|
Plagegeister aller Art und deren Bekämpfung: nur Verknüpfungen auf externer Festplatte und SD-KarteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.10.2013, 10:18 | #1 |
| nur Verknüpfungen auf externer Festplatte und SD-Karte Liebes Trojaner-Board, seit etwa einem Monat zeigt meine externe Festplatte nur noch Verknüpfungen an, allein neu gespeicherte Daten kann ich öffnen. Dasselbe bei meiner Sd-Karte. Zusätzlich werden die Ordner Recycled (SD) und Thumbs, $RECYCLE.bin, .designerthumb (Festplatte) angezeigt. Bei einigen PC, an die ich die Festplatte angeschlossen hatte, kam eine Warnung bzgl. eines Trojaners. Kann ich meine Daten noch irgendwie retten? Grüße TLau |
23.10.2013, 11:36 | #2 |
/// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
23.10.2013, 16:58 | #3 |
| nur Verknüpfungen auf externer Festplatte und SD-Karte Das aus FRST:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013 Ran by Tani (administrator) on TANI-VAIO on 23-10-2013 17:53:40 Running from C:\Users\Tani\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (COMPANYVERS_NAME) C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Sony Corporation) c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe (AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btmsrvview.exe (Whilokii) C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe (Spotify Ltd) C:\Users\Tani\AppData\Roaming\Spotify\spotify.exe () C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (MindAd) C:\Users\Tani\Downloads\setup.exe (@ ) C:\Users\Tani\AppData\Local\Temp\DownloadManager.exe () C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated) HKLM\...\Run: [] - [x] HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.) HKLM-x32\...\Run: [Intel AT Service signup] - c:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe [382976 2012-02-15] (Intel Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] - C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe [42536 2013-03-07] (MindSpark) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260928 2012-03-13] (NVIDIA Corporation) Startup: C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511 SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511 SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C05FC48508942C04&affID=121564&tt=230713_18220&tsp=4954 SearchScopes: HKCU - {8EAD5713-1176-441B-854A-0A9AFD637938} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511 BHO: CS Browser Assistant - {11111111-1111-1111-1111-110411181196} - C:\Program Files (x86)\CS Browser Assistant\CS Browser Assistant-bho64.dll No File BHO: ElectroLyrics-16 - {11111111-1111-1111-1111-110411411152} - C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-bho64.dll No File BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Updater By Sweetpacks - {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension64.dll No File BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll (Whilokii) BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default FF user.js: detected! => C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\user.js FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=C05FC48508942C04&affID=121564&tt=230713_18220&tsp=4954 FF SearchEngineOrder.1: Delta Search FF Homepage: google.de FF Keyword.URL: hxxp://mysearch.sweetpacks.com/?src=2&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\searchplugins\BrowserDefender.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com FF Extension: FromDocToPDF - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\65ffxtbr@FromDocToPDF_65.com FF Extension: No Name - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com FF Extension: Delta Toolbar - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\ffxtlbr@delta.com FF Extension: Whilokii - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\firefox@whilokii.net FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} FF Extension: BonanzaDeals - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} FF Extension: firefox - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\firefox@whilokii.net.xpi FF Extension: No Name - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin FF Extension: FromDocToPDF - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (CS Browser Assistant) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0 CHR Extension: (ElectroLyrics-16) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0 CHR HKLM-x32\...\Chrome\Extension: [nibgmhfiionbhpeidijmiildfjnbbkic] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation) S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It) S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc) R2 FromDocToPDF_65Service; C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-03-07] (COMPANYVERS_NAME) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2401632 2012-11-29] (TuneUp Software) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-05] (Whilokii) R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [65304 2013-10-23] (Whilokii) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation) R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2012-02-24] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x] ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-23 17:53 - 2013-10-23 17:53 - 01955374 _____ (Farbar) C:\Users\Tani\Downloads\FRST64.exe 2013-10-23 17:53 - 2013-10-23 17:53 - 00000000 ____D C:\FRST 2013-10-23 17:52 - 2013-10-23 17:52 - 01088127 _____ (Farbar) C:\Users\Tani\Downloads\FRST.exe 2013-10-23 11:15 - 2013-10-23 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-23 11:11 - 2013-10-23 11:11 - 00001461 _____ C:\Users\Tani\Desktop\Continue Music Remote.lnk 2013-10-23 11:10 - 2013-10-23 11:10 - 00614520 _____ (MindAd) C:\Users\Tani\Downloads\setup.exe 2013-10-22 13:18 - 2013-10-22 13:18 - 00000000 _____ C:\Windows\SysWOW64\shoB3D7.tmp 2013-10-22 09:48 - 2013-10-22 09:48 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2013-10-22 03:19 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-22 03:19 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-22 03:19 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-22 03:19 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-22 03:19 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-22 03:19 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-22 03:19 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-22 03:19 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-22 03:19 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-22 03:19 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-22 03:19 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-22 03:19 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-21 23:56 - 2013-10-21 23:56 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard 2013-10-21 23:38 - 2013-10-21 23:38 - 00000983 _____ C:\Users\Public\Desktop\Deluge.lnk 2013-10-21 23:38 - 2013-10-21 23:38 - 00000000 ____D C:\Program Files (x86)\Deluge 2013-10-21 23:37 - 2013-10-22 13:15 - 00000000 ____D C:\Program Files (x86)\SweetIM 2013-10-21 23:36 - 2013-10-22 13:15 - 00000000 ____D C:\Windows\SysWOW64\WNLT 2013-10-21 23:36 - 2013-10-22 13:14 - 00000000 ____D C:\Windows\SysWOW64\ARFC 2013-10-21 23:36 - 2013-10-21 23:36 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zqsyhouh.sys 2013-10-21 23:36 - 2013-10-21 23:36 - 00000000 ____D C:\Windows\SysWOW64\jmdp 2013-10-21 23:36 - 2013-07-21 16:13 - 01656112 _____ C:\Windows\system32\dmwu.exe 2013-10-21 23:36 - 2013-07-21 16:10 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll 2013-10-21 23:35 - 2013-10-22 13:14 - 00000000 ____D C:\Program Files (x86)\CSBrowserHelper 2013-10-21 23:35 - 2013-10-21 23:35 - 00000000 ____D C:\Users\Tani\AppData\Local\CS Browser Assistant 2013-10-21 23:34 - 2013-10-22 13:14 - 00000000 ____D C:\Users\Tani\AppData\Local\SwvUpdater 2013-10-21 23:34 - 2013-10-21 23:34 - 00001962 _____ C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk 2013-10-21 23:18 - 2013-10-21 23:18 - 00000089 _____ C:\Users\Tani\AppData\Roaming\WB.CFG 2013-10-21 22:24 - 2013-10-21 22:24 - 01060070 _____ C:\Users\Tani\Downloads\adwcleaner.exe 2013-10-21 22:23 - 2013-10-21 22:23 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Malwarebytes 2013-10-21 22:21 - 2013-10-21 22:21 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-21 22:21 - 2013-10-21 22:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-21 22:21 - 2013-10-21 22:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-21 22:21 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-21 22:20 - 2013-10-21 22:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tani\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-21 22:19 - 2013-10-22 13:15 - 00000000 ____D C:\ProgramData\Systweak 2013-10-21 22:19 - 2013-10-22 12:25 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2013-10-21 22:19 - 2013-10-22 09:42 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2013-10-21 22:19 - 2013-10-22 09:41 - 00003318 _____ C:\Windows\System32\Tasks\Advanced System Protector 2013-10-21 22:19 - 2013-10-21 23:58 - 00000282 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-10-21 22:19 - 2013-10-21 22:19 - 00003024 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-10-21 22:19 - 2013-10-21 22:19 - 00001091 _____ C:\Users\Tani\Desktop\MyPC Backup.lnk 2013-10-21 22:19 - 2013-10-21 22:19 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-10-21 22:19 - 2013-10-21 22:19 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-10-21 22:19 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe 2013-10-21 22:18 - 2013-10-23 17:48 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job 2013-10-21 22:18 - 2013-10-23 11:06 - 00000000 ____D C:\Program Files (x86)\Whilokii 2013-10-21 22:18 - 2013-10-22 13:15 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Systweak 2013-10-21 22:18 - 2013-10-21 23:55 - 00000000 ____D C:\Users\Tani\AppData\Roaming\DigitalSite 2013-10-21 22:18 - 2013-10-21 22:18 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-10-21 22:18 - 2013-10-21 22:18 - 00003228 _____ C:\Windows\System32\Tasks\DigitalSite 2013-10-21 22:18 - 2013-10-21 22:18 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk 2013-10-21 22:18 - 2013-10-21 22:18 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-10-21 22:18 - 2013-10-21 22:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\0D0S1L2Z1P1B 2013-10-21 22:18 - 2013-10-21 22:18 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-10-21 22:18 - 2013-07-22 16:07 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe 2013-10-21 22:04 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-21 22:04 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-21 22:04 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-21 22:04 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-21 22:04 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-21 22:04 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-21 22:04 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-21 22:04 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-21 22:04 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-21 22:04 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-21 22:04 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-21 22:04 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-21 22:04 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-21 22:04 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-21 22:04 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-21 22:04 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-21 22:04 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-10-21 22:04 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-10-21 22:04 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-10-21 22:04 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-10-21 22:04 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-10-21 22:04 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-10-21 22:04 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-10-21 22:04 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-10-21 22:04 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-10-21 22:04 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-10-21 22:04 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-10-21 22:04 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-10-21 22:04 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-21 22:04 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-21 22:04 