.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:hdporn.in
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:hellporno.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:homepornon.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:img-cdn.mediaplex.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:largeporntube.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:livecamsporno.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:lokalportal24de.112.2o7.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:myfirstsexteacher.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:new.livejasmin.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:olympiaverlag.122.2o7.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:parispornmovies.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pirates2xxx.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornbeep.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornerbros.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornodeutsche.biz
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornoid.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornos-kostenlos.tv
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornpoly.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornsharia.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:porntubehub.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:realitykings.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:rk.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:sex.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:sex.erdbeerlounge.de
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexkiste.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexytube.me
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.complex.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:streamate.doublepimp.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:sunporno.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adcocktail.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.effiliation.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.tnm.de
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:videosexarchive.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:webetico2.solution.weborama.fr
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:weboramaitdata.solution.weborama.fr
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:weboramaitdatas2.solution.weborama.fr
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:weboramaitdatas3.solution.weborama.fr
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:winporn.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.4tube.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.erotik-sexgeschichten.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.freepornstreams.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.freesex18.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.hardsextube.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.hdporn.in
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.homepornon.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.largeporntube.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.livecamsporno.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.perfectgirls.xxx
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornhub.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornoforum.ch
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornojo.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornpoly.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.rk.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sex.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexylivecams.net
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexytube.me
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sunporno.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.traumporno.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.winporn.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.youporn.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:youporn.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:zadrosex.com
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
|
|
11.07.2013, 22:04
| #40 |
| /// Malware-holic | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! Hi, alle Browser schließen, lösche Kookies und: HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro) mit Hitmanpro. poste ein neues OTL Log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.07.2013, 22:14
| #41 |
| | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! wo finde ich meinen produktschlüssel, nachdem ich mir die kostenlose lizenz geholt habe? |
|
11.07.2013, 22:19
| #42 |
| /// Malware-holic | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! Hi beim starten von hitmanpro auf einmal scannnen gehen, dann prüfen und auf weiter gehen, da sollte das mit dem löschen klappen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2013, 15:55
| #43 |
| | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! OTL Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.07.2013 16:34:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 62,23% Memory free 7,81 Gb Paging File | 5,90 Gb Available in Paging File | 75,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 653,44 Gb Total Space | 531,82 Gb Free Space | 81,39% Space Free | Partition Type: NTFS Drive D: | 25,47 Gb Total Space | 22,20 Gb Free Space | 87,16% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.07.10 03:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.07.09 14:57:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Klemens\Desktop\OTL.exe PRC - [2013.07.01 14:39:42 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.01 14:38:45 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.07.01 14:38:45 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.04.01 18:16:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.09.01 00:42:22 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.05.21 09:26:28 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.05.01 16:00:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.04.28 10:20:06 | 000,163,456 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2012.02.28 11:20:02 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.28 11:19:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.28 11:19:46 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2011.12.09 15:45:00 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.01.28 23:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe ========== Modules (No Company Name) ========== MOD - [2013.07.10 03:56:22 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.07.09 23:45:48 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.07.01 18:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.06.15 01:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2013.06.15 01:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2013.06.15 01:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2013.05.16 01:16:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 01:16:14 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.16 01:16:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.02.05 19:17:17 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.02.05 19:17:17 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.02.05 17:29:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.05 17:29:02 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.05 17:28:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.05 17:28:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.05 17:28:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.09.01 09:40:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.09.01 00:42:21 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.05.01 16:00:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.07.11 23:20:48 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV:64bit: - [2010.12.17 10:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.07.01 14:39:42 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.01 