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-21 22:04 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-21 22:04 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-21 22:04 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-21 22:04 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-21 22:04 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-21 22:04 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-21 22:04 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-21 22:04 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-21 22:04 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-21 22:04 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-21 22:04 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-21 22:04 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-21 22:04 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-21 22:04 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-21 22:04 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-21 22:01 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-21 22:01 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-21 22:01 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-21 22:01 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-21 22:01 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-21 22:01 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-21 22:00 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-21 21:57 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-21 21:57 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-21 21:57 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-21 21:57 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-21 21:56 - 2013-10-21 21:56 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-10-21 21:55 - 2013-10-22 13:15 - 00000000 ____D C:\ProgramData\BitGuard ==================== One Month Modified Files and Folders ======= 2013-10-23 17:53 - 2013-10-23 17:53 - 01955374 _____ (Farbar) C:\Users\Tani\Downloads\FRST64.exe 2013-10-23 17:53 - 2013-10-23 17:53 - 00000000 ____D C:\FRST 2013-10-23 17:52 - 2013-10-23 17:52 - 01088127 _____ (Farbar) C:\Users\Tani\Downloads\FRST.exe 2013-10-23 17:48 - 2013-10-21 22:18 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job 2013-10-23 17:48 - 2013-02-01 17:24 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Spotify 2013-10-23 17:48 - 2013-02-01 16:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-23 17:48 - 2013-02-01 15:39 - 01321161 _____ C:\Windows\WindowsUpdate.log 2013-10-23 11:25 - 2013-02-01 18:24 - 00000000 ____D C:\Users\Tani\AppData\Local\Mozilla 2013-10-23 11:25 - 2013-02-01 17:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-23 11:16 - 2013-10-23 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-23 11:11 - 2013-10-23 11:11 - 00001461 _____ C:\Users\Tani\Desktop\Continue Music Remote.lnk 2013-10-23 11:10 - 2013-10-23 11:10 - 00614520 _____ (MindAd) C:\Users\Tani\Downloads\setup.exe 2013-10-23 11:06 - 2013-10-21 22:18 - 00000000 ____D C:\Program Files (x86)\Whilokii 2013-10-23 10:33 - 2009-07-14 06:51 - 00068566 _____ C:\Windows\setupact.log 2013-10-22 19:52 - 2013-02-01 22:30 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Skype 2013-10-22 18:47 - 2013-02-01 15:29 - 02117566 _____ C:\Windows\system32\perfh007.dat 2013-10-22 18:47 - 2013-02-01 15:29 - 00603196 _____ C:\Windows\system32\perfc007.dat 2013-10-22 18:47 - 2009-07-14 07:13 - 00006484 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-22 18:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-10-22 13:33 - 2013-02-01 19:32 - 00000000 ____D C:\Users\Tani\AppData\Local\Spotify 2013-10-22 13:27 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-22 13:27 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-22 13:19 - 2010-11-21 05:47 - 00191442 _____ C:\Windows\PFRO.log 2013-10-22 13:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-22 13:18 - 2013-10-22 13:18 - 00000000 _____ C:\Windows\SysWOW64\shoB3D7.tmp 2013-10-22 13:15 - 2013-10-21 23:37 - 00000000 ____D C:\Program Files (x86)\SweetIM 2013-10-22 13:15 - 2013-10-21 23:36 - 00000000 ____D C:\Windows\SysWOW64\WNLT 2013-10-22 13:15 - 2013-10-21 22:19 - 00000000 ____D C:\ProgramData\Systweak 2013-10-22 13:15 - 2013-10-21 22:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Systweak 2013-10-22 13:15 - 2013-10-21 21:55 - 00000000 ____D C:\ProgramData\BitGuard 2013-10-22 13:15 - 2013-07-25 12:53 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-10-22 13:14 - 2013-10-21 23:36 - 00000000 ____D C:\Windows\SysWOW64\ARFC 2013-10-22 13:14 - 2013-10-21 23:35 - 00000000 ____D C:\Program Files (x86)\CSBrowserHelper 2013-10-22 13:14 - 2013-10-21 23:34 - 00000000 ____D C:\Users\Tani\AppData\Local\SwvUpdater 2013-10-22 12:25 - 2013-10-21 22:19 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2013-10-22 09:48 - 2013-10-22 09:48 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2013-10-22 09:42 - 2013-10-21 22:19 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2013-10-22 09:41 - 2013-10-21 22:19 - 00003318 _____ C:\Windows\System32\Tasks\Advanced System Protector 2013-10-22 09:41 - 2013-02-01 17:07 - 00000000 ___RD C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-22 09:41 - 2013-02-01 17:07 - 00000000 ___RD C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-10-22 09:38 - 2013-04-06 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-22 09:38 - 2013-04-06 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-22 09:38 - 2009-07-14 06:45 - 00329608 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-22 03:21 - 2013-02-01 20:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-10-22 03:11 - 2013-08-15 00:47 - 00000000 ____D C:\Windows\system32\MRT 2013-10-22 03:03 - 2013-02-01 17:10 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-22 03:02 - 2013-02-01 17:10 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-22 03:02 - 2013-02-01 17:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-10-21 23:58 - 2013-10-21 22:19 - 00000282 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-10-21 23:56 - 2013-10-21 23:56 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard 2013-10-21 23:55 - 2013-10-21 22:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\DigitalSite 2013-10-21 23:38 - 2013-10-21 23:38 - 00000983 _____ C:\Users\Public\Desktop\Deluge.lnk 2013-10-21 23:38 - 2013-10-21 23:38 - 00000000 ____D C:\Program Files (x86)\Deluge 2013-10-21 23:36 - 2013-10-21 23:36 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zqsyhouh.sys 2013-10-21 23:36 - 2013-10-21 23:36 - 00000000 ____D C:\Windows\SysWOW64\jmdp 2013-10-21 23:35 - 2013-10-21 23:35 - 00000000 ____D C:\Users\Tani\AppData\Local\CS Browser Assistant 2013-10-21 23:34 - 2013-10-21 23:34 - 00001962 _____ C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk 2013-10-21 23:18 - 2013-10-21 23:18 - 00000089 _____ C:\Users\Tani\AppData\Roaming\WB.CFG 2013-10-21 22:39 - 2013-02-01 16:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-21 22:39 - 2013-02-01 16:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-21 22:39 - 2013-02-01 16:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-21 22:24 - 2013-10-21 22:24 - 01060070 _____ C:\Users\Tani\Downloads\adwcleaner.exe 2013-10-21 22:23 - 2013-10-21 22:23 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Malwarebytes 2013-10-21 22:21 - 2013-10-21 22:21 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-21 22:21 - 2013-10-21 22:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-21 22:21 - 2013-10-21 22:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-21 22:21 - 2013-10-21 22:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tani\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-21 22:19 - 2013-10-21 22:19 - 00003024 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-10-21 22:19 - 2013-10-21 22:19 - 00001091 _____ C:\Users\Tani\Desktop\MyPC Backup.lnk 2013-10-21 22:19 - 2013-10-21 22:19 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-10-21 22:19 - 2013-10-21 22:19 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-10-21 22:18 - 2013-10-21 22:18 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-10-21 22:18 - 2013-10-21 22:18 - 00003228 _____ C:\Windows\System32\Tasks\DigitalSite 2013-10-21 22:18 - 2013-10-21 22:18 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk 2013-10-21 22:18 - 2013-10-21 22:18 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-10-21 22:18 - 2013-10-21 22:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\0D0S1L2Z1P1B 2013-10-21 22:18 - 2013-10-21 22:18 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-10-21 22:18 - 2013-02-01 17:24 - 00000000 ____D C:\Users\Tani\AppData\Local\Google 2013-10-21 21:56 - 2013-10-21 21:56 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-09-26 01:46 - 2013-02-01 18:41 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-23 01:28 - 2013-10-22 03:19 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-23 01:28 - 2013-10-22 03:19 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-23 01:27 - 2013-10-22 03:19 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-23 00:55 - 2013-10-22 03:19 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-23 00:55 - 2013-10-22 03:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-23 00:55 - 2013-10-22 03:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-23 00:54 - 2013-10-22 03:19 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-23 00:54 - 2013-10-22 03:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll Some content of TEMP: ==================== C:\Users\Tani\AppData\Local\Temp\022zin2k.dll C:\Users\Tani\AppData\Local\Temp\944.6310117703399_Update.exe C:\Users\Tani\AppData\Local\Temp\BackupSetup.exe C:\Users\Tani\AppData\Local\Temp\COMAP.EXE C:\Users\Tani\AppData\Local\Temp\DownloadManager.exe C:\Users\Tani\AppData\Local\Temp\SpotifyUpgrader.exe C:\Users\Tani\AppData\Local\Temp\vpnclient_setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-22 13:03 ==================== End Of Log ============================ und hier Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2013 Ran by Tani at 2013-10-23 17:54:18 Running from C:\Users\Tani\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) ACID Music Studio 8.0 (x32 Version: 8.0.178) ActiveX контрола на Windows Live Mesh за отдалечени връзки (x32 Version: 15.4.5722.2) ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2) Adobe Acrobat X Standard - English, Français, Deutsch (x32 Version: 10.0.0) Adobe AIR (x32 Version: 2.7.0.19460) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98) Aloha TriPeaks (x32 Version: 2.2.0.98) Amazon Send to Kindle (x32 Version: 1.0.0.192) Apple Application Support (x32 Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (x32 Version: 2.1.3.127) ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.161) ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.457) AuthenTec TrueSuite (Version: 5.2.0.675) AuthenTec WinBio FingerPrint Software (Version: 3.2.1.1030) Avidemux 2.6 (32-bit) (x32 Version: 2.6.4.8696) Bejeweled 3 (x32 Version: 2.2.0.98) Bing Bar (x32 Version: 7.0.610.0) Bonjour (Version: 3.0.0.10) BrainVoyager Brain Tutor (x32 Version: 1.2.1) Build-a-lot 2 (x32 Version: 2.2.0.98) Cake Mania (x32 Version: 2.2.0.98) Chuzzle Deluxe (x32 Version: 2.2.0.95) Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7) Control ActiveX Windows Live Mesh pentru conexiuni la distanță (x32 Version: 15.4.5722.2) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2) CyberLink PowerDVD (x32 Version: 9.0.5009.52) D3DX10 (x32 Version: 15.4.2368.0902) Deluge 1.3.6 (x32) Dolby Home Theater v4 (x32 Version: 7.2.7000.4) DVD Architect Studio 5.0 (x32 Version: 5.0.157) Evernote v. 4.5.2 (x32 Version: 4.5.2.5904) FDUx86 (x32 Version: 1.0.0) Fishdom (TM) 2 (x32 Version: 2.2.0.98) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922) Free YouTube to MP3 Converter version 3.12.2.426 (x32 Version: 3.12.2.426) FromDocToPDF Toolbar (x32) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Galerie foto Windows Live (x32 Version: 15.4.3502.0922) Google Update Helper (x32 Version: 1.3.23.0) Insaniquarium Deluxe (x32 Version: 2.2.0.97) Intel PROSet Wireless Intel(R) Management Engine Components (x32 Version: 8.0.4.1441) Intel(R) OpenCL CPU Runtime (x32) Intel(R) Processor Graphics (x32 Version: 8.15.10.2712) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.0.0.0083) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.0.0.0086) Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220) Intel(R) WiDi (Version: 3.1.26.0) Intel(R) Wireless Display Intel® AT Service signup (x32 Version: 2.0.0.3) Intel® PROSet/Wireless WiFi-Software (Version: 15.00.0000.0708) Intel® Trusted Connect Service Client (Version: 1.23.605.1) Internet Explorer Toolbar 4.9 by SweetPacks (x32 Version: 4.9.0000) iTunes (Version: 11.0.1.12) Java Auto Updater (x32 Version: 2.1.5.1) Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10) Java(TM) 7 Update 1 (x32 Version: 7.0.10) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2) KUx86 (x32 Version: 1.0.0) Lollipop (HKCU) Mahjongg Artifacts (x32 Version: 2.2.0.95) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Media Gallery (Version: 2.1.0.13300) Media Go (x32 Version: 2.0.317) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft .NET Framework 4 Extended (Version: 4.0.30320) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft Security Client (Version: 4.3.0219.0) Microsoft Security Essentials (Version: 4.3.219.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0) Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT Redists (x32 Version: 1.0) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) MyFreeCodec (HKCU) MyPC Backup (Version: ) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98) Mystery P.I. - The London Caper (x32 Version: 2.2.0.95) NVIDIA Grafiktreiber 296.18 (Version: 296.18) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA Optimus 1.7.12 (Version: 1.7.12) NVIDIA PhysX (x32 Version: 9.11.1111) NVIDIA PhysX-Systemsoftware 9.11.1111 (Version: 9.11.1111) NVIDIA Systemsteuerung 296.18 (Version: 296.18) NVIDIA Update Components (Version: 1.7.12) Open It! (x32 Version: 1.1.1) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (x32 Version: 15.4.5722.2) Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2) PDF24 Creator 5.4.0 (x32) Picasa 3 (x32 Version: 3.9) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) PlayMemories Home (x32 Version: 6.1.01.14210) PlayStation(R)Network Downloader (x32 Version: 2.07.00849) PlayStation(R)Store (x32 Version: 4.5.15.13232) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922) Polar Bowler (x32 Version: 2.2.0.97) Pošta Windows Live (x32 Version: 15.4.3502.0922) PYV_x86 (x32 Version: 1.0.0) QuickTime (x32 Version: 7.73.80.64) R for Windows 3.0.0 (Version: 3.0.0) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6570) Realtek PCIE Card Reader (x32 Version: 6.1.7601.92) Remote Keyboard (x32 Version: 1.2.0.09270) Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090) Samsung CLX-3300 Series (x32 Version: 1.01 (01.05.2012)) Samsung Easy Document Creator (x32 Version: 1.02.09 (25.04.2012)) Samsung Easy Printer Manager (x32 Version: 1.02.45.02(01.05.2012)) Samsung Kies (x32 Version: 2.5.1.12123_2) Samsung Printer Live Update (x32 Version: 1.01.00.04) Samsung Scan Process Machine (x32 Version: 1.00.18.04) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0) Skype™ 6.1 (x32 Version: 6.1.129) Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176) Spotify (HKCU Version: 0.9.4.185.g7545a404) SSLx64 (Version: 1.0.0) SSLx86 (x32 Version: 1.0.0) Synaptics Pointing Device Driver (Version: 16.0.0.5) The Hidden Object Game Show (x32 Version: 2.2.0.97) TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270) TuneUp Utilities 2013 (x32 Version: 13.0.3000.132) TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Update Installer for WildTangent Games App (x32) Updater By Sweetpacks 2.0.0.605 (Version: 2.0.0.605) Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2) VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (Version: 1.0.00.01300) VAIO - PlayMemories Home Plug-in (Version: 2.0.00.14200) VAIO - Remote Play mit PlayStation®3 (x32 Version: 1.1.0.21090) VAIO - Remote-Tastatur (x32 Version: 1.2.0.09270) VAIO - Remote-Tastatur mit PlayStation®3 (x32 Version: 1.2.0.09210) VAIO - TrackID™ mit BRAVIA (x32 Version: 1.2.0.09270) VAIO Care (Version: 7.3.0.14170) VAIO Control Center (x32 Version: 5.2.2.16060) VAIO Data Restore Tool (x32 Version: 1.9.0.13190) VAIO Easy Connect (x32 Version: 1.1.2.01120) VAIO Gate (x32 Version: 2.4.1.09230) VAIO Gate Default (x32 Version: 2.5.2.02090) VAIO Gesture Control (x32 Version: 1.0.0.12300) VAIO Improvement (x32 Version: 1.3.0.12280) VAIO Improvement Validation (Version: 1.0.4.01190) VAIO Sample Contents (x32 Version: 1.4.2.09010) VAIO Smart Network (x32 Version: 3.11.1.15220) VAIO Update (x32 Version: 5.7.0.13130) VAIO Update Merge Module x64 (Version: 5.7.13130) VAIO*CPU-Lüfterdiagnose (x32 Version: 1.1.0.09200) VAIO-Handbuch (x32 Version: 2.3.0.12300) VAIO-Support für Übertragungen (x32 Version: 1.7.0.02231) VBMx86 (x32 Version: 1.0.0) VCCx64 (Version: 1.0.0) VCCx86 (x32 Version: 1.0.0) Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256) VHD (x32 Version: 1.0.0) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) VIx64 (Version: 1.0.0) VIx86 (x32 Version: 1.0.0) VLC media player 2.0.5 (x32 Version: 2.0.5) VMLx86 (x32 Version: 1.0.0) VPMx64 (Version: 1.0.0) VSNx64 (Version: 1.0.0) VSNx86 (x32 Version: 1.0.0) VSSTx64 (Version: 1.0.0) VSSTx86 (x32 Version: 1.0.0) VU5x64 (Version: 1.0.0) VU5x86 (x32 Version: 1.0.0) VWSTx86 (x32 Version: 1.0.0) Whilokii 1.0.0 (Version: 1.0.0) WildTangent Games App (x32 Version: 4.0.5.36) WildTangent-Spiele (x32 Version: 1.0.2.5) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3538.0513) Windows Live Fotogaléria (x32 Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live Fotogalleri (x32 Version: 15.4.3502.0922) Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922) Windows Live Fotótár (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2) Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922) Windows Liven sähköposti (x32 Version: 15.4.3502.0922) Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922) Zip Extractor Packages (HKCU) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922) Елемент керування Windows Live Mesh ActiveX для віддалених підключень (x32 Version: 15.4.5722.2) Основи Windows Live (x32 Version: 15.4.3502.0922) Основные компоненты Windows Live (x32 Version: 15.4.3502.0922) Почта Windows Live (x32 Version: 15.4.3502.0922) Фотоальбом Windows Live (x32 Version: 15.4.3502.0922) Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922) Фотоколекція Windows Live (x32 Version: 15.4.3502.0922) Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2) ==================== Restore Points ========================= 10-08-2013 17:22:15 Windows Update 14-08-2013 07:43:55 Windows Update 14-08-2013 22:46:22 Windows Update 18-08-2013 19:54:25 Windows Update 21-10-2013 19:56:56 Windows Update 22-10-2013 01:00:55 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0DD753D1-C6D7-4923-904F-69A4388E0CF4} - System32\Tasks\BonanzaDealsUpdate => C:\Program Task: {11DB8F54-6E8C-49F8-81EF-2D6194CF7FDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-21] (Adobe Systems Incorporated) Task: {1ADDB2C9-B9E1-49C9-AE2D-7D149B510EC1} - System32\Tasks\DigitalSite => C:\Users\Tani\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE Task: {1D3E73D4-A405-4E91-8C0D-8ABE11C5AA93} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe Task: {26E9313C-7DAE-4F9C-8292-45B18C6CF851} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation) Task: {2923F8CB-616E-48FB-9C58-457F9659B751} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation) Task: {4CC52CB9-6C48-45D9-9B70-92A534BB7E2B} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation) Task: {4CD8A0E3-AE9A-4CF9-ADC5-7552B12D0869} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation) Task: {5ECB31E4-4C5A-4900-ABB6-184DE881841D} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation) Task: {5F382F8C-034A-40B2-8708-7D7316C5CF81} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation) Task: {63F44E44-CE1D-417E-9759-6D986C815DC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {64B25806-8A9D-4100-AEEB-CFF815354537} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-11-29] (TuneUp Software) Task: {6B538DBA-05C8-4548-A968-EB635E39B63F} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe Task: {7072416C-1B44-46A5-AFFB-69FC517EE8CF} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Windows\System32\net Task: {748A002B-962C-4BC6-BD4B-AF27F9F840AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7696F97C-C03F-405C-B2EE-55B4AFEE74DE} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation) Task: {8473D606-F9BD-4BB5-8346-CBD0A0F9117D} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe Task: {8C3D8ACC-765F-44D7-8A67-4D44731C3D5F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation) Task: {997033BE-F612-4E9F-A6EF-775065A1D350} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation) Task: {A2BE3A3B-2EA1-4D82-8F95-4BFD06EDFD4D} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation) Task: {AADC721E-8A14-4ECC-AE62-6C3CDE5EBA33} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation) Task: {B439D0B2-C923-423E-8AFF-8C2A927DEA47} - System32\Tasks\EPUpdater => C:\Users\Tani\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe Task: {B508C7D3-92F4-4470-8B04-59C31C5B962B} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation) Task: {BD68496D-0BC5-415A-8292-581E38D3678A} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation) Task: {C0199735-922B-4A29-A668-11CA5360A78A} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation) Task: {C7B76B13-36BE-4BB0-B90A-1A1B43F6F979} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe Task: {CA0B504D-ED19-49FB-952C-65DD6BBF7A1B} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation) Task: {D39542B3-BFEA-4947-A62B-D690119D3A03} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation) Task: {D4BA6582-AFC8-4774-9815-E75989FC74F0} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation) Task: {DAC9F6C6-5D8B-47F8-9583-B3BB01733BC3} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation) Task: {E59CAFF7-D41B-492F-BE50-875C249CE7DC} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation) Task: {E998B361-6677-4BA0-A12F-FCF007703CC3} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation) Task: {F887DBC5-C694-47F0-98E9-FD8D577B8008} - System32\Tasks\BitGuard => Sc.exe start BitGuard Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Tani\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe ==================== Loaded Modules (whitelisted) ============= 2012-02-20 05:57 - 2012-02-20 05:57 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll 2012-02-20 05:57 - 2012-02-20 05:57 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll 2012-04-05 04:04 - 2012-04-03 22:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-09-20 00:37 - 2013-09-20 00:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll 2013-09-20 00:32 - 2013-09-20 00:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll 2011-11-30 19:49 - 2011-11-30 19:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll 2011-12-13 12:26 - 2011-12-13 12:26 - 00139264 _____ () C:\Program Files (x86)\Intel\Bluetooth\de\btmsrvview.resources.dll 2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll 2013-02-01 16:06 - 2012-04-06 15:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll 2013-08-15 09:20 - 2013-08-15 09:20 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll 2013-02-01 15:44 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-02-01 15:50 - 2012-03-23 10:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2010-10-25 16:13 - 2010-10-25 16:13 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu 2013-10-23 11:22 - 2013-10-23 11:22 - 00337920 _____ () C:\Program Files (x86)\Whilokii\bin\sqlite3.DLL 2013-02-01 17:24 - 2013-10-22 11:34 - 34604032 _____ () C:\Users\Tani\AppData\Roaming\Spotify\Data\libcef.dll 2013-10-21 22:39 - 2013-10-21 22:39 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll 2013-10-22 11:34 - 2013-10-22 11:34 - 00747008 _____ () C:\Users\Tani\AppData\Roaming\Spotify\Data\libglesv2.dll 2013-10-22 11:34 - 2013-10-22 11:34 - 00137216 _____ () C:\Users\Tani\AppData\Roaming\Spotify\Data\libegl.dll 2013-10-23 11:15 - 2013-10-23 11:16 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-08-09 01:00 - 2013-08-09 01:00 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-08-09 01:00 - 2013-08-09 01:00 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-08-09 01:00 - 2013-08-09 01:00 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\system32\Drivers\zqsyhouh.sys:changelist ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8065 Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8065 Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7067 Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7067 Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6068 Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6068 Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/23/2013 00:14:09 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5054 System errors: ============= Error: (10/22/2013 02:54:33 PM) (Source: Microsoft-Windows-HAL) (User: ) Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Error: (10/22/2013 01:20:16 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (10/22/2013 01:20:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/22/2013 01:20:14 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Error: (10/22/2013 01:18:26 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (10/22/2013 09:47:28 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (10/22/2013 09:44:08 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet. Error: (10/22/2013 09:39:02 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (10/22/2013 00:02:25 AM) (Source: Microsoft-Windows-HAL) (User: ) Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Error: (10/21/2013 11:58:47 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8065 Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8065 Error: (10/23/2013 00:14:12 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7067 Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7067 Error: (10/23/2013 00:14:11 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6068 Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6068 Error: (10/23/2013 00:14:10 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/23/2013 00:14:09 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5054 CodeIntegrity Errors: =================================== Date: 2013-05-02 10:45:41.693 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 10:45:41.671 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 10:45:39.631 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 10:45:39.605 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 10:45:37.560 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 10:45:37.537 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 10:45:35.498 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 10:45:35.478 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 10:45:33.427 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-02 10:45:33.406 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 54% Total physical RAM: 3995.28 MB Available physical RAM: 1817.55 MB Total Pagefile: 7988.73 MB Available Pagefile: 4104.21 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:443.29 GB) (Free:365.17 GB) NTFS Drive e: (TANI CAMERA) (Removable) (Total:1.89 GB) (Free:0 GB) FAT Drive g: (INTENSO) (Fixed) (Total:465.64 GB) (Free:262.06 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 9965FECF) Partition: GPT Partition Type ======================================================== Disk: 1 (Size: 466 GB) (Disk ID: 1959C36A) Partition 1: (Not Active) - (Size=466 GB) - (Type=0C) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================ |
24.10.2013, 08:47 | #4 |
/// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte Externe und SD Karte anklemmen, dran lassen: Panda USB Vaccine - Download - Filepony laden und laufen lassen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.10.2013, 19:06 | #5 |
| nur Verknüpfungen auf externer Festplatte und SD-KarteCode:
ATTFilter ComboFix 13-10-24.01 - Tani 24.10.2013 18:53:40.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3995.1449 [GMT 2:00] ausgeführt von:: c:\users\Tani\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhbklcjlaailoapjipjnojcomechjoop_0 c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhbklcjlaailoapjipjnojcomechjoop_0\3 c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\background.html c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\crossriderManifest.json c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\manifest.xml c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins.json c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\1_base.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\13_CrossriderAppUtils.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\14_CrossriderUtils.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\17_jQuery.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\19_CHAppAPIWrapper.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\21_debug.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\22_resources.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\28_initializer.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\4_jquery_1_7_1.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\47_resources_background.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\64_appApiMessage.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\72_appApiValidation.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\78_CrossriderInfo.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\80_CHPopupAppAPI.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\plugins\97_resourceApiWrapper.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\userCode\background.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\extensionData\userCode\extension.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\icons\actions\1.png c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\icons\icon128.png c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\icons\icon16.png c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\icons\icon48.png c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\chrome.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\cookie.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\message.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\pageAction.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\api\pageActionBG.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\background.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\app_api.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\bg_app_api.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\consts.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\cookie_store.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\crossriderAPI.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\delegate.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\events.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\extensionDataStore.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\installer.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\logFile.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\logging.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\onBGDocumentLoad.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\popupResource\newPopup.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\popupResource\popup.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\reports.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\storageWrapper.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\updateManager.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\util.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\lib\xhr.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\js\main.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\manifest.json c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhbklcjlaailoapjipjnojcomechjoop\1.24.10_0\popup.html c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\background.html c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\crossriderManifest.json c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\manifest.xml c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins.json c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\1_base.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\101_cortica_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\102_dealply_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\103_intext_5_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\104_jollywallet_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\105_corticas_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\107_coupish_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\108_icm_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\116_ads_only_5_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\117_coupons_intext_ads_5_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\119_similar_web_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\120_luck_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\123_intext_adv_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\125_arcadi2_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\126_revizer_ws_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\127_revizer_p_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\128_superfish_pricora_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\129_widdit_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\13_CrossriderAppUtils.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\135_arcadi3_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\138_getdeal_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\14_CrossriderUtils.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\141_corticas_ru_m.js.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\142_intext_fa_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\155_ibario_pops_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\159_cortica_rollover_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\17_jQuery.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\170_icm1_5_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\171_arcadi2_sourceID_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\19_CHAppAPIWrapper.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\21_debug.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\22_resources.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\28_initializer.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\4_jquery_1_7_1.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\47_resources_background.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\64_appApiMessage.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\7_hooks.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\72_appApiValidation.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\78_CrossriderInfo.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\80_CHPopupAppAPI.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\87_ginyas_wrapper.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\9_search_engine_hook.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\91_monetizationLoader.js.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\92_superfish_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\93_superfish_no_coupons_m.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\plugins\97_resourceApiWrapper.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\userCode\background.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\extensionData\userCode\extension.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\icons\actions\1.png c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\icons\icon128.png c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\icons\icon16.png c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\icons\icon48.png c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\chrome.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\cookie.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\message.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\pageAction.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\api\pageActionBG.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\background.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\app_api.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\bg_app_api.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\consts.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\cookie_store.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\crossriderAPI.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\delegate.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\events.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\extensionDataStore.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\installer.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\logFile.