14:38:45 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.04.01 18:16:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.07 06:03:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.05.01 16:00:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.04.28 10:20:06 | 000,163,456 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2012.04.28 09:57:54 | 000,119,424 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.03.26 14:41:18 | 000,572,976 | ---- | M] (Lenovo (Beijing) Limited) [Auto | Running] -- C:\Programme\Lenovo\Instant Reset\DamageGuardSvc.exe -- (DamageGuardSvc) SRV - [2012.02.28 11:20:02 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.28 11:19:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.28 11:19:46 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2013.05.12 17:56:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.05.12 17:47:27 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013.03.30 21:22:54 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AVIPBB.sys -- (avipbb) DRV:64bit: - [2013.03.30 21:22:54 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.30 21:22:54 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AVKMGR.sys -- (avkmgr) DRV:64bit: - [2013.02.17 17:53:06 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.02.17 17:53:06 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.09.01 09:47:24 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.09.01 00:45:12 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2012.09.01 00:45:12 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2012.09.01 00:44:30 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2012.09.01 00:44:30 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2012.06.07 05:49:08 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.05.31 17:06:50 | 002,811,904 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.05.21 09:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.05.21 09:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.05.21 09:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.05.01 16:00:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.04.28 10:09:24 | 000,550,528 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.04.28 10:08:30 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.04.28 10:08:12 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.04.28 10:07:36 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.04.28 10:07:18 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.04.28 10:07:00 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.04.28 10:06:42 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.04.28 10:06:18 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.03.02 12:49:18 | 000,104,048 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.02.10 17:36:26 | 000,217,392 | ---- | M] (Lenovo) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DamageGuardX64.sys -- (DamageGuard) DRV:64bit: - [2012.02.06 10:31:00 | 000,958,800 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2012.01.31 07:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012.01.16 00:21:04 | 000,208,168 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.12.13 11:04:52 | 000,023,648 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dgfltrX64.sys -- (dgFltr) DRV:64bit: - [2011.12.06 13:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.29 13:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.15 12:24:20 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.10 09:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.10 09:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.28 23:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7KMOH_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.07.08 20:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Klemens\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll O1 HOSTS File: ([2013.07.11 21:21:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\athbttray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\btvstack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe ( ) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68065F07-AAC9-4AD6-BD2C-C43F7E57A200}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.09 13:43:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sh4native Sh4Removal) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.11 22:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.07.11 22:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.07.11 22:17:08 | 009,833,328 | ---- | C] (SurfRight B.V.) -- C:\Users\***\Desktop\HitmanPro_x64.exe [2013.07.11 21:40:51 | 003,611,416 | ---- | C] (Piriform Ltd) -- C:\CCleaner.exe [2013.07.11 21:21:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.07.11 21:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.07.11 21:04:04 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.07.11 21:04:04 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.07.11 21:04:00 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.07.11 21:04:00 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.07.11 21:04:00 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.07.11 21:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.07.11 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sony Online Entertainment [2013.07.11 20:30:44 | 006,185,240 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\CCleaner64.exe [2013.07.11 20:30:44 | 003,611,416 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\CCleaner.exe [2013.07.11 20:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.07.11 20:30:10 | 004,396,440 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup403.exe [2013.07.10 21:14:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.07.10 21:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.10 21:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.10 21:14:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.10 21:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.10 21:13:50 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\Programs [2013.07.10 21:13:40 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Klemens\Desktop\mbam-setup-1.75.0.1300.exe [2013.07.10 20:46:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.07.10 20:41:06 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.07.10 20:40:44 | 005,087,643 | R--- | C] (Swearware) -- C:\Users\K***\Desktop\ComboFix.exe [2013.07.10 20:39:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.07.10 20:39:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.07.10 20:39:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.07.10 20:37:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.07.10 20:36:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.07.10 20:35:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2013.07.10 20:02:39 | 005,087,643 | ---- | C] (Swearware) -- C:\ComboFix.exe [2013.07.10 20:02:39 | 005,087,643 | ---- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix (1).exe [2013.07.10 15:27:18 | 005,087,643 | R--- | C] (Swearware) -- C:\Program Files (x86)\ComboFix.exe [2013.07.09 22:26:37 | 000,000,000 | ---D | C] -- C:\found.000 [2013.07.09 22:09:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2013.07.09 18:51:22 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.07.09 15:55:10 | 000,000,000 | ---D | C] -- C:\Users\Klemens\Documents\Word [2013.07.09 15:00:25 | 000,000,000 | ---D | C] -- C:\Users\Klemens\Desktop\system32 [2013.07.09 14:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Klemens\Desktop\OTL.exe [2013.07.09 13:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.09 13:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\system32 [2013.07.08 20:20:48 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\CrashRpt [2013.07.08 20:18:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.07.08 20:18:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.07.08 20:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.08 20:17:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allmyapps [2013.07.08 20:17:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Allmyapps [2013.07.08 18:13:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Filme [2013.07.05 23:41:20 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Klei [2013.07.05 19:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Don't Starve [2013.07.05 19:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DontStarve [2013.07.03 14:39:26 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.07.03 14:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.07.03 14:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.07.02 16:40:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\To-Do-List [2013.07.01 17:18:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft [2013.06.24 18:56:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Square Enix [2013.06.19 20:27:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs [2013.06.13 23:42:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.06.13 23:42:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.06.13 23:42:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.13 23:42:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.13 23:42:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.06.13 23:42:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.06.13 23:42:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.06.13 23:42:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.06.13 23:42:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.13 23:42:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.06.13 23:42:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.06.13 23:42:09 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.13 23:42:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.13 23:42:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.13 23:42:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.06.12 20:15:15 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\TeamViewer [2013.06.12 20:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.12 16:35:13 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.12 16:31:37 | 001,583,286 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.12 16:31:37 | 000,698,002 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.12 16:31:37 | 000,628,854 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.12 16:31:37 | 000,143,674 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.12 16:31:37 | 000,118,658 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.12 16:29:15 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.12 16:28:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.11 23:23:39 | 000,378,273 | ---- | M] () -- C:\Windows\SysNative\fastboot.set [2013.07.11 23:22:18 | 3144,433,664 | -HS- | M] () -- C:\hiberfil.sys [2013.07.11 22:18:13 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.07.11 22:11:20 | 009,833,328 | ---- | M] (SurfRight B.V.) -- C:\Users\Klemens\Desktop\HitmanPro_x64.exe [2013.07.11 21:52:30 | 000,662,345 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.07.11 21:42:08 | 000,309,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.11 21:21:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.07.11 21:03:53 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.07.11 21:03:53 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.07.11 21:03:53 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.07.11 21:03:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.07.11 21:03:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.07.11 21:03:53 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.07.11 20:30:05 | 004,396,440 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup403.exe [2013.07.10 21:14:13 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.10 21:13:34 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Klemens\Desktop\mbam-setup-1.75.0.1300.exe [2013.07.10 20:02:21 | 005,087,643 | ---- | M] (Swearware) -- C:\ComboFix.exe [2013.07.10 20:02:21 | 005,087,643 | ---- | M] (Swearware) -- C:\Users\Klemens\Desktop\ComboFix (1).exe [2013.07.09 22:27:07 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat [2013.07.09 22:14:45 | 000,000,660 | ---- | M] () -- C:\Users\***\Documents\Klemens.lnk [2013.07.09 21:17:57 | 000,000,089 | ---- | M] () -- C:\spyhunter.fix [2013.07.09 19:01:47 | 005,087,643 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.07.09 19:01:47 | 005,087,643 | R--- | M] (Swearware) -- C:\Program Files (x86)\ComboFix.exe [2013.07.09 18:54:26 | 000,039,632 | ---- | M] () -- C:\Users\***\Documents\TDSS.odt [2013.07.09 18:46:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.07.09 14:57:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.07.09 13:43:26 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.07.01 14:40:02 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.19 16:13:32 | 006,185,240 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\CCleaner64.exe [2013.06.19 16:13:32 | 003,611,416 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\CCleaner.exe [2013.06.19 16:13:32 | 003,611,416 | ---- | M] (Piriform Ltd) -- C:\CCleaner.exe [2013.06.12 20:14:46 | 000,000,191 | ---- | M] () -- C:\Windows\wininit.ini [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.11 22:18:13 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.07.11 21:52:42 | 000,662,345 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.07.10 21:14:13 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.10 20:39:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.07.10 20:39:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.07.10 20:39:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.07.10 20:39:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.07.10 20:39:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.07.09 22:27:07 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat [2013.07.09 22:14:45 | 000,000,660 | ---- | C] () -- C:\Users\***\Documents\Klemens.lnk [2013.07.09 18:54:24 | 000,039,632 | ---- | C] () -- C:\Users\***\Documents\TDSS.odt [2013.07.09 13:43:26 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.07.09 13:39:38 | 000,285,747 | ---- | C] () -- C:\shldr [2013.07.09 13:39:38 | 000,014,680 | ---- | C] () -- C:\Windows\SysNative\sh4native.exe [2013.07.09 13:39:38 | 000,000,089 | ---- | C] () -- C:\spyhunter.fix [2013.06.12 20:14:38 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.03.31 21:50:50 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.31 21:50:45 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.20 15:29:37 | 000,000,191 | ---- | C] () -- C:\Windows\wininit.ini [2013.02.13 16:08:18 | 000,263,186 | ---- | C] () -- C:\Program Files (x86)\Minecraft.exe [2013.01.31 20:07:31 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.09.01 00:42:31 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll [2012.09.01 00:42:31 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll [2012.09.01 00:42:31 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll [2012.09.01 00:42:31 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll [2012.09.01 00:42:19 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll [2012.09.01 00:28:42 | 000,001,779 | ---- | C] () -- C:\Windows\vm332Rmv.ini [2012.09.01 00:28:42 | 000,001,779 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini [2012.07.11 03:13:17 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.07.11 03:13:15 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.07.11 03:13:12 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.07.11 03:13:11 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
12.07.2013, 16:48
| #44 |
| /// Malware-holic | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
:files
:Commands
[emptytemp]
bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2013, 17:36
| #45 |
| | Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! statt (no name) meinen namen? |
|
| Themen zu Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! |
| anfänger, deinstalliere, deinstallieren, facebook, frage, helft, hilfe, hoffe, instant, instant saving app, leute, loswerden, programm, saving, virus, werbung, würde, youtube |
Textbox. 
Linear-Darstellung