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\logging.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\onBGDocumentLoad.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\popupResource\newPopup.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\popupResource\popup.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\reports.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\storageWrapper.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\updateManager.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\util.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\lib\xhr.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\js\main.js c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\manifest.json c:\users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.8_0\popup.html c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome.manifest c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\asyncDB.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\background.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\browserAction.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\contextMenu.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\dbManager.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\dom_bg.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\fileManager.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\firefox.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\firefoxNotifications.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\firefoxOmnibox.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\message.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\pageAction.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\request.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\tabs.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\api\webRequest.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\background.html c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\baseObject.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\browser.xul c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\console.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\consts.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\delegate.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\extensionDataStore.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\folderIOWrapper.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\httpObserver.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\IDBWrapper.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\installer.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\logFile.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\prefs.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\progressListenerObserver.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\registry.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\reloadObserver.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\reports.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\requestObject.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\searchSettings.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\uninstallObserver.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\updateManager.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\utils.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\core\xhr.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\dialog.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\main.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\options.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\options.xul c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\chrome\content\search_dialog.xul c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\defaults\preferences\prefs.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\manifest.xml c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins.json c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\1_base.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\101_cortica_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\102_dealply_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\103_intext_5_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\104_jollywallet_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\105_corticas_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\107_coupish_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\108_icm_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\116_ads_only_5_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\117_coupons_intext_ads_5_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\119_similar_web_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\120_luck_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\123_intext_adv_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\125_arcadi2_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\126_revizer_ws_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\127_revizer_p_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\128_superfish_pricora_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\129_widdit_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\13_CrossriderAppUtils.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\135_arcadi3_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\138_getdeal_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\14_CrossriderUtils.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\141_corticas_ru_m.js.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\142_intext_fa_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\155_ibario_pops_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\159_cortica_rollover_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\16_FFAppAPIWrapper.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\17_jQuery.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\170_icm1_5_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\171_arcadi2_sourceID_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\175_coolmirage_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\21_debug.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\22_resources.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\28_initializer.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\4_jquery_1_7_1.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\47_resources_background.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\64_appApiMessage.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\7_hooks.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\72_appApiValidation.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\78_CrossriderInfo.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\87_ginyas_wrapper.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\9_search_engine_hook.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\91_monetizationLoader.js.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\92_superfish_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\93_superfish_no_coupons_m.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\plugins\98_omniCommands.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\userCode\background.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\extensionData\userCode\extension.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\install.rdf c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\locale\en-US\translations.dtd c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button1.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button2.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button3.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button4.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\button5.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\crossrider_statusbar.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\icon128.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\icon16.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\icon24.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\icon48.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\panelarrow-up.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\popup.html c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\skin.css c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com\skin\update.css c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome.manifest c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\asyncDB.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\background.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\browserAction.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\contextMenu.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\dbManager.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\dom_bg.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\fileManager.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\firefox.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\firefoxNotifications.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\firefoxOmnibox.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\message.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\pageAction.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\request.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\tabs.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\api\webRequest.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\background.html c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\baseObject.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\browser.xul c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\console.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\consts.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\delegate.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\extensionDataStore.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\folderIOWrapper.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\httpObserver.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\IDBWrapper.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\installer.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\logFile.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\prefs.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\progressListenerObserver.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\registry.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\reloadObserver.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\reports.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\requestObject.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\searchSettings.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\uninstallObserver.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\updateManager.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\utils.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\core\xhr.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\dialog.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\main.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\options.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\options.xul c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\chrome\content\search_dialog.xul c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\defaults\preferences\prefs.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\manifest.xml c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins.json c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\1_base.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\13_CrossriderAppUtils.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\14_CrossriderUtils.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\16_FFAppAPIWrapper.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\17_jQuery.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\21_debug.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\22_resources.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\28_initializer.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\4_jquery_1_7_1.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\47_resources_background.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\64_appApiMessage.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\72_appApiValidation.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\78_CrossriderInfo.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\plugins\98_omniCommands.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\userCode\background.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\extensionData\userCode\extension.js c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\install.rdf c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\locale\en-US\translations.dtd c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button1.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button2.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button3.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button4.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\button5.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\crossrider_statusbar.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\icon128.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\icon16.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\icon24.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\icon48.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\panelarrow-up.png c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\popup.html c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\skin.css c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com\skin\update.css c:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-09-24 bis 2013-10-24 )))))))))))))))))))))))))))))) . . 2013-10-24 17:43 . 2013-10-24 17:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-10-24 17:43 . 2013-10-24 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-24 16:45 . 2013-10-13 22:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D24D14F1-1494-46D7-93A0-6E9B55EB6FB0}\mpengine.dll 2013-10-24 16:45 . 2013-10-24 16:45 -------- d-----w- c:\programdata\Panda Security 2013-10-24 16:44 . 2013-10-24 16:44 -------- d-----w- c:\program files (x86)\Panda USB Vaccine 2013-10-23 15:53 . 2013-10-23 15:53 -------- d-----w- C:\FRST 2013-10-23 08:44 . 2013-10-13 22:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-10-22 11:18 . 2013-10-22 11:18 0 ----a-w- c:\windows\SysWow64\shoB3D7.tmp 2013-10-21 21:38 . 2013-10-21 21:38 -------- d-----w- c:\program files (x86)\Deluge 2013-10-21 21:37 . 2013-10-22 11:15 -------- d-----w- c:\program files (x86)\SweetIM 2013-10-21 21:36 . 2013-10-21 21:36 -------- d-----w- c:\windows\SysWow64\jmdp 2013-10-21 21:36 . 2013-10-22 11:14 -------- d-----w- c:\windows\SysWow64\ARFC 2013-10-21 21:36 . 2013-07-21 14:13 1656112 ----a-w- c:\windows\system32\dmwu.exe 2013-10-21 21:36 . 2013-07-21 14:10 33792 ----a-w- c:\windows\system32\ImHttpComm.dll 2013-10-21 21:36 . 2013-10-22 11:15 -------- d-----w- c:\windows\SysWow64\WNLT 2013-10-21 21:36 . 2013-10-21 21:36 49872 ----a-w- c:\windows\system32\drivers\zqsyhouh.sys 2013-10-21 21:35 . 2013-10-21 21:35 -------- d-----w- c:\users\Tani\AppData\Local\CS Browser Assistant 2013-10-21 21:35 . 2013-10-22 11:14 -------- d-----w- c:\program files (x86)\CSBrowserHelper 2013-10-21 21:34 . 2013-10-22 11:14 -------- d-----w- c:\users\Tani\AppData\Local\SwvUpdater 2013-10-21 20:23 . 2013-10-21 20:23 -------- d-----w- c:\users\Tani\AppData\Roaming\Malwarebytes 2013-10-21 20:21 . 2013-10-21 20:21 -------- d-----w- c:\programdata\Malwarebytes 2013-10-21 20:21 . 2013-10-21 20:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-21 20:21 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-21 20:19 . 2013-10-22 11:15 -------- d-----w- c:\programdata\Systweak 2013-10-21 20:19 . 2013-10-21 20:19 -------- d-----w- c:\program files (x86)\MyPC Backup 2013-10-21 20:19 . 2012-07-25 10:03 16896 ----a-w- c:\windows\system32\sasnative64.exe 2013-10-21 20:18 . 2013-10-22 11:15 -------- d-----w- c:\users\Tani\AppData\Roaming\Systweak 2013-10-21 20:18 . 2013-07-22 14:07 20312 ----a-w- c:\windows\system32\roboot64.exe 2013-10-21 20:18 . 2013-10-23 09:06 -------- d-----w- c:\program files (x86)\Whilokii 2013-10-21 20:18 . 2013-10-21 20:18 -------- d-----w- c:\users\Tani\AppData\Roaming\0D0S1L2Z1P1B 2013-10-21 20:18 . 2013-10-21 21:55 -------- d-----w- c:\users\Tani\AppData\Roaming\DigitalSite 2013-10-21 20:18 . 2013-10-21 20:18 -------- d-----w- c:\program files (x86)\OpenIt 2013-10-21 20:01 . 2013-10-21 19:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EC171AF-13E3-42D9-8137-DA662C52F35D}\gapaengine.dll 2013-10-21 20:01 . 2013-07-03 04:40 42496 ----a-w- c:\windows\system32\drivers\usbscan.sys 2013-10-21 20:01 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys 2013-10-21 20:01 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys 2013-10-21 20:01 . 2013-09-14 01:10 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-10-21 20:01 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-10-21 20:01 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-10-21 20:00 . 2013-09-08 02:03 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-10-21 19:57 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2013-10-21 19:57 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-21 19:57 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-10-21 19:57 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-10-21 19:55 . 2013-10-22 11:15 -------- d-----w- c:\programdata\BitGuard . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-21 20:39 . 2013-02-01 14:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-21 20:39 . 2013-02-01 14:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-25 23:46 . 2013-02-01 16:41 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-08-29 01:48 . 2013-10-21 20:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{204df522-9a96-4a72-abb0-60f7a216d6d2}] 2013-10-23 09:06 249624 ----a-w- c:\program files (x86)\Whilokii\WhilokiiBHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2013-04-26 12:47 280736 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18706176] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "Intel AT Service signup"="c:\program files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe" [2012-02-15 382976] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152] "FromDocToPDF Search Scope Monitor"="c:\progra~2\FROMDO~2\bar\1.bin\65srchmn.exe" [2013-03-07 42536] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . c:\users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-9-20 1953320] OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x] S2 FromDocToPDF_65Service;FromDocToPDFService;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 Update Whilokii;Update Whilokii;c:\program files (x86)\Whilokii\updateWhilokii.exe;c:\program files (x86)\Whilokii\updateWhilokii.exe [x] S2 Util Whilokii;Util Whilokii;c:\program files (x86)\Whilokii\bin\utilWhilokii.exe;c:\program files (x86)\Whilokii\bin\utilWhilokii.exe [x] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x] S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x] S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x] . . Inhalt des "geplante Tasks" Ordners . 2013-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 20:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2013-04-26 12:47 340640 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-19 11406608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mStart Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: keyword.URL - hxxp://mysearch.sweetpacks.com/?src=2&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511&q= FF - ExtSQL: 2013-10-05 03:05; firefox@whilokii.net; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\firefox@whilokii.net.xpi FF - ExtSQL: 2013-10-21 22:18; {f9d03c26-0575-497e-821d-f7956d23e0ca}; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} FF - ExtSQL: 2013-10-21 23:35; ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\ed105019-0ac5-4666-b537-51b7d0aef96b@b7c6859b-ad30-40be-a166-552cb29db885.com FF - ExtSQL: 2013-10-21 23:35; 0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\0c21469f-1b2b-434e-8395-eb7fe1a87b14@00077634-3094-48fc-b5a4-841bfd29b643.com FF - ExtSQL: 2013-10-21 23:38; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: !HIDDEN! 2013-03-07 22:46; 65ffxtbr@FromDocToPDF_65.com; c:\program files (x86)\FromDocToPDF_65\bar\1.bin FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - c05ff83e000000000000c48508942c04 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15911 FF - user.js: extensions.delta.vrsn - 1.8.22.0 FF - user.js: extensions.delta.vrsni - 1.8.22.0 FF - user.js: extensions.delta.vrsnTs - 1.8.22.012:53 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - de FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=121564&tt=230713_18220&tsp=4954 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk - c:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe -user_logon HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{11111111-1111-1111-1111-110411181196} - c:\program files (x86)\CS Browser Assistant\CS Browser Assistant-bho64.dll BHO-{11111111-1111-1111-1111-110411411152} - c:\program files (x86)\ElectroLyrics-16\ElectroLyrics-16-bho64.dll BHO-{DEDAF650-12B8-48f5-A843-BBA100716106} - c:\program files\Updater By Sweetpacks\Extension64.dll HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-lollipop - c:\users\tani\appdata\local\lollipop\lollipop.bat . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-10-24 19:46:10 ComboFix-quarantined-files.txt 2013-10-24 17:46 . Vor Suchlauf: 11 Verzeichnis(se), 397.207.154.688 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 398.175.801.344 Bytes frei . - - End Of File - - 365BBC14FB85E1A1DAFA5E4868FA196B Geändert von TLau (24.10.2013 um 19:12 Uhr) |
25.10.2013, 10:39 | #6 |
/// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte SD KArte im Explorer öffnen, Screenshot bitte von dem was du siehst. Verknüpfungen kannste du löschen wenn die Ordner wieder gehen.
__________________ --> nur Verknüpfungen auf externer Festplatte und SD-Karte |
25.10.2013, 12:34 | #7 |
| nur Verknüpfungen auf externer Festplatte und SD-Karte Hier der Screenshot: |
26.10.2013, 12:01 | #8 |
/// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte Lässt Du auch versteckte Dateien anzeigen auf der SD KArte?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.10.2013, 09:29 | #9 |
| nur Verknüpfungen auf externer Festplatte und SD-Karte Ja, die Einstellung ist aktiviert. |
27.10.2013, 17:37 | #10 |
/// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte Dann sollten aber die Original-Ordner auch da sein, nicht nur die Verknüpfungen. Was passiert wenn Du die Ordner öffnen willst?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.10.2013, 09:24 | #11 |
| nur Verknüpfungen auf externer Festplatte und SD-Karte Dann zeigt sich dieses Fenster: |
28.10.2013, 13:47 | #12 |
/// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte Rechtsklick/Eigenschaften, welcher Pfad steht in der Verknüpfung?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.10.2013, 08:33 | #13 |
| nur Verknüpfungen auf externer Festplatte und SD-Karte Folgendes: |
29.10.2013, 14:04 | #14 |
/// the machine /// TB-Ausbilder | nur Verknüpfungen auf externer Festplatte und SD-Karte was ist Laufwerk G? MBAM bitte Vollscan aller Laufwerke: Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.10.2013, 22:07 | #15 |
| nur Verknüpfungen auf externer Festplatte und SD-Karte Laufwerk G ist die externe Festplatte, die allerdings zu dem Zeitpunkt gar nicht angeschlossen war. Das Logfile von Malware war leider verschwunden nach dem Neustart, hatte vergessen es zu speichern. Hier die restlichen: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013 Ran by Tani (administrator) on TANI-VAIO on 30-10-2013 22:03:10 Running from C:\Users\Tani\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Sony Corporation) c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe (AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Farbar) C:\Users\Tani\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.) HKLM-x32\...\Run: [Intel AT Service signup] - C:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe [382976 2012-02-15] (Intel Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-03-13] (NVIDIA Corporation) Startup: C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {8EAD5713-1176-441B-854A-0A9AFD637938} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} BHO: CS Browser Assistant - {11111111-1111-1111-1111-110411181196} - C:\Program Files (x86)\CS Browser Assistant\CS Browser Assistant-bho64.dll No File BHO: ElectroLyrics-16 - {11111111-1111-1111-1111-110411411152} - C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-bho64.dll No File BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: firefox - C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\firefox@whilokii.net.xpi FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - c:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [nibgmhfiionbhpeidijmiildfjnbbkic] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation) R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [300360 2012-02-20] (AuthenTec, Inc) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2401632 2012-11-29] (TuneUp Software) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x] ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-30 22:02 - 2013-10-30 22:03 - 01956614 _____ (Farbar) C:\Users\Tani\Downloads\FRST64(1).exe 2013-10-30 22:00 - 2013-10-30 22:01 - 00001827 _____ C:\Users\Tani\Desktop\JRT.txt 2013-10-30 21:54 - 2013-10-30 21:54 - 00000000 ____D C:\Windows\ERUNT 2013-10-30 21:50 - 2013-10-30 21:50 - 01033335 _____ (Thisisu) C:\Users\Tani\Downloads\JRT.exe 2013-10-30 21:47 - 2013-10-30 21:47 - 00025543 _____ C:\Users\Tani\Desktop\AdwCleaner[S0].txt 2013-10-29 21:55 - 2013-10-30 21:45 - 00000000 ____D C:\AdwCleaner 2013-10-27 00:22 - 2013-10-28 09:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-25 08:06 - 2013-10-25 08:06 - 00000000 ____D C:\Users\Tani\Documents\Fax 2013-10-25 06:52 - 2013-10-25 06:52 - 13821642 _____ C:\Users\Tani\Downloads\Articles.zip 2013-10-24 22:19 - 2013-10-24 22:19 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-10-24 21:48 - 2013-10-24 21:48 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE 2013-10-24 21:48 - 2013-10-24 21:48 - 00000000 ____D C:\Program Files\Microsoft Research 2013-10-24 21:27 - 2013-10-24 21:27 - 02534400 _____ C:\Users\Tani\Downloads\ICE-1.4.4-for-64-bit-Windows.msi 2013-10-24 21:25 - 2013-10-24 21:26 - 02270208 _____ C:\Users\Tani\Downloads\ICE-1.4.4-for-32-bit-Windows.msi 2013-10-24 18:46 - 2013-10-24 18:46 - 00094150 _____ C:\ComboFix.txt 2013-10-24 17:50 - 2013-10-24 18:46 - 00000000 ____D C:\Qoobox 2013-10-24 17:50 - 2013-10-24 18:46 - 00000000 ____D C:\ComboFix 2013-10-24 17:50 - 2013-10-24 18:44 - 00000000 ____D C:\Windows\erdnt 2013-10-24 17:50 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-24 17:50 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-24 17:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-24 17:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-24 17:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-24 17:50 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-24 17:50 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-24 17:50 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-24 17:47 - 2013-10-24 17:47 - 05136677 ____R (Swearware) C:\Users\Tani\Downloads\ComboFix.exe 2013-10-24 17:45 - 2013-10-24 17:45 - 00000000 ____D C:\ProgramData\Panda Security 2013-10-24 17:44 - 2013-10-24 17:44 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine 2013-10-24 17:44 - 2013-10-24 17:44 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine 2013-10-24 17:42 - 2013-10-24 17:43 - 00848856 _____ (Panda Security ) C:\Users\Tani\Downloads\USBVaccineSetup.exe 2013-10-23 16:54 - 2013-10-23 16:58 - 00036576 _____ C:\Users\Tani\Downloads\Addition.txt 2013-10-23 16:53 - 2013-10-23 16:53 - 01955374 _____ (Farbar) C:\Users\Tani\Downloads\FRST64.exe 2013-10-23 16:53 - 2013-10-23 16:53 - 00000000 ____D C:\FRST 2013-10-23 16:52 - 2013-10-23 16:52 - 01088127 _____ (Farbar) C:\Users\Tani\Downloads\FRST.exe 2013-10-23 10:15 - 2013-10-23 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-22 02:19 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-22 02:19 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-22 02:19 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-22 02:19 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-22 02:19 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-22 02:19 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-22 02:19 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-22 02:19 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-22 02:19 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-22 02:19 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-22 02:19 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-22 02:19 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-21 22:38 - 2013-10-21 22:38 - 00000000 ____D C:\Program Files (x86)\Deluge 2013-10-21 22:36 - 2013-10-21 22:36 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zqsyhouh.sys 2013-10-21 22:35 - 2013-10-22 12:14 - 00000000 ____D C:\Program Files (x86)\CSBrowserHelper 2013-10-21 22:35 - 2013-10-21 22:35 - 00000000 ____D C:\Users\Tani\AppData\Local\CS Browser Assistant 2013-10-21 22:18 - 2013-10-21 22:18 - 00000089 _____ C:\Users\Tani\AppData\Roaming\WB.CFG 2013-10-21 21:24 - 2013-10-21 21:24 - 01060070 _____ C:\Users\Tani\Downloads\adwcleaner.exe 2013-10-21 21:23 - 2013-10-21 21:23 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Malwarebytes 2013-10-21 21:21 - 2013-10-21 21:21 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-21 21:21 - 2013-10-21 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-21 21:21 - 2013-10-21 21:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-21 21:21 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-21 21:20 - 2013-10-21 21:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tani\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-21 21:19 - 2012-07-25 11:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe 2013-10-21 21:18 - 2013-10-21 21:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\0D0S1L2Z1P1B 2013-10-21 21:04 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-21 21:04 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-21 21:04 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-21 21:04 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-21 21:04 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-21 21:04 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-21 21:04 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-21 21:04 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-21 21:04 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-21 21:04 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-21 21:04 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-21 21:04 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-21 21:04 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-21 21:04 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-21 21:04 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-21 21:04 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-21 21:04 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-10-21 21:04 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-10-21 21:04 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-10-21 21:04 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-10-21 21:04 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-10-21 21:04 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-10-21 21:04 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-10-21 21:04 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-10-21 21:04 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-10-21 21:04 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-10-21 21:04 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-10-21 21:04 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-10-21 21:04 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-21 21:04 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-21 21:04 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-21 21:04 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-21 21:04 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-21 21:04 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-21 21:04 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-21 21:04 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-21 21:04 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-21 21:04 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-21 21:04 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-21 21:04 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-21 21:04 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-21 21:04 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-21 21:04 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-21 21:04 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-21 21:04 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-21 21:04 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-21 21:01 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-21 21:01 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-21 21:01 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-21 21:01 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-21 21:01 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-21 21:01 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-21 21:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-21 20:57 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-21 20:57 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-21 20:57 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-21 20:57 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ==================== One Month Modified Files and Folders ======= 2013-10-30 22:03 - 2013-10-30 22:02 - 01956614 _____ (Farbar) C:\Users\Tani\Downloads\FRST64(1).exe 2013-10-30 22:01 - 2013-10-30 22:00 - 00001827 _____ C:\Users\Tani\Desktop\JRT.txt 2013-10-30 21:54 - 2013-10-30 21:54 - 00000000 ____D C:\Windows\ERUNT 2013-10-30 21:54 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-30 21:54 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-30 21:53 - 2013-02-01 14:29 - 02265486 _____ C:\Windows\system32\perfh007.dat 2013-10-30 21:53 - 2013-02-01 14:29 - 00650556 _____ C:\Windows\system32\perfc007.dat 2013-10-30 21:53 - 2009-07-14 06:13 - 00006484 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-30 21:50 - 2013-10-30 21:50 - 01033335 _____ (Thisisu) C:\Users\Tani\Downloads\JRT.exe 2013-10-30 21:50 - 2013-02-01 14:39 - 01822998 _____ C:\Windows\WindowsUpdate.log 2013-10-30 21:47 - 2013-10-30 21:47 - 00025543 _____ C:\Users\Tani\Desktop\AdwCleaner[S0].txt 2013-10-30 21:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-30 21:46 - 2009-07-14 05:51 - 00069462 _____ C:\Windows\setupact.log 2013-10-30 21:45 - 2013-10-29 21:55 - 00000000 ____D C:\AdwCleaner 2013-10-30 21:45 - 2013-02-01 16:07 - 00000000 ___RD C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-30 21:43 - 2013-02-01 15:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-30 19:08 - 2013-03-05 18:26 - 00000000 ____D C:\Users\Tani\Documents\Scannen 2013-10-30 07:54 - 2013-02-01 16:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-30 07:54 - 2010-11-21 04:47 - 00192408 _____ C:\Windows\PFRO.log 2013-10-30 07:52 - 2013-02-01 19:54 - 00000000 ____D C:\Users\Tani\AppData\Roaming\SoftGrid Client 2013-10-30 07:51 - 2013-02-01 16:24 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Spotify 2013-10-29 21:24 - 2013-08-11 18:32 - 00000000 ____D C:\Users\Tani\Tani 2013-10-29 21:24 - 2013-04-19 18:02 - 00000000 ____D C:\Users\Tani\Desktop\Tani 2013-10-29 21:23 - 2013-02-01 16:04 - 00000000 ____D C:\Users\Tani 2013-10-29 20:51 - 2013-02-01 18:32 - 00000000 ____D C:\Users\Tani\AppData\Local\Spotify 2013-10-29 20:29 - 2013-02-01 17:23 - 00000000 ____D C:\Users\Tani\Desktop\Uni 2013-10-29 11:16 - 2013-02-01 21:30 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Skype 2013-10-28 12:48 - 2013-02-02 09:53 - 00000099 _____ C:\Users\Public\LMDebug.log 2013-10-28 09:19 - 2013-10-27 00:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-25 08:10 - 2013-02-02 08:12 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate 2013-10-25 08:09 - 2013-07-26 12:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-10-25 08:09 - 2013-02-01 16:08 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Adobe 2013-10-25 08:06 - 2013-10-25 08:06 - 00000000 ____D C:\Users\Tani\Documents\Fax 2013-10-25 08:06 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-10-25 06:52 - 2013-10-25 06:52 - 13821642 _____ C:\Users\Tani\Downloads\Articles.zip 2013-10-24 22:21 - 2013-02-13 09:54 - 00000000 ____D C:\Users\Tani\Documents\SelfMV 2013-10-24 22:19 - 2013-10-24 22:19 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-10-24 22:18 - 2013-02-01 14:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-24 22:17 - 2013-02-13 09:36 - 00000000 ____D C:\Users\Tani\AppData\Local\Downloaded Installations 2013-10-24 22:17 - 2013-02-02 08:11 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-10-24 21:48 - 2013-10-24 21:48 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE 2013-10-24 21:48 - 2013-10-24 21:48 - 00000000 ____D C:\Program Files\Microsoft Research 2013-10-24 21:27 - 2013-10-24 21:27 - 02534400 _____ C:\Users\Tani\Downloads\ICE-1.4.4-for-64-bit-Windows.msi 2013-10-24 21:26 - 2013-10-24 21:25 - 02270208 _____ C:\Users\Tani\Downloads\ICE-1.4.4-for-32-bit-Windows.msi 2013-10-24 18:46 - 2013-10-24 18:46 - 00094150 _____ C:\ComboFix.txt 2013-10-24 18:46 - 2013-10-24 17:50 - 00000000 ____D C:\Qoobox 2013-10-24 18:46 - 2013-10-24 17:50 - 00000000 ____D C:\ComboFix 2013-10-24 18:46 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default 2013-10-24 18:44 - 2013-10-24 17:50 - 00000000 ____D C:\Windows\erdnt 2013-10-24 18:44 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2013-10-24 17:47 - 2013-10-24 17:47 - 05136677 ____R (Swearware) C:\Users\Tani\Downloads\ComboFix.exe 2013-10-24 17:45 - 2013-10-24 17:45 - 00000000 ____D C:\ProgramData\Panda Security 2013-10-24 17:44 - 2013-10-24 17:44 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine 2013-10-24 17:44 - 2013-10-24 17:44 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine 2013-10-24 17:43 - 2013-10-24 17:42 - 00848856 _____ (Panda Security ) C:\Users\Tani\Downloads\USBVaccineSetup.exe 2013-10-23 16:58 - 2013-10-23 16:54 - 00036576 _____ C:\Users\Tani\Downloads\Addition.txt 2013-10-23 16:53 - 2013-10-23 16:53 - 01955374 _____ (Farbar) C:\Users\Tani\Downloads\FRST64.exe 2013-10-23 16:53 - 2013-10-23 16:53 - 00000000 ____D C:\FRST 2013-10-23 16:52 - 2013-10-23 16:52 - 01088127 _____ (Farbar) C:\Users\Tani\Downloads\FRST.exe 2013-10-23 10:25 - 2013-02-01 17:24 - 00000000 ____D C:\Users\Tani\AppData\Local\Mozilla 2013-10-23 10:16 - 2013-10-23 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-22 17:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-10-22 12:14 - 2013-10-21 22:35 - 00000000 ____D C:\Program Files (x86)\CSBrowserHelper 2013-10-22 08:41 - 2013-02-01 16:07 - 00000000 ___RD C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-10-22 08:38 - 2013-04-06 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-22 08:38 - 2013-04-06 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-22 08:38 - 2009-07-14 05:45 - 00329608 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-22 02:21 - 2013-02-01 19:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-10-22 02:11 - 2013-08-14 23:47 - 00000000 ____D C:\Windows\system32\MRT 2013-10-22 02:03 - 2013-02-01 16:10 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-22 02:02 - 2013-02-01 16:10 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-22 02:02 - 2013-02-01 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-10-21 22:38 - 2013-10-21 22:38 - 00000000 ____D C:\Program Files (x86)\Deluge 2013-10-21 22:36 - 2013-10-21 22:36 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zqsyhouh.sys 2013-10-21 22:35 - 2013-10-21 22:35 - 00000000 ____D C:\Users\Tani\AppData\Local\CS Browser Assistant 2013-10-21 22:18 - 2013-10-21 22:18 - 00000089 _____ C:\Users\Tani\AppData\Roaming\WB.CFG 2013-10-21 21:39 - 2013-02-01 15:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-21 21:39 - 2013-02-01 15:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-21 21:39 - 2013-02-01 15:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-21 21:24 - 2013-10-21 21:24 - 01060070 _____ C:\Users\Tani\Downloads\adwcleaner.exe 2013-10-21 21:23 - 2013-10-21 21:23 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Malwarebytes 2013-10-21 21:21 - 2013-10-21 21:21 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-21 21:21 - 2013-10-21 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-21 21:21 - 2013-10-21 21:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-21 21:21 - 2013-10-21 21:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tani\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-21 21:18 - 2013-10-21 21:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\0D0S1L2Z1P1B 2013-10-21 21:18 - 2013-02-01 16:24 - 00000000 ____D C:\Users\Tani\AppData\Local\Google Some content of TEMP: ==================== C:\Users\Tani\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-22 12:03 ==================== End Of Log ============================ Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows 7 Home Premium x64 Ran by Tani on 30.10.2013 at 21:54:50,05 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3266562472-1703614650-1015984034-1001\Software\SweetIM Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422182296} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422412252} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422182296} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422412252} ~~~ Files Successfully deleted: [File] "C:\Users\Tani\appdata\locallow\SkwConfig.bin" Successfully deleted: [File] C:\Windows\syswow64\shoB3D7.tmp ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Tani\appdata\local\{385C3627-0A64-4DD9-A0F0-9EFED069501C} Successfully deleted: [Empty Folder] C:\Users\Tani\appdata\local\{544E39AD-6A12-4AA5-BD0B-7291D9BB312E} ~~~ FireFox Emptied folder: C:\Users\Tani\AppData\Roaming\mozilla\firefox\profiles\78qk6azx.default\minidumps [57 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30.10.2013 at 22:00:47,36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 30/10/2013 um 21:45:01 # Updated 20/10/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Tani - TANI-VAIO # Gestartet von : C:\Users\Tani\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : BackupStack Dienst Gelöscht : FromDocToPDF_65Service [#] Dienst Gelöscht : update whilokii [#] Dienst Gelöscht : Util Whilokii ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\BitGuard Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\BrowserDefender Ordner Gelöscht : C:\ProgramData\Systweak Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it! Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro Ordner Gelöscht : C:\Program Files (x86)\Delta Ordner Gelöscht : C:\Program Files (x86)\FromDocToPDF_65 Ordner Gelöscht : C:\Program Files (x86)\myfree codec Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup Ordner Gelöscht : C:\Program Files (x86)\openit Ordner Gelöscht : C:\Program Files (x86)\SweetIM Ordner Gelöscht : C:\Program Files (x86)\Whilokii Ordner Gelöscht : C:\Windows\SysWOW64\ARFC Ordner Gelöscht : C:\Windows\SysWOW64\jmdp Ordner Gelöscht : C:\Windows\SysWOW64\WNLT Ordner Gelöscht : C:\Users\Tani\AppData\Local\FromDocToPDF_65 Ordner Gelöscht : C:\Users\Tani\AppData\Local\SwvUpdater Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\digitalsite Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\65ffxtbr@FromDocToPDF_65.com Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\ffxtlbr@delta.com Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\firefox@whilokii.net Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Datei Gelöscht : C:\Windows\System32\dmwu.exe Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll Datei Gelöscht : C:\Windows\System32\roboot64.exe Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\bprotector_extensions.sqlite Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\bprotector_prefs.js Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\searchplugins\Babylon.xml Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\searchplugins\BrowserDefender.xml Datei Gelöscht : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\user.js Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsUpdate Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}] Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [65ffxtbr@FromDocToPDF_65.com] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin Schlüssel Gelöscht : HKCU\Software\86db8fe234ef14 Schlüssel Gelöscht : HKLM\SOFTWARE\86db8fe234ef14 Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186696} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DEDAF650-12B8-48F5-A843-BBA100716106} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186696} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416652} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEDAF650-12B8-48F5-A843-BBA100716106} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\dsiteproducts Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms Schlüssel Gelöscht : HKCU\Software\lollipop Schlüssel Gelöscht : HKCU\Software\Myfree Codec Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\Whilokii Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FromDocToPDF_65 Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\Delta Schlüssel Gelöscht : HKLM\Software\FromDocToPDF_65 Schlüssel Gelöscht : HKLM\Software\Myfree Codec Schlüssel Gelöscht : HKLM\Software\systweak Schlüssel Gelöscht : HKLM\Software\Whilokii Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It! Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Updater By Sweetpacks Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\wnlt Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9 ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (de) [ Datei : C:\Users\Tani\AppData\Roaming\Mozilla\Firefox\Profiles\78qk6azx.default\prefs.js ] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=C05FC48508942C04&affID=121564&tt=230713_18220&tsp=4954"); Zeile gelöscht : user_pref("browser.search.order.1", "Delta Search"); Zeile gelöscht : user_pref("extensions.aed1050190ac54666b53751b7d0aef96bb7c6859bad3040bea166552cb29db885com41896.41896.thankyou", "hxxp://crossrider.com/thank_you/41896"); Zeile gelöscht : user_pref("extensions.crossrider.bic", "141df1d4a5deee23f35cb88c98d039d7"); Zeile gelöscht : user_pref("extensions.delta.admin", false); Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst"); Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de"); Zeile gelöscht : user_pref("extensions.delta.excTlbr", false); Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true); Zeile gelöscht : user_pref("extensions.delta.id", "c05ff83e000000000000c48508942c04"); Zeile gelöscht : user_pref("extensions.delta.instlDay", "15911"); Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst"); Zeile gelöscht : user_pref("extensions.delta.newTab", false); Zeile gelöscht : user_pref("extensions.delta.prdct", "delta"); Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta"); Zeile gelöscht : user_pref("extensions.delta.rvrt", "false"); Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", ""); Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.22.0"); Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.22.012:53:15"); Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.22.0"); Zeile gelöscht : user_pref("extensions.delta_i.babExt", ""); Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121564&tt=230713_18220&tsp=4954"); Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss"); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=1C72CEF1-D763-4CB9-8BEB-CF22D9117A41&n=77fc6942&p2=^Y6^xdm043^YY^de&si=swissconverter"); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.user.defined", true); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", ""); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013030722"); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm043^YY^de"); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter"); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "1C72CEF1-D763-4CB9-8BEB-CF22D9117A41"); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1383155971667"); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false); Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001"); Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://mysearch.sweetpacks.com/?src=2&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511&q="); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "google.de"); Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10052&did=10723&barid=291310900303675251059446894993889045511"); ************************* AdwCleaner[R0].txt - [26701 octets] - [30/10/2013 08:03:39] AdwCleaner[S0].txt - [25245 octets] - [30/10/2013 21:45:01] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25306 octets] ########## |
Themen zu nur Verknüpfungen auf externer Festplatte und SD-Karte |
$recycle.bin, angeschlossen, dasselbe, daten, externe, externe festplatte, externer, festplatte, gen, geschlossen, neu, nur verknüpfungen, ordner, platte, recycle.bin, recycled, retten, sd-karte, troja, trojaner, verknüpfung, verknüpfungen, warnung, zusätzlich |